As the global mobile market continues its growth, an array of security threats threaten to jeopardise revenues, increase operator costs and leave subscribers feeling exposed. Lorcan Burke thinks there are solutions available …
There are three main areas of security which mobile operators need to consider: subscriber protection, usage control and mobile malware. Subscribers experiencing problems in these areas will inevitably contact their operator’s customer care department, generating both increased costs and a significant loss in revenue while the problem is identified and dealt with.
Protecting subscribers from inappropriate content encompasses everything from preventing users receiving spam and unsolicited messages, to stopping children browsing inappropriate mobile web sites. The initial driver for such protection is nearly always regulatory – either operators complying with regulation that has been put in place, or pre-empting legislation by creating an industry-wide code of conduct as in the UK and the CTIA in the US, or the EU Framework for Safer Mobile Use.
Providing parents, in particular, with the ability to put controls in place helps present operators as being caring and family-friendly. However, the operator has to ensure controls are consistent across all services – portal content, premium SMS, MMS and mobile web access. Customer loyalty increases when parents choose to interact with the operator by defining their child’s needs and control requirements, meaning it provides insight into pre-pay users and increases the retention of subscribers.
Some operators generate revenue directly from these parental services – usually around control over premium rate services or numbers, and anti-bullying. A report conducted by the National Children’s Home (NCH) in 2006 showed that in the UK and Western Europe, the average age for a child to get their first mobile phone is as low as eight. Another recent report, also by the NCH, showed that 16 percent of British children have been bullied via their mobile phone. A device which has been purchased as a means of communication to protect children has become a tool of harassment. Parents will pay a premium for the ability to blacklist individual numbers and block messages from short codes or content providers to prevent such persecution.
Providing parents, in particular, with the ability to put controls in place helps present operators as being caring and family-friendly. However, the operator has to ensure controls are consistent across all services – portal content, premium SMS, MMS and mobile web access. Customer loyalty increases when parents choose to interact with the operator by defining their child’s needs and control requirements, meaning it provides insight into pre-pay users and increases the retention of subscribers.
Some operators generate revenue directly from these parental services – usually around control over premium rate services or numbers, and anti-bullying. A report conducted by the National Children’s Home (NCH) in 2006 showed that in the UK and Western Europe, the average age for a child to get their first mobile phone is as low as eight. Another recent report, also by the NCH, showed that 16 percent of British children have been bullied via their mobile phone. A device which has been purchased as a means of communication to protect children has become a tool of harassment. Parents will pay a premium for the ability to blacklist individual numbers and block messages from short codes or content providers to prevent such persecution.
"Providing parents, in particular, with the ability to put controls in place helps present operators as being caring and family-friendly."
In the corporate world, businesses are starting to recognise that the mobile device – either a smart phone or a laptop with a data card installed – is essentially an extension of an employee’s workplace. Therefore, they need to address the liabilities they have as employers to protect their subscribers and their own data. In order to abide by anti-harassment legislation and acceptable-use policies, corporations must control what is being accessed on mobile devices and to whom it is distributed.
However, it is not simply a case of selling security to a corporation as a bolt-on service. To prove the benefits of security, the focus for an operator should be on providing the ability to control what an employee can and cannot do on a day to day basis as well as offering visibility of what employees use their 3G data cards for. Providing acceptable-use policies (controlling which sites can be visited and how much data can be downloaded) gives businesses a granular level of control and prevents misuse. Looking to the future, operators are likely to sell their services to the enterprise community on the basis that their networks are more secure than the competition.
Finally, as smart phones increase in popularity, attacks that can destroy the handset by disabling it are becoming an increasing threat. And, while incidences are currently low, smarter devices and the adoption of standard internet technologies will leave subscribers increasingly vulnerable to attack. Research by Informa Telecoms and Media last year showed that mobile operators globally are experiencing more mobile malware attacks than ever before, and spending more time and money on recovery from these attacks.
With the mobile phone becoming more of a link between a computing platform and a wallet, there is a commercial driver for making money out of viruses. While mobile viruses are not yet front of mind due to the relatively low growth of the mobile internet and low smart phone penetration, this could become more widespread in the near future.
Importantly, operators need to address the numerous difficulties they face when implementing mobile security. A network is built to have services, such as voice, messaging or data, running independently. For security to be applied successfully, it needs to sit across every one of these bearers.
Also to be considered is the relationship between subscriber privacy and subscriber protection. In some territories, the network operator must have permission from all involved parties before any messages can be filtered, often preventing filtering altogether.
Finally, there is an increasingly broad range of devices trying to access the network, all with different operating systems and protocols. This must be taken into account when selecting appropriate security systems to best protect a network and its subscribers.
Mobile security is a threat and must be addressed. Operators need to protect their existing infrastructure and manage the potential explosion of customer care costs to avoid churn and protect their income. In addition, they must use mobile security to generate new revenues and market these security services to users. If left unchecked, the threats posed to subscriber protection, usage control and mobile malware could prevent the growth of mobile data, mobile advertising and mobile content. That’s the real threat driving mobile security.
However, it is not simply a case of selling security to a corporation as a bolt-on service. To prove the benefits of security, the focus for an operator should be on providing the ability to control what an employee can and cannot do on a day to day basis as well as offering visibility of what employees use their 3G data cards for. Providing acceptable-use policies (controlling which sites can be visited and how much data can be downloaded) gives businesses a granular level of control and prevents misuse. Looking to the future, operators are likely to sell their services to the enterprise community on the basis that their networks are more secure than the competition.
Finally, as smart phones increase in popularity, attacks that can destroy the handset by disabling it are becoming an increasing threat. And, while incidences are currently low, smarter devices and the adoption of standard internet technologies will leave subscribers increasingly vulnerable to attack. Research by Informa Telecoms and Media last year showed that mobile operators globally are experiencing more mobile malware attacks than ever before, and spending more time and money on recovery from these attacks.
With the mobile phone becoming more of a link between a computing platform and a wallet, there is a commercial driver for making money out of viruses. While mobile viruses are not yet front of mind due to the relatively low growth of the mobile internet and low smart phone penetration, this could become more widespread in the near future.
Importantly, operators need to address the numerous difficulties they face when implementing mobile security. A network is built to have services, such as voice, messaging or data, running independently. For security to be applied successfully, it needs to sit across every one of these bearers.
Also to be considered is the relationship between subscriber privacy and subscriber protection. In some territories, the network operator must have permission from all involved parties before any messages can be filtered, often preventing filtering altogether.
Finally, there is an increasingly broad range of devices trying to access the network, all with different operating systems and protocols. This must be taken into account when selecting appropriate security systems to best protect a network and its subscribers.
Mobile security is a threat and must be addressed. Operators need to protect their existing infrastructure and manage the potential explosion of customer care costs to avoid churn and protect their income. In addition, they must use mobile security to generate new revenues and market these security services to users. If left unchecked, the threats posed to subscriber protection, usage control and mobile malware could prevent the growth of mobile data, mobile advertising and mobile content. That’s the real threat driving mobile security.
PROFILE
Lorcan Burke is CEP of AdaptiveMobile, an innovator in the mobile internet security that provides a scalable platform allowing mobile operators to deploy policy based content control, anti-virus, spam-filtering and security management to individuals and enterprise customers.