Mobile Working Group

Fill out the form below to view this webinar!

Introduction to the Mobile Working Group

Mobile computing is experiencing tremendous growth and adoption, while the devices are gaining significant power and dynamic capabilities. Personally owned mobile devices are increasingly being used to access employers’ systems and cloud-hosted data – both via browser-based and native mobile applications. Clouds of mobile devices are likely to be common. The CSA Mobile working group will be responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point.

Working Group Scope and Responsibilities

The working group is chartered to research the following areas:

  • Securing application stores and other public entities deploying software to mobile devices
  • Analysis of mobile security capabilities and features of key mobile operating systems
  • Cloud-based management, provisioning, policy, and data management of mobile devices to achieve security objectives
  • Guidelines for the mobile device security framework and mobile cloud architectures
  • Scalable authentication from mobile devices to multiple, heterogeneous cloud providers
  • Best practices for secure mobile application development and securely enabling existing applications on mobile platforms
  • Identification of primary risks related to individually owned devices accessing organizational systems (commonly known as BYOD – Bring Your Own Device)
  • Solutions for resolving multiple usage roles related to BYOD, e.g. personal and business use of a common device

Mobile Working Group Leadership

Mobile Co-chairs

David Lingenfelter

David Lingenfelter

David is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance, and policy development. Throughout his career David has performed risk and vulnerability assessments along with making recommendations on network and system design improvements. David’s career has spanned from traditional hardware based security architectures to cloud technologies and virtual environments.

Currently in charge of security and compliance for MaaS360 by IBM, David has managed projects to get Fiberlink SAS70-Type2 and more recently SOC2 Type II. David also recently led Fiberlink through audits to receive Federal Information Security Management Act (FISMA) authorization from GSA for Fiberlink’s MaaS360 Cloud Service offering. David also lead MaaS360 through the FedRAMP JAB ATO process, becoming the first mobile SaaS companies to be certified under FedRAMP. Fiberlink’s customers range from the SME space to Fortune 500 and Federal customers. David has helped ensure that MaaS360 meets the different requirements from these different types of customers including PCI, HIPAA, SoX, and NIST.

David helped design MaaS360’s cloud architecture model, and is an active member of the Cloud Security Alliance including being a co-chair for their Mobile Working Group and contributor to the development of the CSA Cloud Control Matrix as well as being active in several other working groups. David is also the president of the local chapter of the Cloud Security Alliance in the Delaware Valley. Along with work with the Cloud Security Alliance David is a member of the NIST Cloud working groups including their Mobile working group and CyberSecurity working group.

Prior to Fiberlink David worked as a security consultant performing security assessments and project management for multiple fortune 500 companies including Merck, CIGNA, Campbell Soup, Sanofi-Aventis and Wyeth (later purchased by Pfizer). This included overseeing projects that were involved with mergers as was the case with Rhone Poulenc and Sanofi-Aventis and separations as with CIGNA and ACE. David frequently gives presentations on Cloud and Mobile technologies and has presented for ISACA, ISSA, Cloud Security Alliance, InfraGard and GTRA among others. David received the 2012 Ron Knode Service Award for volunteer services at the Cloud Security Alliance and was awarded the “Most Dynamic Speaker” award at the 2012 annual GTRA Security in Government event. David has also been quoted as a subject matter expert in a number of different publications. David is a graduate from Fairleigh Dickenson University with a Bachelor of Science in Electrical Engineering.

Co-chair of the Mobile Working Group; co-founder of IoT Working Group; contributor to CCM and Subject Matter Expert Working Groups. President of the CSA Delaware Valley Chapter. Contributor to multiple online publications and served as a speaker on behalf of CSA at third-party events, including InfraGard and ISACA.

Cesare Garlati

Cesare Garlati

Cesare Garlati is an internationally renowned leader in information security. Former Vice President of mobile security at Trend Micro, Cesare currently serves as Chief Security Strategist at prpl Foundation and Co-chair of the Mobile Working Group at Cloud Security Alliance. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro Software and WaveMarket. Prior to this, he was senior manager of product development at Oracle, where he led the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite.

Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered presentations and highlighted speeches at many events, including the Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications, CSA Congress and RSA Conferences.

Cesare holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun.

Co-founder and co-chair of the Mobile Working Group; provided critical research for the Security Guidance for Critical Areas of Mobile Computing and Security Guidance for Early Adopters of the IoT papers. Represented CSA and the Mobile Working Group on numerous panels and speaking engagements.

Mobile Working Group Initiatives

Open Peer Reviews

Initiative Details Date Opened

Mobile Working Group Security Guidance for Critical Areas of Mobile Computing

January 12, 2017 Contribute now

There are no working drafts at this time.

Want to contribute to the Mobile Working Group?

Fill out the form below to join today!


If you experience trouble using this form, please submit the information here.

Thanks for your interest!

Your request to join Mobile has been recorded. Someone will be in touch with you soon with more instructions.

Connect with Us

Mobile Working Group News

January 25, 2017

Reviewers Needed: Security Guidance for Critical Areas of Mobile Computing

Dear Colleagues, The Mobile Working Group is updating the document entitled “Security Guidance for Critical Areas of Mobile Computing” last published in 2012. To streamline the updating process, we are opening a peer review of the 2012 document. We are looking for SMEs to provide feedback on the content or sections that need updating, deleting,…

January 25, 2017

CSA’s Mobile Working Group Seeking New Co-Chair

The Cloud Security Alliance’s Mobile Working Group is seeking new co-chairs to develop and maintain a research portfolio providing capabilities to lead the crystallization of best practices for mobile security, help industry and government on adoption of best practices, establish liaisons with other organizations in order to coordinate the development of mobile security standards, and…

December 02, 2015

Cloud Security Alliance Releases Mobile Application Security Testing Initiative

White Paper Ready for Peer Review SINGAPORE – December 2, 2015 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced that its Mobile Application Security Testing Working Group released a new white paper that incorporates elements…

September 16, 2015

How Uber Uses the Cloud to Drive a Mobile Workforce

Oceans of ink have already been spilled extolling Uber’s innovative practices and growing profits, but here’s one aspect getting less attention: How the company’s nearly 100 percent cloud-based business empowers its vast network of mobile workers (the drivers)… Read blog post

June 29, 2015

Cloud Security Open API: The Future of Cloud Security

The Cloud Security Alliance launched the Cloud Security Open API Working Group with the goal to provide guidance for enterprises and cloud service providers on the operation and interoperability of cloud security functions, with a specific goal to protect PII and sensitive data across multiple clouds. Read blog post

May 28, 2015

Who’s backing up BYOD data? One more reason for cloud disaster recovery

If you’re among the 60% of organizations that don’t have a disaster recovery plan, or among the 59% that only back up data in one location, here are 5 good reasons to shore up your plan and include the cloud as one of your endpoint backup solutions… Read blog post

March 26, 2015

How To Address The BYOD Security Issue

This proliferation of data that is now moving outside of company networks, down to things like employee-owned smartphones, tablets and laptops can increase the chance of data leaking out and getting into the wrong hands. This is perhaps why BYOD has become a huge pain point for professionals looking to secure mobile devices. Read blog…

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

September 24, 2013

Cloud Security Alliance Mobile Working Group Opens Annual Mobile Market Maturity Survey

Group seeks global input to understand current market maturity and needed processes to manage enterprise mobile technology.

February 12, 2013

CSA Announces Working Group Sessions at RSA in San Francisco

CSA is hosting sessions during the week for some of our active working groups. These are free events that will be held outside of the regular conference on Thursday, February 28th.

November 08, 2012

Cloud Security Alliance Releases Security Guidance for Critical Areas of Mobile Computing

CSA Mobile Working Group report aims to provide industry with mobile security best practices.

October 25, 2012

CSA Seeks Input on a Mobile App Store Security Initiative Policy Guideline Document

The CSA Mobile Working Group would like to invite you to review and comment on their Mobile App Store Security Initiative Policy Guideline document that was created by their Initiative 5 sub-group.

October 19, 2012

CSA Seeks Input on a Mobile Authentication Document

Review and comment on the Mobile Authentication Document that was created by their Initiative 4 Authentication Sub-group.

October 19, 2012

CSA Seeks Input on a Mobile BYOD Document

Review and comment on the Bring Your Own Device (BYOD) Document that was created by their Initiative 3 BYOD Sub-group.

October 16, 2012

Take The CSA Mobile Maturity Questionnaire

This brief 5-10 minute survey is designed to help the Cloud Security Alliance, as well as, enterprises and individual consumers understand the current maturity level of the mobile marketplace.

October 04, 2012

Data Loss from Missing Mobile Devices Ranks as Top Mobile Device Threat by Enterprises

CSA Mobile Working Group today released findings from a new survey that calls out the specific security concerns enterprise executives say are the real and looming threats as it relates to mobile device security in the enterprise environment.

September 20, 2012

CSA Identifies 17 Key Components for Effective Mobile Device Management of BYOD and Company-Owned Devices

The whitepaper is one of six parts to the upcoming, “Security Guidance for Critical Areas of Mobile Computing” report, one of a number of important research items to be presented and discussed at the upcoming annual CSA Congress being held November 7-8 in Orlando.

July 18, 2012

CSA Research Sponsorship Opportunities Available

CSA announces the availability of several new opportunities to sponsor key research initiatives. Your support helps us maintain our aggressive research schedule and accelerate responsible adoption of cloud computing.

July 11, 2012

Take the CSA Top Threats to Mobile Computing Survey

Due to the rapid adoption of mobile computing, and immediate connection to cloud computing, the CSA is creating a “Top Threats to Mobile Computing” report.

July 07, 2012

CSA Seeks Input on “Mobile Device Management: Key Components” whitepaper

The peer review site and survey will be open until Friday, July 20th, 2012.

March 20, 2012

Mobile Working Group Kick-Off (Call 2)

To accommodate all time zones, CSA will now be launching a Mobile Working Group kick-off (call 2) after our call 1 was held on March 15th.

February 27, 2012

CSA Launches Mobile and Innovation Initiatives at RSA

Cloud Security Alliance (CSA) today announced two significant new initiatives for 2012, addressing growing areas of need in cloud security – mobile computing and innovation.

Mobile Working Group Downloads

Mobile Application Security Testing

Mobile Application Security Testing

The Mobile Application Security Testing (MAST) Initiative is a research which aims to help organizations and individuals reduce the possible risk exposures and security threat in using mobile applications. MAST aims define a framework for secure mobile application development, achieving privacy and security by design. Implementation of MAST will result in clearly articulated recommendations and…

Release Date: June 30, 2016

Mobile Application Security Testing Initiative Revised Charter

Mobile Application Security Testing Initiative Revised Charter

Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application…

Release Date: March 14, 2016

Mobile Application Security Testing Initiative Charter

Mobile Application Security Testing Initiative Charter

Mobile applications are becoming an integral part of not just modern enterprises but also of human existence and a huge part of this shift is due to the emergence of cloud computing. The Mobile Application Security Testing initiative will aim to create a safer cloud ecosystem for mobile applications by creating systematic approaches to application…

Release Date: February 16, 2015

Security Guidance for Critical Areas of Mobile Computing

Security Guidance for Critical Areas of Mobile Computing

Mobile devices empower employees to do what they need to do — whenever and wherever. People can work and collaborate “in the field” with customers, partners, patients or students and each other. But they need to be supported with always current operational processes and information, whether from apps, the Internet, or documents from other people.

Release Date: November 08, 2012

Mobile Top Threats

Mobile Top Threats

Release Date: October 04, 2012

Mobile Device Management: Key Components

Mobile Device Management: Key Components

Release Date: September 20, 2012

Mobile Working Group Charter

Mobile Working Group Charter

Release Date: February 21, 2012

Mobile Working Group Videos