The National Institute of Standards and Technology (NIST) is offering some best practices and thoughts on how to manage and secure mobile devices in the enterprise. In a newly drafted Guidelines for Managing and Securing Mobile Devices in the Enterprise they outline steps, processes and procedures necessary to secure an enterprise’s network and data from threats that come with these new end devices.
With Bring Your Own Device (BYOD) programs being hyped by cost savings and productivity gains, it is becoming harder for IT Deparments to support the services, security, help desk, training and incidence response that come with BYOD. This is exactly why it is so important to implement a Mobile Device Management (MDM) or a Mobile Application Management (MAM) solution, and the NIST guideline report can help. A reoccurring theme we hear in evaluating the proper solution, and one that NIST touches on, is evaluating what is most important to an enterprise in securing end devices and the data that is on them. Is the device more important? Is the data more important? Where do our highest risks lay? A few key points from the NIST report are as follows and the full report can be seen here:
- Organizations should develop system threat models for mobile devices and the resources accessed through those devices.
- Organizations deploying mobile devices should consider the merits of each provided security service, determine which services are needed for their environment and then design and acquire one or more solutions that collectively provide the necessary services.
- Organizations should have a mobile device security policy.
- Organizations should implement and test a prototype of their mobile device solution before putting the solution into production.
- Organizations should fully secure each organization-issued mobile device before allowing a user to access it.
- Organizations should regularly maintain mobile device security.