What in your view are the top wireless mobile security challenges for the service providers?
As we are ushering users deep into 3G and 4G, a few things are happening
1.    Rapid developments of new, heterogeneous and more capable technologies that are coming to the market.
2.    The volume of all kinds of on-line traffic is shooting up due to the available bandwidth of the medium – voice, data, plethora of applications – from entertainment, social network to commercial and critical enterprise apps.
3.    The computing power & ‘smartness’ of the devices and their applications at the end devices are following Moore’s Law.
In this background, the security challenges are threefold:
a.    Privacy or confidentiality of data and information: because of the heterogeneous ecosystems of Mobile operators, ISPs, application vendors and smarter mobile devices, it will be a challenge to ensure privacy of the information flowing around us.
b.    End-to-end security against increasing capabilities of the cyber criminals to launch devastating attacks of various forms and depths: The variety and abilities to cause damage are enormous – DOS, DDOS, Malwares, Trojans etc., With increased level of on-line connectivity to corporate and social networks, online mobile commerce with the multi-tasking mobile devices, the personal and official domains are merging and hence this makes the new generation of mobile world a juicy target for cyber criminals.
c.    The regulatory compliance to curb cyber terrorism and criminal activities: It is a challenge for the service providers to ensure consistent level of compliance since the ecosystem as earlier said comprises heterogeneous and multiple stakeholders.

How are you tackling these challenges in your organization?
Security has always been at the core of our design basis. We also recognize the fact that people and process are very important pillars to ensure security, apart from technology.
We believe that in today’s continuously changing threat landscape, we need to have a ‘layered approach’ in security or what we call ‘defense in depth’. So, we have balanced focus across technology, processes and most importantly, we continuously spread awareness among our customers and users.
We are putting in place best practices and the capability to pro-actively diagnose and stop these intrusions or attacks or criminal activities, OR, in case of ‘zero day attacks’, restrict or mitigate the damage to the minimal.

There is increasing talk of 'open' devices, 'open' applications and 'open' networks? What is your view on this? How are these devices, applications, networks evolving and affecting your business?
The demand for open devices and open application is bound to grow in the near future. More and more corporates will provide value-added services through such technologies. There is impact the way applications are developed, security architectures are built, inter-operability is tested. Network neutrality, scalability, bandwidth utilization, uniform customer experience will be important factors for consideration. Ubiquity of devices and remote accesses to network will pose challenges in authentication mechanisms.
A plethora of these open devices come from various manufacturers and every platform has its strengths and weaknesses. There are third party mobile device management platforms to manage different devices. So, it will always be a challenge to ensure consistent security environment across these devices, which in turn becomes a challenge for the service providers. With the proliferation of mobile networks to the remotest corners it is not practical to restrict customers’ choice to a specific or closed set of devices.

On your list of priorities, where would you rank mobile security?
Since we are an ISP and Mobile Operator both, it is extremely important for us to ensure that our customers are safe and secure when they use our services, from entertainment, virtual reality, or mobile banking to enterprise apps or video conferencing. We always endeavour to provide a consistent quality of service (QoS) and security of data or information or experience. As we embrace cloud computing and the era of virtualization, mobile security is definitely one of our topmost priorities.

Would you expect that individual users will increasingly be forced to take measures with their smartphones similar to computers, such as using antivirus software, for instance?
Considering the sheer size of the market and diversity of devices and environment, it is difficult to force users to take measures on a regular basis.
Hence, the onus would be on the manufacturers, service providers, ISPs and the application providers to come together and ensure that they do their bit to secure the total experience. Whether it is mobile policy, automated patching of vulnerability, encryption, remote wiping facility or authentication mechanism etc.
Also, as we said earlier, all the measures will fail if the end user is oblivious to the threats that his habits of handling these intelligent devices may cause. Hence, it is paramount that the user awareness programmes are conducted regularly at various levels, right from the governmental agencies to each of the ecosystem partners to make the users aware of the threats, symptoms and measures that they should take to avoid such pitfalls and becoming easy victims of frauds.
Today the popularity, usage and availability of devices or applications may not be very high and hence we may not notice or report significant cyber crime activities on these devices. But the growth curve is going up very furiously and it is bound to hit us if we do not start awareness programmes from now.

How can service providers help ensure that their customers get the most out of their devices, applications and services without falling prey to malicious attacks?
There are several facets in the entire chain namely, Device Security, Content Security, Device Management, Identity & Access, Policies, Processes and user awareness.
As explained earlier, everyone in the ecosystem needs to come together and ensure that they follow secure practices and standards so that the products and services are secure. Mechanisms need to be in place at various layers of the OSI framework to make the data and information secure whether they are at rest or in motion. Standards like ISO 27001, FIPS-140-2 Certifications to be enforced to ensure consistency and assurance across. User awareness should be spread out through direct or indirect campaigns, through websites, seminars, banks, enterprises so that the common users know about the various ploys adopted by cyber criminals for malicious activities and frauds, what do they do when device gets lost, where do they go, how to check whether their devices are secure or not. Even the police force need to be educated, adequately equipped cyber-crime cells should be made available in every police station so that issue can be addressed and resolved. Then only, the users will feel confident about mobile security and usage will increase and envelope every aspects of our daily lives.