Security Advisor

CSA Security Guidance for Mobile Devices

The recent report, contributed by 60 companies, lays out what threats loom in the BYOD landscape and what steps an organization can take to secure itself and employees.

The Cloud Security Alliance (CSA) recently released an assessment and threat report on the state of mobile computing.

Titled "Security Guidance for Critical Areas of Mobile Computing," the 60-page document created by more than 60 participating CSA companies, provides best practice information for enterprises on how to best utilize and secure employee mobile devices.

"Mobile computing has fundamentally transformed the way we work, ushering in a new era of productivity and efficiency. But the benefits wrought by mobility ultimately come with a cost in terms of ensuring that established security protocols are consistently and correctly applied," said David Lingenfelter, CSA Mobile Working Group Co-Chair. "This guidance is the product of many months of in-depth research on behalf of the CSA Mobile Working Group and represents an important step in mitigating the inherent risks that comes with mobile computing."

With regards to the threat assessment portion of the report, the CSA found that the two biggest threats were "data loss from lost, stolen, or decommissioned devices" and "information stealing mobile malware."

The company said that Android devices have been targeted most by the second threat due to the ease of downloading and installing third-party apps.

"To date, the majority of malicious code distributed for Android has been disseminated through third-party app stores, predominately in Asia," according to the report. "Most of the malware distributed through third-party stores has been designed to steal data from the host device."

The CSA report also highlights six additional threats, which includes:

  • Data loss due to poorly written third-party apps
  • Vulnerabilities found in the device OS and official apps
  • Unsecured network access, WiFi connections and other unsafe access points
  • Insufficient or lacking management tools on the enterprise side
  • Proximity-based hacking

The SCA report concludes by laying out a 17-point plan for consideration by enterprises that includes properly managing risk, automating configuration of optimal device settings and creating an enterprise app store that can be monitored for quality and safety.  

About the Author

Chris Paoli is the site producer for and


  • Microsoft Endpoint Manager Improvements Highlighted at Ignite

    Improvements in the Microsoft Endpoint Manager (MEM) management solution were part of Tuesday's Microsoft Ignite online event.

  • Green City Illustration

    Microsoft Ignite 2020 Reaction, Part 1: A New Normal for Tech Conferences

    Something about Satya Nadella's opening keynote makes Brien wonder if Microsoft thinks we'd all be better off doing everything -- including conferences like Ignite -- remotely, even after the pandemic is over.

  • Microsoft Ignite: Azure Advances Across Five Frontiers

    To kick off the Microsoft Ignite virtual conference, CEO Satya Nadella made a bold claim about the public cloud with the second-largest market share behind Amazon.

  • Microsoft Buying Games Maker ZeniMax Media for $7.5 Billion

    Microsoft is buying ZeniMax Media, parent company of Bethesda Softworks and other game-maker affiliates, for $7.5 billion in cash.

comments powered by Disqus