Whether you’re running a Fortune 500 company or a small business, managing financial transactions or treating patients, your mobile device is what you use to operationalize your life. The power is not just the mobile device itself, but also the mobile communications that the device enables.
There are millions of applications available to users across the myriad of “app stores” that exist for our devices. No matter how clever these applications, it still bears reiterating that the most important “killer app” on any smartphone remains interpersonal communications via phone calls and messaging.
Phone call, a killer application? Think about it. Phone calls are used for all types of conversations, including those too sensitive to put into writing. Most people assume that their calls are fleeting, and other than a time stamp, do not have a record. But any communication, whether data-driven or voice-based, is high in value to the adversaries who should not have access to it.
Jeremy Kroll, CEO of K2 Intelligence, puts it best: “The risks are quite high, as attacks in which cell phone calls are listened to and text messages are intercepted come from many sources, including competitive business espionage, organized crime and nation states around the world. While mobile communication exploits are amongst the fastest growing attacks, historically they are amongst the least defended.”
Too many private sector corporations still take a very “it couldn’t happen to me” approach to considering mobile security for their voice and messaging communications. The organizations that do recognize the risks and have tried to instill better approaches to protect their sensitive communications are caught in a cycle of frustration – and often still haven’t figured out basic mobile data security.
For basic mobile security policies, popular approaches include banning personal devices from a corporate network, or requiring the use of corporate devices that are controlled through mobile data management, or MDM. Both have a low probability of enforcement, and both of these approaches only instill a modicum of real mobile security, and do nothing to secure voice or messaging communications. Corporations are beginning to acknowledge that people will always use the device that is most convenient, i.e., their personal device, regardless of the corporate policies put into place. Enforcing corporate devices as the only approved mobile channel for business communications almost always fails.
The key to effectively securing mobile communications is enabling personal devices for these types of communications, and seamlessly securing those devices. To ensure consistent protection, making a secure call or sending an encrypted message needs to be as simple as picking up the phone.
For instance, Samsung KNOX provides a secure workspace within a mobile phone, and KoolSpan’s TrustCall for Android is supported within the workspace providing secure mobile voice and messaging communications. This type of integration means that private and public sector organizations can achieve both security and simplicity seamlessly.
At the end of the day, human beings almost always choose convenience over security, and it goes without saying that people will continue to speak and send messages about sensitive matters on their personal smartphones regardless of policies that are put into place.
In 20 years of security, one truism I can share is that, “security is only as good as it is easy to use.” This is especially true when protecting communications, as people routinely pick up their phones without much thought. They do it with the same instinctual approach that they use to pick up a glass of water when they are thirsty. The only guaranteed successful approach to mobile communication security is making it as simple as smartphone use itself.