CSA Identifies 17 Key Components for Effective Mobile Device Management of BYOD and Company-Owned Devices
CSA Mobile Working Group Outlines Policies and Practices Enterprises Must Adopt to Prevent a Compromise in Security
SEATTLE, WA – September 20, 2012 – The Cloud Security Alliance (CSA) Mobile Working Group today released Mobile Device Management: Key Components, V1.0, a research report identifying 17 key elements that are critical for organizations to consider for the full lifecycle security management of mobile devices. The whitepaper is one of six parts to the upcoming, “Security Guidance for Critical Areas of Mobile Computing” report, one of a number of important research items to be presented and discussed at the upcoming annual CSA Congress being held November 7-8 in Orlando.
With the growth in the number of applications, content and data being accessed through a variety of devices, mobile device management (MDM) has to extend beyond device management alone. As IT departments are now fully responsible for company-owned devices, organization must look to adopt policies and practices to prevent any compromise in security. Most important, the report cites, is for organizations to include a system-centric functionality to secure and manage data and applications, as well as information-centric functionality such as the delivery of the enterprise application store or content library.
“Mobile devices are becoming an integral part of corporate networks and as employees are increasingly using their personal device to access cloud-based applications and services, identity management is paramount in ensuring that this access remains secure,” said Patrick Harding, CTO, Ping Identity. “By having the right identity management processes, enterprises can provide employees with secure and convenient access to cloud apps via single sign-on from mobile devices – whether BYOD or not. The CSA has taken important steps in identifying the key elements organizations need to consider before adopting a BYOD policy and we’re happy to see identity management recognized as a key piece.”
While every company will have a different tolerance for risk and will adopt mobile technology in different ways, there are several fundamental components of MDM that have to be considered and incorporated into policy and practice. With each component falling into one of three major categories: software and hardware, inventory and security, the report provides implementation best practices as well as potentials risks along with a ‘Must Have’ or ‘Optional” rating to help organizations better prioritize their security efforts.
Key components to MDM identified include:
- Risk Management
- Device Diversity/Degree of Freedom
- Configuration Management
- Software Distribution
- Enterprise AppStore
- Content Library
- Device Policy Compliance and Enforcement
- Enterprise Activation/Deactivation
- Enterprise Asset Disposition
- Process Automation
- User Activity Logging/Workplace Monitoring
- Security Settings
- Selective Wipe/Remote Wipe/Lock
- Identity Management/Authentication/Encryption
“As mobile devices have become mainstays in the enterprise, an understanding of the full technology, process, and people implications of MDM will be absolutely required to ensure that the introduction of mobile devices will not compromise security,” says J.R. Santos, Global Research Director of the CSA. “While most companies already have security policies in place, those policies need to be reviewed and possibly updated to account for the many components of mobile technology that we have identified in this report.”
The CSA Mobile Working Group is responsible for providing fundamental research to help secure mobile endpoint computing from a cloud-centric vantage point. The Security Guidance for Critical Areas of Mobile Computing from the CSA Mobile Working Group due out this fall intends to provide information on various components of mobile computing including BYOD, authentication, top threats, and more. The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit https://cloudsecurityalliance.org/research/mobile/
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Kari Walker for the CSA