We started Vision 2012, our technology summit, with a bang this year. Yesterday, Symantec made two significant mobile authentication announcements: Code Signing (CS) for Android and Certificate Intelligence Center (CIC) for Mobile. To set the stage for extending our solutions to mobile, let’s do a quick recap of the current mobile threat landscape.
With the growing uptake in smartphones and tablets, and their increasing connectivity and capability, there has been a corresponding increase in activity by malicious attackers. Symantec’s 2012 Internet Security Threat Report revealed that mobile vulnerabilities increased by 93 percent in 2011 while at the same time, a rise in threats targeting the Android operating system occurred. The report also showed that 2011 was the first year that mobile malware presented a tangible threat to businesses and consumers. These threats will continue to increase, especially as users increasingly use mobile devices for sensitive transactions such as online shopping and banking.
Enter the newest products to our Authentication portfolio – CS for Android and CIC for Mobile. These new tools play a key role in protecting information in transit and across networks and mobile devices.
Code Signing for Android
For Android developers, the open nature of the Android platform allows for greater freedom and creativity in the building of applications, but can also unfortunately leave the door open to developers with malicious intentions. While baseline security practices have been established, the requirements are burdensome on the developer. For instance, current code signing policies require that each developer manage the key used to sign their original application for 25 years. The developer is responsible for verifying the certificate to authenticate the software code and manage the certificate key.
Recognizing the code signing issues and burdens facing Android developers, Symantec has created a tool that allows developers to securely manage their certificate keys and store their signed applications, all from a single intuitive cloud-based console. For the mobile users, this ensures that the Android app they’re downloading is legitimate and protected from malware threats.
To learn more about Symantec CS for Android visit our product page here and the white paper here. Also, visit this blog next week to hear the latest news from AnDevCon (Android Developers Conference 2012).
Certificate Intelligence Center for Mobile
In September 2011, Symantec announced its Certificate Intelligence Center, a cloud-based service that provides enterprises for the first time ever, to have total visibility and control over their certificates across their networks, enabling them to reduce risk, costs and operational inefficiencies while improving immediate insight and response to certificates usage.
Now available for the iPad, CIC for Mobile is designed to give IT managers access to their certificate inventory data anywhere on the go. With CIC for Mobile, administrators get comprehensive and convenient visibility into SSL certificate usage on their enterprise network environment, regardless of the issuing Certificate Authority (CA). CIC for Mobile also allows IT managers to gain detailed intelligence on their SSL certificate inventory and respond immediately to certificate alerts and other notifications.
For more Vision 2012 news, visit the event webpage for more conference highlights, videos and keynotes from Symantec executives.
Click below to watch an interview with me at Vision 2012 in Las Vegas.