With a veritable plethora of devices due for release in the coming months, enterprises and individual users can choose between a wide range of features, capabilities, looks and “feels.” Where to begin?
I suggest starting with one of the most important considerations: the operating systems (OS) of the devices, and the security options available in each.
If you or your organization are planning to purchase a smartphone or PDA, you should – of course – compare the functionality, usability and security offered by the mobile platforms dominating industry, including Windows Mobile, Symbian, RIM Blackberry, Linux, and Palm.
The following is a summary of the features found in the major mobile platforms available today. While each offers some type of security, no one OS delivers a complete security solution.
A recent survey by Bluefire Security Technologies revealed a growing demand for more comprehensive mobile device security: over 78% of survey respondents stated they would purchase more handhelds if a security software package was included.
Enterprises and individuals are encouraged to conduct additional research and look closely at each OS, in addition to the device, before making a decision to buy one (or one thousand), and to consider additional third-party security software as needed.
Microsoft Windows Mobile 5.0
- Overview:Offers functions and applications familiar to users of Microsoft desktop OS, and provides tighter linkages to Microsoft’s Exchange Server 2003, including push e-mail, security features, and other capabilities to allow mobile workers to stay in contact with colleagues and customers as they work remotely. Microsoft has captured key brand-names with Dell, HP, Motorola, Samsung, and HTC all supporting its OS; the latest devices offer enhanced voice and e-mail functionality, complete with thumb-based keypads.
- Key Security Features: Microsoft offers several security options competitive with the other mobile platforms on the market today. Windows Mobile includes support for local encryption of files, secure encrypted communication, password/certificate support, and certifying or signing applications.
- Overview:Led by device manufacturers Nokia and Sony Ericsson, Symbian is used on more phones and smartphones globally than any other mobile OS. Symbian’s strengths include its longevity, widespread use, and maturity as an operating system. With its most recent release, Symbian 9, increased emphasis has been placed on improved e-mail functionality, enhanced capabilities to assist third-party developers, and additional security functions.
- Key Security Features:As a maker of software used principally on handsets, Symbian approached security from a different perspective, much more concerned about the OS on the phone coming under attack from malicious code or viruses. Symbian therefore focused its efforts on developing capabilities to protect the OS through data caging, requiring signatures for trusted applications, and other means. Today, Symbian has also begun offering support for secure encrypted communications.
- Overview:Research In Motion’s mobile solution had an early advantage with its easy-to-use e-mail functionality for the BlackBerry, including the Qwerty keyboard, thumbwheel, escape button, and battery life. BlackBerry handhelds continue to focus on mobile e-mail and data access capabilities, staying wildly popular in the business world, while competitive operating systems offer greater multimedia capabilities; enabling users to answer e-mails and then relax while playing their favorite songs or watching video clips.
- Key Security Features:RIM pioneered the notion of a dedicated wireless e-mail device. In order to sell into its target customer base – largely the financial and legal sectors – RIM had to provide security for e-mail when it was in transit over the air and when “at rest” on the device. To date, RIM has not evolved its security model much beyond this level.
- Overview: Although it has lost market share to competitors, the Palm OS is still used in the most popular smartphone in the U.S., Palm, Inc.’s Treo series. There are questions about Palm’s long-term prospects, however.
Even prior to Tokyo-based company Access’ recent purchase of PalmSource (developer of the Palm platform), the company stated that all of its new research and development would be focused on a Linux version of the Palm platform. Since PalmSource’s acquisition, its move to Linux has only accelerated.
At the same time, Palm announced an agreement with long-term rival Microsoft to release a Windows Mobile version of the Treo smartphone. Consequently, it is unclear whether the Palm OS, in its current form, will still exist within a few years.
- Key Security Features:Palm offers support for local file encryption and secure encrypted communications.
- Overview: Linux offers significant flexibility without allegiance to any specific OEM or carrier, although Motorola has shown an affinity for the OS. The new Motorola A780 is Linux-based and gives users the luxury of an effortless switch from PDA to phone while also being compatible with Microsoft’s Exchange Server Activesync software.
While the jury is still out on whether Linux will become a strong player in the mobile OS space, it is expected to be a long-term player whose offering could mature into a feature-rich OS with significant market share.
- Key Security Features:While the Linux kernel (v2.6) that is the core of Montavista’s latest release offers several security features for filtering network traffic and controlling access, Monatavista has principally focused on secure encrypted communication with support for IPSec which allows for encrypted traffic tunnels. Additional security features may emerge with subsequent offerings.
Moving forward, effective market positioning will be key to the success of all these operating systems. RIM pioneered push e-mail, focused on financial service companies and government workers, and took an early lead among enterprises. Microsoft’s Windows Mobile is focused on the enterprise and business markets, leveraging its position with users of its desktop and server-based products.
Symbian – more accurately Nokia – is responding to competitors. Nokia’s inclusion of features such as multiple e-mail clients which allow for connections to virtually any e-mail system deployed, device management, and security features on smartphones clearly signals their plans to target the enterprise.
While the major OSs continue to add security features, each company appears to address security from only one angle, or simply reacts to a competitor’s perspective on security. For example, in the case of RIM, wireless e-mail is secure but there is little or no provision for securely surfing the Internet.
Although some mobile OS companies have taken steps to defend the OS from outside attacks, no company has included anti-virus or firewall capabilities with its OS software to date. For a fully integrated mobile security solution, individual users and enterprises cannot – yet – rely on the mobile OS and device manufacturers to provide a comprehensive package.
In response, a number of vendors on the market seek to provide an integrated security solution for mobile devices that provides the same level of security we have all come to expect on notebooks and desktops.
A complete mobile security solution should include:
- A firewall to secure the device from attacks and malicious code.
- A VPN to allow flexible means to ensure secure communications for any wireless data traffic.
- An authentication mechanism to ensure that unauthorized persons are not accessing the device if it is lost or stolen.
- Data encryption on the device to ensure that information is not stolen, either physically or electronically.
- Anti-virus software to protect the device from viruses and malware.
As you shop the next generation of devices, remember that security, in addition to functionality, should be a top priority. Mobile operating systems today offer, at best, one or two security features but fall short of providing a comprehensive mobile security solution. Do your research, ask the tough questions, and think about your specific security needs, lest the devices leave you with more headaches than problems solved.