
Virtualization and Cloud executives share their predictions for 2014. Read them in this VMblog.com series exclusive.
Contributed article by Satyam Tyagi, mobile security product manager, Zscaler
Mobile Devices Present the Weakest Link in 2014
As 2013 comes to a close, we have
witnessed a number of significant cyber security stories, issues and trends
pushed to the forefront of mainstream media, including attacks on the very
mainstream media itself. Reports of well-organized Advanced Persistent Threats
(APTs) abound from abroad, underscored by dozens of botnets constantly mutating
into new permutations to evade detection. It has become evident that
signature-based anti-virus is not enough to provide proactive protection against
these advanced threats.
Fundamentally, the way we conduct
business continues to radically change; between work PCs, personal PCs,
smartphones and tablets, each employee is accessing corporate assets from as
many as four distinct devices. Coupled with the rise of cloud applications,
enterprise information systems have become increasingly complex and
heterogeneous, making it very difficult to maintain visibility and control of
corporate assets.
In 2014, Zscaler sees these two
major trends - the evolution of advanced threats and the complexity of cloud and
mobile environments - increasingly intersect.
A few short years ago, corporate
users had a corporate PC and perhaps a personal laptop at home. Today, these
same users also have a smart phone and a tablet - all of which connect to
corporate assets - yet 3G wireless and public WiFi connections make it difficult
to gain visibility and control into this traffic.
Mobile malware is still nascent,
focused largely on phishing, adware and fake/cloned apps; however, the impact of
mobile malware is potentially huge because mobile devices are the new weak
point. As enterprises move corporate data to the cloud and its users connect
through mobile devices, there is no traditional security appliance between the
data and the device. Recall that the incursion point for the TJX data breach, in
which 170 million credit card numbers were stolen, was through its wireless
network, where no traditional security appliances existed at the time.
While both Apple and Android devices
sandbox apps, they can still grant apps enough permissions for risky behavior to
occur. As a result, Zscaler expects to see a continued increase in mobile
attacks via email, Web and malicious third-party apps that are a hybrid of
phishing and adware. It is not a question of "if" these attacks could be
leveraged by APTs as an incursion point into the enterprise, but rather a
question of "when?"
##
About the Author
Satyam Tyagi is Principal Product Manager at Zscaler where
he leads the Mobile security Product Management. Prior to Zscaler Satyam was
Director, Strategy & Product Management at Samsung Mobile Enterprise lab. He
joined Samsung mobile enterprise lab at its inception and leads product
management and strategy for Samsung Knox product. And before that, Satyam has
held product management and engineering roles at Juniper Networks, Sipera
Systems and Cisco Systems. He has been responsible for real-time monitoring,
security and communication product lines for smartphones, routers and network
appliances. Satyam holds a Master in Computer Science from University of North
Texas and Bachelors in Computer Science and Engineering from IIT BHU.