Mobile devices, whose popularity among business and consumer users has soared, have also become popular targets for a less popular group -- hackers. This month, Symantec Corp. announced a new set of services to help companies deal with the security threats -- the Symantec Mobile Security Assessment Suite.
The suite is a set of services designed to assist enterprises in assessing their -security strategies and policies, and in developing defenses. Clint Sand, senior director of Symantec's Security Business Practice, said in a statement that, while companies know security is a major issue with mobile devices, the changes in operating systems and applications leave IT managers "unclear on how to comprehensively address the security challenges."
Based on Mobile Security Framework
The services in the Mobile Security Assessment Suite, based on the company's Mobile Security Framework, consist of one module for holistic assessment of mobile security, and another focused on the security of mobile apps. The suite was created for Apple, Research In Motion and Android devices.
Symantec's Mobile Security Framework focuses on , intelligence and . Exposure to security threats are examined from the point of view of external attackers, malicious internal users, and employees who may be unaware of security issues.
Symantec's specialists provide a Mobile Security Assessment that evaluates the security risk of mobile devices in a given organization. The assessment focuses on any gaps in programs, policies, and processes, building on the company's security controls and device use cases.
The Assessment of Mobile App Security compares an organization's mobile apps to best practices, and tests in a lab environment simulate real world conditions in order to determine how well the company's defenses can resist attacks and prevent misuse. The assessments result in a written report that includes an executive summary, high-level and detailed findings, a scorecard, and an action plan with steps prioritized.
Michael Garvin, senior principal security analyst at Symantec, said the suite is "a brand new service based on demand," and that it complements much broader security assessment programs that Symantec offers.
The suite of assessment services, he said, "can be delivered annually," which also allows a check on which, if any, recommendations have been implemented. One competitive advantage that Symantec's service has over others, he said, is that it is "backed by a lot of and experience we have from working with Fortune 1000 clients."
Additionally, Garvin said, Symantec is drawing on its experience with how IT departments can secure "bring-your-own devices," part of the consumerization of IT that is taking place in many companies. He added that accommodating those external devices, the "explosion in the use of mobile devices in enterprises," and the different standards employed by different app stores, are among the factors that security-minded companies must continually address.