James F. Fox, information security practice lead at Booz Allen Hamilton MENA, discusses the critical issue of mobile security, and what it means for telcos.

1. About Booz Allen Hamilton
Booz Allen Hamilton is a leading provider of management consulting, technology, and
engineering services to US and international governments in defense, security, and civil
markets, and to major corporations, institutions, and not-for-profit organizations. Booz
Allen Hamilton is headquartered in McLean, Virginia, employs more than 23,000 people,
and had revenue of $5.76 billion for the 12 months ended March 31, 2013. (NYSE: BAH)
Ready for what’s next. www.boozallen.com/international
Protecting Mobile
Featured in CommsMEA | Oct 7, 2013
James F. Fox, information security practice lead at Booz Allen Hamilton MENA, discusses
the critical issue of mobile security, and what it means for telcos.
CommsMEA: How important is mobile security for enterprises now?
Mobile represents more and more of the traffic coming into the enterprise. Additionally, there is a proliferation
of mobile devices with many of those devices being owned by the individual and not under the control of the
enterprise. We all have one PC but two, three or even four mobile devices between our phones and tablets. Thus
the amount of traffic and proliferation of devices – which are also entry points for malware—makes mobile the
emerging security threat.
The mobile devices themselves are also less secure than a traditional laptop or workstation. Enterprises use disk
encryption, two-factor authentication and other tools to secure the PCs that hold proprietary data. The availability
of these features on mobile devices is still nascent and the adoption of the available solutions is very, very low.
CommsMEA: What opportunities does this present to telecom operators?
The enterprise needs to account for and manage the mobile devices that they allow to access their assets
regardless of who owns the actual device. They need to ensure that the devices have password protection,
encryption of the data on the device and other “rules” the enterprise demands before they let a device have
access to the enterprise. To accomplish this, there is a burgeoning business in new applications to perform
enterprise-wide mobile device management. Telecom operators can offer services to the enterprise to perform
some or all aspects of mobile device management for their customer.
Additionally, telecom operators can provide subscription access to a higher level of segregated mobile channels
that can reside inside the enterprise network such as the MPLS.
CommsMEA: How can operators tap this opportunity? Do they need to form partnership with
security specialists?
Partnering with a specialist is one path and is often used when launching new service offerings. Many telecom
operators already offer security services for traditional networks such as firewall and other security device
management. Thus over time they can also offer mobile security services independent of a partner.
CommsMEA: What are the main mobile security threats?
That is a tough question. We see two core mobile security threats: The first is loss of devices holding proprietary
information is a huge exposure for the enterprise. The second is allowing a device on the enterprise that is not
secure by either lack of passwords, malware infection, or is simply used by an unauthorised person creates a
direct path to the heart of the enterprise
Summing up, another point to add is that mobile security technology and policies lag traditional networks by as
much as 24 months. This is very concerning given that the mobile device and networks are fast becoming the
desired access point for hackers and data thieves. Therefore the enterprise needs to ensure the changes in
security policies and other security enhancements are propagated across the traditional and mobile networks
concurrently or as close to concurrently as possible.
07.009.13
James F. Fox