Security Advisor

CSA Security Guidance for Mobile Devices

The recent report, contributed by 60 companies, lays out what threats loom in the BYOD landscape and what steps an organization can take to secure itself and employees.

The Cloud Security Alliance (CSA) recently released an assessment and threat report on the state of mobile computing.

Titled "Security Guidance for Critical Areas of Mobile Computing," the 60-page document created by more than 60 participating CSA companies, provides best practice information for enterprises on how to best utilize and secure employee mobile devices.

"Mobile computing has fundamentally transformed the way we work, ushering in a new era of productivity and efficiency. But the benefits wrought by mobility ultimately come with a cost in terms of ensuring that established security protocols are consistently and correctly applied," said David Lingenfelter, CSA Mobile Working Group Co-Chair. "This guidance is the product of many months of in-depth research on behalf of the CSA Mobile Working Group and represents an important step in mitigating the inherent risks that comes with mobile computing."

With regards to the threat assessment portion of the report, the CSA found that the two biggest threats were "data loss from lost, stolen, or decommissioned devices" and "information stealing mobile malware."

The company said that Android devices have been targeted most by the second threat due to the ease of downloading and installing third-party apps.

"To date, the majority of malicious code distributed for Android has been disseminated through third-party app stores, predominately in Asia," according to the report. "Most of the malware distributed through third-party stores has been designed to steal data from the host device."

The CSA report also highlights six additional threats, which includes:

  • Data loss due to poorly written third-party apps
  • Vulnerabilities found in the device OS and official apps
  • Unsecured network access, WiFi connections and other unsafe access points
  • Insufficient or lacking management tools on the enterprise side
  • Proximity-based hacking

The SCA report concludes by laying out a 17-point plan for consideration by enterprises that includes properly managing risk, automating configuration of optimal device settings and creating an enterprise app store that can be monitored for quality and safety.  

About the Author

Chris Paoli is the site producer for and


  • Office Mobile Apps To End as Microsoft Highlights New Office App

    Microsoft plans to end support for Windows 10 Mobile applications on Jan. 12, 2021, according to a Friday announcement.

  • Is Microsoft Finally Reinventing Office?

    Microsoft is testing out a new technology called "Fluid Framework." It could mean that Brien's dream of one Office app to rule them all might soon become reality.

  • Azure Active Directory Connect Preview Adds Support for Disconnected AD Forests

    Microsoft on Thursday announced a preview of a new "Cloud Provisioning" feature for the Azure Active Directory Connect service that promises to bring together scattered Active Directory "forests."

  • Microsoft Defender ATP Gets macOS Investigation Support

    The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.