Bolstering a Phone’s Defenses Against Breaches

Lookout’s employees are busy tracking the cybercriminals and aggressive advertisers that target the 45 million people around the globe who have downloaded the company’s free mobile security app. That is Step 1 to a more lucrative goal: protecting the data of big, corporate customers that are allowing employees to use their own mobile devices on corporate networks.

The so-called bring your own device, or B.Y.O.D., trend can lead to trouble. Last year, for example, Jackson North Medical Center in North Miami Beach, Fla., banned personal smartphones after a volunteer used his phone’s camera to take about 1,100 photos of patient records, including their Social Security numbers, and sold them.

Such episodes are not that unusual. Almost half of companies that allow personally owned devices to connect to the corporate network have experienced a data breach, either because of unwitting mistakes by employees or — as was the case at the Florida hospital — intentional wrongdoing, according to a 2012 survey of 400 technology professionals by researchers at Decisive Analytics.

“It’s amazing that at power plants workers are required to wear hard hats and steel-toed shoes, but then you have engineers plugging their mobile devices right into the network,” said Jerry Dixon, the former director of the cyber division at the Department of Homeland Security. “What could possibly go wrong?”

With that risk in mind, Lookout is taking aim at companies and government agencies in much the same way attackers are: it is using its app to slip under the door of enterprises via the hundreds of millions of employees who regularly bring their personal devices to work.

Lookout is among a handful of tech companies trying to capitalize on the B.Y.O.D. phenomenon that people in charge of securing corporate networks say has become their biggest headache. In the past, they could mandate that employees use company-approved BlackBerry smartphones, which came with a tightly controlled network.

But with BlackBerry’s future uncertain — the company was clinging to 2.9 percent of the global smartphone market last quarter, according to the research firm IDC — and consumers clamoring to use their iPhones, iPads and Android-powered devices at work, tech managers have had to consider alternatives and deal with the potential security threats that come with those alternatives.

Twice as many corporate employees use their own iPhones, iPads and Android devices at work than use corporate-approved devices, according to Osterman Research. Even the Internal Revenue Service, one of the slower technology adopters, recently introduced wireless access and is considering letting employees B.Y.O.D.

“The B.Y.O.D. train has left the station, not just for employees but for business partners and vendors who all have access to sensitive data from their devices,” said Craig Shumard, the former chief information security officer at Cigna Corporation, the large health insurer. “BlackBerry was the de facto standard, but now my peers are getting pressured to open it up and allow employees to do their business on any device.”

Most B.Y.O.D. antidotes are geared toward mobile data management. Companies like Good Technology, MobileIron, AirWatch and Citrix’s XenMobile help managers segregate corporate data from personal data on employees’ phones and offer features that help them remotely wipe proprietary information from a device if it gets lost or stolen. Symantec and Intel’s McAfee, the behemoths of the computer security business, have developed similar capabilities by acquiring mobile-focused start-ups.

Lookout approached the problem from a different direction, said Nushin Vaiani, a security analyst at Canalys, a market research company. It used a consumer app to increase the number of devices it can monitor and to gain better brand visibility.

The Lookout app — which backs up data, tells users if other apps are siphoning their information, locates lost or stolen phones and even e-mails users a snapshot of the thief if he fails to guess their passcode — has grown in use by a factor of 200 over the last three years. Today, those tens of millions of devices act as global sensors, feeding all sorts of hairy threats back to Lookout’s Mobile Threat Network, a vast data set on a cloud of servers that tracks and analyzes malicious activity and helps researchers anticipate criminals’ next moves.