Simple steps to consider for Enterprise Mobile Security
With the expansion of mobile device usage in enterprises as a communication method for corporate and personal information, mobile devices have become an additional source of risk to the enterprise.
To assist the business in managing the risk, several security controls should be considered when deploying mobile devices. They include, but are not limited to:
1) Strong authentication
2) Data loss prevention (DLP) and data protection controls: Data protection controls include data-at-rest encryption and secure-channel communication.
3) Life-cycle management for enterprise apps: This refers to the ability to inventory, report and control apps on a mobile device, which includes provisioning, updating and deleting enterprise apps.
4) Malware protection
5) Device compliance and antitheft methods: This refers to the ability to perform compliance inspections on the device according to corporate policy and implement loss/antitheft capabilities.
6) Privacy controls: Privacy controls include restricting available device information and real-time auditing of apps to assist with data leakage events.
7) SMS archiving
8) Selective wipe capabilities: Selective wipe refers to the ability to remove specific apps/files from the device without affecting an employee’s personal data and environment (i.e., bring your own device).
9) URL filtering
Over-the-air (OTA) device management: OTA is a requirement for mobile management and includes device life-cycle management (i.e., discovery, registration, update, deletion, decommissioning).
With the expansion of mobile device usage in enterprises as a communication method for corporate and personal information, mobile devices have become an additional source of risk to the enterprise.
To assist the business in managing the risk, several security controls should be considered when deploying mobile devices. They include, but are not limited to:
1) Strong authentication
2) Data loss prevention (DLP) and data protection controls: Data protection controls include data-at-rest encryption and secure-channel communication.
3) Life-cycle management for enterprise apps: This refers to the ability to inventory, report and control apps on a mobile device, which includes provisioning, updating and deleting enterprise apps.
4) Malware protection
5) Device compliance and antitheft methods: This refers to the ability to perform compliance inspections on the device according to corporate policy and implement loss/antitheft capabilities.
6) Privacy controls: Privacy controls include restricting available device information and real-time auditing of apps to assist with data leakage events.
7) SMS archiving
8) Selective wipe capabilities: Selective wipe refers to the ability to remove specific apps/files from the device without affecting an employee’s personal data and environment (i.e., bring your own device).
9) URL filtering
Over-the-air (OTA) device management: OTA is a requirement for mobile management and includes device life-cycle management (i.e., discovery, registration, update, deletion, decommissioning).
No comments:
Post a Comment