CSA Security Guidance for Mobile Devices -- Redmondmag.com

CSA Security Guidance for Mobile Devices

The recent report, contributed by 60 companies, lays out what threats loom in the BYOD landscape and what steps an organization can take to secure itself and employees.

By Chris Paoli
12/05/2012

The Cloud Security Alliance (CSA) recently released an assessment and threat report on the state of mobile computing.

Titled "Security Guidance for Critical Areas of Mobile Computing," the 60-page document created by more than 60 participating CSA companies, provides best practice information for enterprises on how to best utilize and secure employee mobile devices.

"Mobile computing has fundamentally transformed the way we work, ushering in a new era of productivity and efficiency. But the benefits wrought by mobility ultimately come with a cost in terms of ensuring that established security protocols are consistently and correctly applied," said David Lingenfelter, CSA Mobile Working Group Co-Chair. "This guidance is the product of many months of in-depth research on behalf of the CSA Mobile Working Group and represents an important step in mitigating the inherent risks that comes with mobile computing."

With regards to the threat assessment portion of the report, the CSA found that the two biggest threats were "data loss from lost, stolen, or decommissioned devices" and "information stealing mobile malware."

The company said that Android devices have been targeted most by the second threat due to the ease of downloading and installing third-party apps.

"To date, the majority of malicious code distributed for Android has been disseminated through third-party app stores, predominately in Asia," according to the report. "Most of the malware distributed through third-party stores has been designed to steal data from the host device."

The CSA report also highlights six additional threats, which includes:

Data loss due to poorly written third-party apps
Vulnerabilities found in the device OS and official apps
Unsecured network access, WiFi connections and other unsafe access points
Insufficient or lacking management tools on the enterprise side
Proximity-based hacking

The SCA report concludes by laying out a 17-point plan for consideration by enterprises that includes properly managing risk, automating configuration of optimal device settings and creating an enterprise app store that can be monitored for quality and safety.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.