As mobile devices have become mainstays in the enterprise, the CSA has identified 17 key elements that are critical for organizations to consider for full lifecycle security management. One key piece of that in an ever-more-mobile world is identity management.
“Mobile devices are becoming an integral part of corporate networks, and as employees are increasingly using their personal device to access cloud-based applications and services, identity management is paramount in ensuring that this access remains secure”, said Patrick Harding, CTO at CSA member Ping Identity. “By having the right identity management processes, enterprises can provide employees with secure and convenient access to cloud apps via single sign-on from mobile devices – whether BYOD or not.”
Also, with the growth in the number of applications, content and data being accessed through a variety of devices, MDM has to extend beyond device management alone. Because IT departments are now fully responsible for company-owned devices, organizations must look to adopt policies and practices to prevent any compromise in security. Most important, the report cites, is for organizations to include a system-centric functionality to secure and manage data and applications, as well as information-centric functionality such as the delivery of the enterprise application store or content library.
While every company will have a different tolerance for risk and will adopt mobile technology in different ways, there are several fundamental components of MDM that have to be considered and incorporated into policy and practice, the CSA noted. Each component falls into one of three major categories: software and hardware, inventory and security. The report provides implementation best practices as well as potential risks, along with a "Must Have" or "Optional" rating to help organizations better prioritize their security efforts.
Key components to MDM security that CSA has identified include:
- Policy
- Risk Management
- Device Diversity/Degree of Freedom
- Configuration Management
- Software Distribution
- Enterprise AppStore
- Content Library
- Procurement
- Provisioning
- Device Policy Compliance and Enforcement
- Enterprise Activation/Deactivation
- Enterprise Asset Disposition
- Process Automation
- User Activity Logging/Workplace Monitoring
- Security Settings
- Selective Wipe/Remote Wipe/Lock
- Identity Management/Authentication/Encryption
The report authors echo other industry analysis that security is critical in any BYOD implementation. KPMG CIO Advisory’s Martin Lunt, for instance, believes BYOD has significant benefits for organizations, provided clear security policies are in place from the start. "Although BYOD still in its infancy, a key aspect of implementation is cross-referencing benefits and challenges with operational dynamics – data storage, appetite for risk and security – and configuring a workable offering", he said in a column for Infosecurity. "Much of this is common sense and, whether labeled cloud, BYOD, or any other ‘buzz’ solution, is simply good IT practice."
“An understanding of the full technology, process, and people implications of MDM will be absolutely required to ensure that the introduction of mobile devices will not compromise security”, said JR Santos, global research director of the CSA.
The white paper is one of six parts to the upcoming full report, 'Security Guidance for Critical Areas of Mobile Computing', to be released at the upcoming the annual CSA Congress, Nov. 7–8 in Orlando.