December 5th, 2010 
admin Industry codes such as PCI DSS – which governs the credit card industry – and laws like the Sarbanes Oxley Act are likely to include specific provisions covering smartphones, according to Jason Pearce, director sales engineering, Asia Pacific for IT security company, M86.
Pearce told iTWire that the security built into smartphone operating systems was woefully inadequate, making it very difficult for third party software developers to provide security features, and he believed this situation would only change when relevant regulations included specific provision for smartphone security. “There are no really good countermeasures for those devices. Because of the way smartphone operating systems have been written it is very difficult for security vendors to create software for those devices,” Pearce said. Pearce predicted that the situation would likely change only when vendors are forced to make their products more secure. “There needs to be some changes to the requirements for regulatory compliance in things like PCI and Sarbanes Oxley to protect smartphones. That would force vendors to think seriously about how they can lock down those devices.” Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is mandatory for organisations that accept payments by credit card. For example, Pearce said that at present, in PCI, there was no requirement for smartphones to be included when an organisation is assessed for PCI compliance. “Smartphones are not something that gets covered in security assessments. I am a PCI certified auditor and if I conduct into audit on a company I don’t look at smartphones at all. All I look at is servers, desktops etc.” Pearce said the first step on the road towards coverage of smartphones by PCI DSS, other industry codes and legislation, had already been taken. “The growing concern over the use of smartphones for business has prompted the professional body Information Systems Audit and Control Association (ISACA) to produce guidance for organisations to help them manage smartphone information security risks.” And he predicted: “This will lead to adoption of smartphone policy/enforcement into regulatory legislation such as PCI, HIPAA and Sarbanes Oxley moving forward.” HIPAA is the US Health Insurance Portability and Accountability Act. Its primary purpose is to protect health insurance coverage for US workers and their families when workers change or lose their jobs. However it also contains provisions covering the security and privacy of health data. CONTINUED
Pearce singled out the iPhone as the least secure smartphone OS, citing an online survey of 257 security professionals in February 2010. 57 percent believe that the iPhone carried the greatest security risk. For Android, BlackBerry and Nokia (Symbian) the figures were 39, 28 and 13 percent respectively. “The general consensus is that Apple continues to do only the absolute minimum to address enterprise security and supportability requirements,” Pearce said. “There have been no new enterprise iPhone security features from Apple since the summer of 2009 when they introduced their new hardware level encryption, which was almost immediately bypassed. This is not the kind of behaviour security professionals want to see in vendors of important business tools like smartphones.” Pearce also echoed a recent prediction by Gartner distinguished analyst Nick Jones that there will be a major high profile breach of corporate security via smartphone that will shake up the industry. “Once there has been a major data breach of a major corporation that can be proven to have occurred through a compromised phone, people will start to wake up, Pearce said. In a recent blog posting , Jones predicted “a mobile data-loss event which cases a huge security panic…and…there will be a backlash. People like your CEO who led the demands for more device choice and freedom will probably be the first to beat down your door to demand more audits and controls.”
View full post on All Stories
- Used Cars Near Quincy Massachusetts
- Aston Martin to sell 100 units by next year end in India
- China will keep lid on housing prices
- Extend Health Adds Harvard Pilgrim to Its Private Medicare Health Insurance Exchange as the 67th Carrier
- Employer-based insurance, funding to states among future implementation issues
- Ex-NJ cop admits torching car for insurance money
- Injury Claims ‘Add £40 A Year To Car Insurance’
- States turn up heat on mortgage lenders
- Recipients of USGBC’s Affordable Green Neighborhoods Grant Program Announced at Greenbuild
- Cheap Bad Credit Loans: Retrieving your Normal Financial Condition
Posted in Uncategorized 
Tags: