Mobile Working Group
Introduction to the Mobile Working Group
Mobile computing is experiencing tremendous growth and adoption, while the devices are gaining significant power and dynamic capabilities. Personally owned mobile devices are increasingly being used to access employers’ systems and cloud-hosted data – both via browser-based and native mobile applications. Clouds of mobile devices are likely to be common. The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.
Working Group Scope and Responsibilities
The working group is chartered to research the following areas:
- Securing application stores and other public entities deploying software to mobile devices
- Analysis of mobile security capabilities and features of key mobile operating systems
- Cloud-based management, provisioning, policy, and data management of mobile devices to achieve security objectives
- Guidelines for the mobile device security framework and mobile cloud architectures
- Scalable authentication from mobile devices to multiple, heterogeneous cloud providers
- Best practices for secure mobile application development and securely enabling existing applications on mobile platforms
- Identification of primary risks related to individually owned devices accessing organizational systems (commonly known as BYOD – Bring Your Own Device)
- Solutions for resolving multiple usage roles related to BYOD, e.g. personal and business use of a common device
Mobile Working Group Leadership
David Lingenfelter is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance and policy development. He is responsible for oversight of all security and compliance aspects of Fiberlink, an IBM company, including physical, application, network and data security. David successfully managed Fiberlink through the FISMA certification process, including proposed FedRAMP controls and helped design Fiberlink’s cloud architecture model.
David is an active member of the Cloud Security Alliance including being a co-chair for their Mobile Working Group and contributor to the development of the CSA Cloud Controls Matrix as well as being active in several other working groups. A noted expert and thought leader in mobile security, David frequently gives presentations on Cloud and Mobile technologies and has presented for ISACA, ISSA, Cloud Security Alliance, InfraGard and GTRA among others. David has also been quoted as a subject matter expert in a number of different publications.
Cesare Garlati is one of the most quoted and sought-after thought leaders in the enterprise mobility space. Former Vice President of Mobile Security at Trend Micro, Cesare currently serves as Co-Chair of the CSA Mobile Working Group – Cloud Security Alliance. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro Software and WaveMarket. Prior to this, he was senior manager of product development at Oracle, where he led the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite.
Cesare holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun.
Mobile Working Group Initiatives
Open Peer Reviews
|Initiative Details||Date Opened|
|October 12, 2015||Contribute now|
Understanding the limited opportunities to secure apps from secure coding practices, third party security add ons, and testing procedures in app stores.
|June 26, 2015||Contribute now|
Understanding the fundamental concepts of authentication in layered mobile computing environments to ensure proper implementation, maintenance, and monitoring of secure mobile devices.
|June 26, 2015||Contribute now|
Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application testing and vetting that helps integrate and introduce quality control and compliance to mobile application development and management.
|May 23, 2015||Contribute now|
It is becoming common for employees to request (demand) the ability to use their personal mobile devices(*) in the course of their work related activities. Allowing them to do so may improve employee productivity, talent retention and business agility but probably runs contrary to existing Corporate/IT policy. A strategy should be chosen to provide the desired level of control, such as a containerization of company data and applications or a full-device, MDM centric approach.
|April 28, 2014||Contribute now|
The security of smart phones and the software being used on them will become increasingly important. The CSA Mobile Working Group is trying to identify and document recommendations to establish guidelines for the mobile device environment.
|April 01, 2013||Contribute now|
Other ways to Connect
Mobile Working Group News
December 02, 2015
White Paper Ready for Peer Review SINGAPORE – December 2, 2015 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Mobile Application Security Testing Working Group released a new white paper that incorporates elements…
September 16, 2015
Oceans of ink have already been spilled extolling Uber’s innovative practices and growing profits, but here’s one aspect getting less attention: How the company’s nearly 100 percent cloud-based business empowers its vast network of mobile workers (the drivers)… Read blog post
June 29, 2015
The Cloud Security Alliance launched the Cloud Security Open API Working Group with the goal to provide guidance for enterprises and cloud service providers on the operation and interoperability of cloud security functions, with a specific goal to protect PII and sensitive data across multiple clouds. Read blog post
May 28, 2015
If you’re among the 60% of organizations that don’t have a disaster recovery plan, or among the 59% that only back up data in one location, here are 5 good reasons to shore up your plan and include the cloud as one of your endpoint backup solutions… Read blog post
March 26, 2015
This proliferation of data that is now moving outside of company networks, down to things like employee-owned smartphones, tablets and laptops can increase the chance of data leaking out and getting into the wrong hands. This is perhaps why BYOD has become a huge pain point for professionals looking to secure mobile devices. Read blog…
November 07, 2013
Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups
CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.
September 24, 2013
Group seeks global input to understand current market maturity and needed processes to manage enterprise mobile technology.
February 12, 2013
CSA is hosting sessions during the week for some of our active working groups. These are free events that will be held outside of the regular conference on Thursday, February 28th.
November 08, 2012
CSA Mobile Working Group report aims to provide industry with mobile security best practices.
October 25, 2012
The CSA Mobile Working Group would like to invite you to review and comment on their Mobile App Store Security Initiative Policy Guideline document that was created by their Initiative 5 sub-group.
October 19, 2012
Review and comment on the Mobile Authentication Document that was created by their Initiative 4 Authentication Sub-group.
October 19, 2012
Review and comment on the Bring Your Own Device (BYOD) Document that was created by their Initiative 3 BYOD Sub-group.
October 16, 2012
This brief 5-10 minute survey is designed to help the Cloud Security Alliance, as well as, enterprises and individual consumers understand the current maturity level of the mobile marketplace.
October 04, 2012
CSA Mobile Working Group today released findings from a new survey that calls out the specific security concerns enterprise executives say are the real and looming threats as it relates to mobile device security in the enterprise environment.
September 20, 2012
CSA Identifies 17 Key Components for Effective Mobile Device Management of BYOD and Company-Owned Devices
The whitepaper is one of six parts to the upcoming, “Security Guidance for Critical Areas of Mobile Computing” report, one of a number of important research items to be presented and discussed at the upcoming annual CSA Congress being held November 7-8 in Orlando.
July 18, 2012
CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.
July 11, 2012
Due to the rapid adoption of mobile computing, and immediate connection to cloud computing, the CSA is creating a “Top Threats to Mobile Computing” report.
July 07, 2012
The peer review site and survey will be open until Friday, July 20th, 2012.
March 20, 2012
To accommodate all time zones, CSA will now be launching a Mobile Working Group kick-off (call 2) after our call 1 was held on March 15th.
February 27, 2012
Cloud Security Alliance (CSA) today announced two significant new initiatives for 2012, addressing growing areas of need in cloud security – mobile computing and innovation.
Mobile Working Group Downloads
Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.
Release Date: November 08, 2012
Mobile Working Group Videos
Release Date: June 18, 2013