14 DAY TRIAL // Since Android devices became more widely used by companies and individuals alike, we thought it would be a great opportunity to get the insight of an expert on the matter.
Tom Moss, one of the founders of 3LM, a security solutions provider that stands for the Three Laws of Mobility, was kind enough to share his thoughts on the issues that currently threaten us the most.
Softpedia: Before getting to the malicious elements that roam the internet, can you please tell our readers a little bit about yourself?
Tom Moss: I am the co-founder and CEO of 3LM. Before starting 3LM, I was on the Android team at Google, where I led business development and partnerships for Android worldwide.
Softpedia: Many enterprise employees rely on personal mobile devices to perform their everyday tasks but as it turns out, these machines can pose a large threat to a company's security. What is the best way to integrate smartphones and other such gadgets into a business without endangering a firm's security?
Tom Moss: It is important to make sure that the enterprise is utilizing a security and management solution that allows protection of corporate data at all times. Given employee's expectations though, today's enterprises also need to make sure that the security and management solution does not "dumb down" the smartphone by limiting the devices' capabilities or usefulness, either in terms of the end-user's personal usage of the device or in the end-user's ability to fully utilize business related applications and services beyond simply telephony and email. Softpedia: What kind of policies should an organization set in place to make sure their assets remain secure?
Tom Moss: Again, it is critical in today's environment to select a solution that allows enterprise the full protection they need, but also balances that out by doing it in a way that does not overly limit what the user can do with the device. Enterprise mobility has moved far beyond simply telephony and email, and so any solution that an enterprise adopts today should enable end-users to fully utilize the power of the device on all applications and services. This includes device management policies as well as application management policies that are carefully tailored to satisfy both of IT as well as the end-user.
Softpedia: Recent reports show that even though Android malware is on the rise, it's not yet as profitable for cybercriminals as the ones that target Windows operating systems. How soon do you suppose this will change?
Tom Moss: The drivers for this will be the continued growth of the platform, and the correlating growth in the potential revenue for malware developers. The latter will be catalyzed by the upcoming widespread usage of NFC payment solutions, which many analysts expect to grow significantly over the next year. That (NFC), along with the general growth in adoption of the devices, will bring additional attention to the Android platform in 2012.
Softpedia: Which category of Android malware do you believe to be the most dangerous for the everyday user?
Tom Moss: I think we haven't really seen anything yet that has been especially dangerous, as the malware developers are still figuring out how to monetize and how to cause more mayhem given the inherently secure sandboxing nature of the Android operating system. So the big threat is not really anything that has been created so far, but rather things that will be created in the future. Of course, many very smart people are working on making sure this does not come to pass, so the hope is that such threats will be stopped before they can become too widespread.
Softpedia: Not long ago, DroidKungFu upgraded variants have been spotted. How can we identify these applications which are initially harmless looking applications and only later update themselves to malicious pieces of software?
Tom Moss: This is a question that may be better suited to some of the great companies that are investing in better threat detection using heuristics and real world testing of applications. The 3LM approach has been to focus less on detection, and more on making sure that corporate data and communications are secured on a device regardless of what malicious applications may be installed on the device.
Softpedia: Android vulnerabilities are not uncommon. How efficient are security products against the threats that rely on operating system bugs?
Tom Moss: I think the technology for protecting against threats on iOS and Android is getting fairly sophisticated, but this is always a cat and mouse game. Again, for 3LM, while we are partnering with some great companies that are developing cutting edge technology for threat detection, our focus has been on protection of corporate data and communications regardless of what malicious applications may be installed on the device.
Softpedia: Any advice for smartphone owners on how to properly protect their devices?
Tom Moss: Today, 3LM is focused on the enterprise market, and so the simple answer there is for the enterprise to purchase mobile device and application management services from 3LM ;o)
Softpedia: I would like to ask you a bit about your company. Usually, when someone decides to found a company, they do so to fill a hole in the market. What determined you to launch 3LM and what are your future plans?
Tom Moss: 3LM was founded in order to address the needs of enterprises in securing and managing their Android devices, but doing it in such a way that empowers both the enterprise as well as the end-user to take full advantage of the power and promise of this next-generation mobile operating system beyond the tradition model of just telephony and email. This was the market gap that we identified and given our history on the Android team, we are passionate about helping to catalyze Android adoption in the enterprise and government space.