Smartphone Security Faces Looming Battle

Last week, McAfee announced it had acquired TenCube, whose WaveSecure application provides data security and device protection to consumer smartphones running most of the major mobile operating systems, (except Apple iOS). It’s the second mobile security acquisition McAfee has made in the last two months. In June, it bought Trust Digital, a provider of enterprise-grade security and management capabilities for smartphones.

McAfee isn’t the only vendor making moves in smartphone security. Awareness Technologies recently announced it bought LegiTime Technology, a provider of smartphone authentication and management solutions, which it will leverage to extend its data loss prevention and device recovery capabilities to mobile devices. Juniper Networks earlier this month acquired SMobile Systems, a provider or security solutions for smartphones and tablets, to extend the mobile security capabilities of its Junos Pulse software platform. And last month, Symantec released a beta of Norton Smartphone Security for Android, an app for remote device lockout, anti-malware protection and call blocking.

Growing importance of smartphones

These acquisitions are nothing less than a reflection of the growing importance of smartphones in the computing universe. Security vendors have been providing various forms of security applications for mobile phones and smartphones for the better part of the last decade. Many phones use RSA encryption for authentication. Symantec, McAfee, Trend Micro and Kaspersky have long offered anti-virus and malware apps for mobile phones and PDAs.

While most of the big antivirus vendors tout security solutions for smartphones, few have solutions that cover all the available platforms (Android, Windows Mobile, iOS, Symbian). But as device manufacturers continue to add processing power and storage capacity, and platform vendors provide more applications for generating and consuming data, the greater the security threat to these devices will become.

And that’s the bet that nearly all of the major and minor security companies are making regarding smartphones. Unlike the lineage of threats to personal computers that only had to contend with a slow boil of viruses until advanced threats were developed, the security vendors are correctly predicting that the absence of broad sets of malware targeting smartphones means that they’ll be subject to more sophisticated attacks.

Device location

Interestingly, the Symantec and McAfee strategies seem to include device location and notification features. If a smartphone is lost or stolen, the user (systems administrator or service provider) can locate, lock down and wipe the data from the device. In the case of the WaveSecure application McAfee is gaining, the user can send a message to the smartphone to give the possessor instructions on how to return the device. We’ve seen applications like this in the past for laptops that act like LoJack. But none of those solutions really took off because laptops are commodity devices that are easily converted for use by thieves or finders.

What’s hiding in the background of this race for smartphone security is the convergence of two different channels. The enterprise network and security channel is going to collide with the mobility and telecom channel, which is rapidly pushing toward the conventional IP-driven technology marketplace. Given that provisioning and management tools reside on networks, phone resellers and solution providers are looking at their data networking cousins with green eyes. And, of course, both channels will have to contend with vendors wanting to sell software and deliver cloud-based services directly to businesses and consumers.

It will be interesting watching how the looming war for smartphone security plays out, since it will require new thinking, business models and training on the network and mobility channels’ part to succeed.