Sunday, September 23, 2012

CSA puts BYOD in focus with 17 key security areas

As mobile devices are becoming a mainstay in the enterprise, the Cloud Security Alliance (CSA) has identified 17 key elements as critical security measures for a full lifecycle security management especially for organizations.
These 17 are:
  1. Policy
  2. Risk Management
  3. Device Diversity/Degree of Freedom
  4. Configuration Management
  5. Software Distribution
  6. Enterprise AppStore
  7. Content Library
  8. Procurement
  9. Provisioning
  10. Device Policy Compliance and Enforcement
  11. Enterprise Activation/Deactivation
  12. Enterprise Asset Disposition
  13. Process Automation
  14. User Activity Logging/Workplace Monitoring
  15. Security Settings
  16. Selective Wipe/Remote Wipe/Lock
  17. Identity Management/Authentication/Encryption

One very key piece will be the “User activity logging and workplace monitoring” which is the critical aspect of the whole security and in fact rates the first to be implemented and based on the logging and the analytics, one can device what is the best security policy to apply and what tools are needed for your organization.
“Mobile devices are becoming an integral part of corporate networks, and as employees are increasingly using their personal device to access cloud-based applications and services, either via the allowed channel or some way or other and finding out who are on the network with what devices and what are the services they are accessing and logging of the same for a future audit and forensics is very critical and is step #1 for me”, said a CTO of a fortune 500 enterprise”

Also, with the growth in the number of applications, content and data being accessed through a variety of devices and because IT departments are now fully responsible for either company-owned devices or BYODs, organizations must look to adopt policies and practices to prevent any compromise in security. Most important, the report cites, is for organizations to include a system-centric functionality to secure and manage data and applications and more importantly to come up with smart solutions and tools driven by analytics.
While every company will have a different tolerance for risk and will adopt mobile technology in different ways, each one of them should be aware of what is going on in their network, what devices are running, what kind of applications are running and what are the threat levels of each of them.
There are several fundamental components that have to be considered and incorporated into policy and practice, the CSA noted. Each component falls into one of three major categories: software and hardware, inventory and security. The report provides implementation best practices as well as potential risks; along with a "Must Have" or "Optional" rating to help organizations better prioritize their security efforts.

Manjunath M Gowda, CEO i7 Networks “Listen to your bandwidth”
Author is the CEO of i7 networks which works on next gen analytics and intelligence related to bandwidth, security & BYOD

No comments:

Post a Comment