Actu
Cloud Security Alliance Identifies 17 Key Components for Effective Mobile
September 2012 by Marc Jacob
The Cloud Security Alliance (CSA) Mobile Working Group released Mobile Device Management: Key Components, V1.0, a research report identifying 17 key elements that are critical for organizations to consider for the full lifecycle security management of mobile devices. The whitepaper is one of six parts to the upcoming, "Security Guidance for Critical Areas of Mobile Computing" report, one of a number of important research items to be presented and discussed at the upcoming annual CSA Congress being held November 7-8 in Orlando.
With the growth in the number of applications, content and data being accessed through a variety of devices, mobile device management (MDM) has to extend beyond device management alone. As IT departments are now fully responsible for company-owned devices, organization must look to adopt policies and practices to prevent any compromise in security. Most important, the report cites, is for organizations to include a system-centric functionality to secure and manage data and applications, as well as information-centric functionality such as the delivery of the enterprise application store or content library.
While every company will have a different tolerance for risk and will adopt mobile technology in different ways, there are several fundamental components of MDM that have to be considered and incorporated into policy and practice. With each component falling into one of three major categories: software and hardware, inventory and security, the report provides implementation best practices as well as potentials risks along with a ‘Must Have’ or ‘Optional” rating to help organizations better prioritize their security efforts.
Key components to MDM identified include:
· Policy
· Risk Management
· Device Diversity/Degree of Freedom
· Configuration Management
· Software Distribution
· Enterprise AppStore
· Content Library
· Procurement
· Provisioning
· Device Policy Compliance and Enforcement
· Enterprise Activation/Deactivation
· Enterprise Asset Disposition
· Process Automation
· User Activity Logging/Workplace Monitoring
· Security Settings
· Selective Wipe/Remote Wipe/Lock
· Identity Management/Authentication/Encryption
The CSA Mobile Working Group is responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point. The Security Guidance for Critical Areas of Mobile Computing from the CSA Mobile Working Group due out this fall intends to provide information on various components of mobile computing including BYOD, authentication, top threats, and more. The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit https://cloudsecurityalliance.org/research/mobile/
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.
