Taking Measures: Connectivity Security – Part 3
In the previous article of our series on mobile device security we looked at issues related to Access Privileges, including smart card technology, biometric scanning, and Trusted Platform Module (TPM). We explored how each of the approaches further enhance actual device protection as well as ensure the integrity of data residing on the hardware.
In this article we examine aspects of Connectivity Security, which is a key concern of many of our mobile customers. We look specifically at the potential for data breaches once an external network beyond a company’s firewall is accessed by a mobile device. Recent trends such as the transition from Third Generation (3G) to Fourth Generation Long Term Evolution (4G/LTE) pose new security concerns. We’ve seen a number of other threats as well, including lethal DDoS attacks using mobile, due to the increased bandwidth of 4G, unapproved location tracking, and bandwidth theft.
The Transition to 4G/LTE
According to the Cisco Visual Networking Index (VNI), global mobile devices and connections grew to 7.9 billion, up from 7.3 billion in 2014. Moreover, 4G traffic exceeded 3G traffic for the first time in 2015. These offer important indicators of the speed and reliability of 4G networks for handling the growing amounts of data that consumers and businesses generate.
As we worked with our customers throughout the evolution of 1G to 3G, effective security controls were in place. However, with 4G technology, a key security concern relates to reliance on the Internet Protocol (IP) architecture. This open protocol is a fundamental attribute of computing and has been, over time, consistently exploited by hackers. By contrast, 2G and 3G networks were especially designed for voice calls and text, using a combination of IP and mobile signaling protocols, such as Signaling System 7 (SS7). While it’s designed for lower latencies and higher data rates and capacity, 4G/LTE is still considered a self-contained telecommunications protocol with bolt-on protections. We feel it lacks the inherent networking security needed for adequately protecting enterprise businesses.
As such, LTE networks are more easily subject to interference attacks. We’ve noted an increase in ‘man in the middle’ breaches that target the space between connection endpoints, whether it’s two unsuspecting end users, an application and a user, or two machines. Our customers in the financial services industry need to be especially vigilant. For example, consider a finance professional who uploads a spreadsheet or database of sensitive customer data using a mobile device. That information becomes instantly vulnerable once it’s transferred across an unencrypted external network.
In our experience helping customers in other industries, such as remote field service, we’ve found similar risks. For example, when utility technicians or transportation staff are beyond range of their cellular network, they might rely on public WiFi to upload information. Again, the concern is freely exposed data. We think it’s important to be aware that unlike Europe, U.S. data traffic between the core network and the cell sites remains unencrypted. Hackers can access that backload data by physically compromising a site. And as micro-cells increase to meet mobile access demand, the threat of data breaches grows as well.
Further disadvantages of WiFi include chronic interference issues, whether it’s indoors in multi-compartment buildings or outside across varied terrain. Constant WiFi reconnections disrupt business activities and impact productivity. While many of our enterprise mobile clients are well aware of the increase in cybersecurity threats on the internet, they are not as sensitized to the mobile connectivity security risks. Compromised encryption keys and intercepted traffic via faux WiFi hotspots are typical risks our mobile customers can encounter.
Ensuring Mobile Security with VPN
Ultimately, a secure 4G connection is not always a guarantee and often remains beyond end user control. We’ve recommended a number of best practices to our customers to help ensure data integrity, such as installing virus protection/anti-malware and turning off sharing on Bluetooth.
We’ve also found that strong Virtual Private Network (VPN) tools, such as mobile VPN clients, can protect data at rest as well as information that’s being relayed, possibly between private and public clouds. Having in place a VPN product that’s specifically designed for mobile services and cellular networks significantly reduces the inefficient overhead present in traditional, large data-stream VPNs.
Our recommendation? Mobile-specific VPNs that maintain persistent highly secure wireless connections regardless of where end users roam. This alleviates the need for repeated log-ins and avoiding constant application interruptions. In addition, data is secured through VPN encryption, further reinforcing the built-in network security provided by carriers. We’d like to see all our customers take the steps described above as part of a multi-level security practice. This should also include software and hardware encryption, individual session encryption, and persistent connection security.
The Rise of 5G
Currently, 5G standardization is still in the planning stages and widespread deployment is not expected before 2020. In addition to the growth in overall data traffic, a primary reason for the emergence of 5G is greater bandwidth capacity to handle increased business reliance on and the potential capabilities of the Internet of Things (IoT).
The technologies that enable broader business capabilities of IoT include cloud services, sensors, Machine-to-Machine (M2M) communications and, of course, mobility. This includes everything from remote asset management in the field service, oil and gas, and transportation industries to massive data access in the insurance, finance, and healthcare sectors.
We believe that increased capacity to accommodate the range of IoT business developments will likely introduce new threats to mobile security. As IT grapples with these security challenges, it’s critical that the tools and protocols keep pace with the changing threat levels. It’s going to require unique, customized safeguards that truly protect business against newer connectivity-based incursions. Mobile business end users, will likely have substantial roles to play ensuring that their devices and data are adequately protected before accessing online services.
###
Panasonic Toughbook and Toughpad devices are purpose built to meet the environmental, workflow and security needs of enterprise mobility customers. Toughbook and Toughpad mobile computers include various enterprise-level security features enabling its customers to address their data security, access privileges, connectivity security and device security needs. For more information, visit the Panasonic website.