Cloud Security Alliance Lays Out Mobile Device Guidance
The Cloud Security Alliance (CSA) recently released an assessment and threat report on the state of mobile computing.
Titled "Security Guidance for Critical Areas of Mobile Computing," the 60-page document created by more than 60 participating CSA companies, provides best practice information for enterprises on how to best utilize and secure employee mobile devices.
"Mobile computing has fundamentally transformed the way we work, ushering in a new era of productivity and efficiency. But the benefits wrought by mobility ultimately come with a cost in terms of ensuring that established security protocols are consistently and correctly applied," said David Lingenfelter, CSA Mobile Working Group Co-Chair. "This guidance is the product of many months of in-depth research on behalf of the CSA Mobile Working Group and represents an important step in mitigating the inherent risks that comes with mobile computing."
With regards to the threat assessment portion of the report, the CSA found that the two biggest threats were "data loss from lost, stolen, or decommissioned devices" and "information stealing mobile malware."
The company said that Android devices have been targeted most by the second threat due to the ease of downloading and installing third-party apps.
"To date, the majority of malicious code distributed for Android has been disseminated through third-party app stores, predominately in Asia," according to the report. "Most of the malware distributed through third-party stores has been designed to steal data from the host device."
The CSA report also highlights six additional threats, which includes:
- Data loss due to poorly written third-party apps
- Vulnerabilities found in the device OS and official apps
- Unsecured network access, WiFi connections and other unsafe access points
- Insufficient or lacking management tools on the enterprise side
- Proximity-based hacking
The SCA report concludes by laying out a 17-point plan for consideration by enterprises that includes properly managing risk, automating configuration of optimal device settings and creating an enterprise app store that can be monitored for quality and safety.