CITY University of Hong KongIS6523: Infrastructure & Security Management for E-Commerce| Secure Mobile Device Management Deployment|
Team: The MoversTeam Member:CAI Ying, Vivian 52783116CHU Kachun, Gordon 52993003LI Yuanzhu, Mia 52710923PAN Junyu, Evan 52697226XI Lin, Linc 52707408FANG Jubin, Steven 52760822| 1. Introduction
With the development of technology, we may confront the fact that mobility in business environment is becoming a more and more crucial element to determine the position of a corporation and its long-term profitability. Enhancing the use of mobile devices to improve the organization’s productivity comes to be the top priority of a business entity’s agenda, at the same time, security and risk concerns cannot be ignored.
Mobile Device Management solution provided by IT Solution Vendors such as SAP and Oracle has become a mainstream for managing mobile devices’ compliance of organizational IT policy and security. The objective of this paper consists of several components. First, we will reviews the currently available MDM solutions and select the best one based on predefined criteria. Second, we will determine the weakness and risk of the selected MDM. Third, we will incorporate some emerging technologies that will potentially eliminate the weakness and mitigate the risk of the selected MDM. Finally, we will evaluate the selected supporting technologies and provide improvement recommendation in order to create a more secure MDM deployment model.
We will start with security policy.
1.1.1 The Need for Policy
Mobile security is a combined concept, which involves multiple layers of security, including communication security, operations security and information security. Among all, information security stands out and we should pay enough attention to protect it. The C.I.A triangle was used to address the importance of three characteristics that give value to corporations (C stands for confidentiality, I stands for Integrity and A stands for availability), although more critical characteristics have been added into this triangle to make it an expanded concept, which are accuracy, authenticity, utility and possession, the essence of the triangle doesn’t change. By that I mean, an integration of management of information security, computer & data security and network security will be led by policy to constitute the whole information security. Then we may realize the importance of policy to give a guidance to show how to standardize the mobile devices and usage.
1.1.2 Overall Policy
Enterprise Information Security Policy (EISP) will be an overview of the organization’s established security guidelines. It shapes the philosophy of security strategy and acts as an executive document. Typically, EISP doesn’t change a lot because it follows the strategy of an organization, but we also need to take changing environments into account, especially the proliferation of mobile devices involved.
1.1.3 Specific Mobile Policy
When revising existing information security policy, we should consider several elements: business requirements, assets classification and prioritization, user tiers, personal data isolation, levels of service provided, monitoring and controlling policy execution, cost plan & stipend schema and policy extensibility (for future mobile devices or platforms) etc. Newly edited policy is needed to meet the speed and complexity of IT infrastructure evolution.
1.1.4 Integrate Policy into Solution
After the framework has been done and the policy is settled, an integration of policy and solution are called for to provide mobility in business a strong backup force. In latter session, we will discuss the solutions provided by main vendors in current markets.
1.2 Risk Management
1.2.1 Need for Risk Management
In order to prepare fully for emerging risks of mobile devices, we need to understand the components of risk management,...