Enterprise Mobile Device Security: Spam Reduction Strategies - dummies

Enterprise Mobile Device Security: Spam Reduction Strategies

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Developing a response to the age-old malware nuisance, spam, is another vector to enterprise mobile device security management. Reduction of this age-old form of malware can take several forms.

Service provider assistance

The bulk of antispam solutions are provided by the hosting entity (e-mail, service provider, content provider, and so on), and the reason is simple: Identifying and stopping spam before it gets to the device is the most efficient way to counter this threat.

In addition, you can identify spammers by utilizing a large aggregation of information — whether in the form of e-mail or messaging — at point-of-service provisioning. Then you can constantly update and hone this database to make the blacklist more effective. Real-time protection can only be achieved by service providers who have the data, computational resources, and means to adopt this approach.

Choosing an antispam solution

A plethora of device-based solutions abound that claim to stop spam in its tracks. While this claim may be more marketing-speak, it’s clear that to protect your users effectively against all the various spam threats, your solution needs a device-based component for spam protection. Although such a component should not be the only antispam solution used in your enterprise, it’s important to include in your tool chest.

As we’ve seen with on-device firewall and antivirus solutions, the choice of a particular antispam vendor is based on a number of factors, but be sure to keep these particular points in mind:

  • Which devices the product supports

  • Whether the product works with existing antispam solutions in your enterprise

  • Whether you can get enterprise-wide policy support for the solution

  • Whether a cloud-based antispam solution is available and works with the on-device component

Human nature being what it is, be prepared for a small portion of your users to fall prey constantly to spammers. If antispam protection is one of your responsibilities, have a well-thought-out remedial action ready to take and a well-articulated recovery procedure in place. It’s time well spent.

Global operator initiative to combat spam

With the widespread advent of mobile spam, the GSMA (GSM association) — the largest mobile consortium of its kind with nearly 800 members — has taken matters into its own hands. It has also kick-started an initiative called GSM spam reporting service whereby users who receive spam can forward those messages to a standardized number (it’s currently proposed as #7726, which spells SPAM on the handset).

This is a great way to build a database of blacklists for the spam operators and eventually build an in-network spam-blocking solution. Information about spammers will also be shared among participating members, who will receive correlated reports with data on misuse and threat to their networks.

A successful trial of this service concluded in December 2010, and the service is now available to operators worldwide to join. Customers can report spam they encounter and help build a robust and growing database that can be used by all operators worldwide to stop the advent of this nuisance.