Today, most office workers carry mobile phones into work. Much of the time, the devices are more advanced smartphones, such as Android-based phones, Blackberry devices, or Apple iPhones. The employees almost never consider the security implications of bringing connected devices behind a company’s firewall. Yet the trend has not escaped the notice of chief security officers and information-technology administrators. Smartphones are becoming prolific within enterprises, but the security teams do not really have a handle on how to secure the devices, said the CEO of Lookout, a mobile security firm. “They have spent a vast amount of resources in terms of dollars and time to defend their corporate networks and the traditional network security perimeter, but the mobile device â?¦ has trusted access to the very critical data at the soft and chewy center of the company,” he said. “It’s almost a Trojan horse into the enterprise itself.” In other words, insider attacks may come not from a malicious employee, but from an ignorant employee bringing a compromised device into the workplace. The conclusion is not a surprise: Over the past year, security researchers and attacker have increasingly focused on smartphones and other mobile platforms. The attention highlighted a bevy of potential attack scenarios, including information leakage and outright control of the personal devices.

Tweet your comments to Security Magazine at