Security Architecture Mobile (smartphone, tablets, etc…) Operating System considerations.

Issues:

• Current standard is not enforceable and are way outdated.
• No standardized device standards
• No Mobile Device Management software

No Deployment Methodology

• Not Standardized Processes or procedures
• No formal technical or security controls in place
• No device management process
• Unknown number of personal devices connecting to the network
• No centralized tracking of corporate owned devices
• No mechanism or process in place for updates – Applications, OS, and Firmware
• No method of enforcing policies and standards

Multiple Avenues For Procurement

• Procurement through IT vendors
• Corporate credit card purchases
• Personal purchases
• Purchase from mobile phone vendors

Personal Owned Devices

Bring Your Own Device (BYOD)

• No standards across the organization on the use of personal owned devices syncing data
• No standard deployment methodology of mobile devices
• No formal technical mobile or security controls in place
  • No method of enforcing policies and standards
  • Need for a uniform security control deployment

Recommendation

• Creation of a mobile device security standard ensuring the appropriate infrastructure, security controls and ability for enforcement are implemented.
  • All devices must follow the existing System Security, Encryption and Wireless Communications standards
  • Create a division of support duties
    • Security – Maintain MDM software and configuration
    • Voice and Data Networking – Phone provisioning
    • Client Computing – Endpoint, OS and application support