Secure Mobile Device Management Deployment

Topics: Transport Layer Security, Virtual private network, Security Pages: 20 (5231 words) Published: January 29, 2013
CITY University of Hong KongIS6523: Infrastructure & Security Management for E-Commerce| Secure Mobile Device Management Deployment|
Team: The MoversTeam Member:CAI Ying, Vivian 52783116CHU Kachun, Gordon 52993003LI Yuanzhu, Mia 52710923PAN Junyu, Evan 52697226XI Lin, Linc 52707408FANG Jubin, Steven 52760822| 1. Introduction

With the development of technology, we may confront the fact that mobility in business environment is becoming a more and more crucial element to determine the position of a corporation and its long-term profitability. Enhancing the use of mobile devices to improve the organization’s productivity comes to be the top priority of a business entity’s agenda, at the same time, security and risk concerns cannot be ignored.

Mobile Device Management solution provided by IT Solution Vendors such as SAP and Oracle has become a mainstream for managing mobile devices’ compliance of organizational IT policy and security. The objective of this paper consists of several components. First, we will reviews the currently available MDM solutions and select the best one based on predefined criteria. Second, we will determine the weakness and risk of the selected MDM. Third, we will incorporate some emerging technologies that will potentially eliminate the weakness and mitigate the risk of the selected MDM. Finally, we will evaluate the selected supporting technologies and provide improvement recommendation in order to create a more secure MDM deployment model.

We will start with security policy.

1.1 Policy

1.1.1 The Need for Policy

Mobile security is a combined concept, which involves multiple layers of security, including communication security, operations security and information security. Among all, information security stands out and we should pay enough attention to protect it. The C.I.A triangle was used to address the importance of three characteristics that give value to corporations (C stands for confidentiality, I stands for Integrity and A stands for availability), although more critical characteristics have been added into this triangle to make it an expanded concept, which are accuracy, authenticity, utility and possession, the essence of the triangle doesn’t change. By that I mean, an integration of management of information security, computer & data security and network security will be led by policy to constitute the whole information security. Then we may realize the importance of policy to give a guidance to show how to standardize the mobile devices and usage.

1.1.2 Overall Policy

Enterprise Information Security Policy (EISP) will be an overview of the organization’s established security guidelines. It shapes the philosophy of security strategy and acts as an executive document. Typically, EISP doesn’t change a lot because it follows the strategy of an organization, but we also need to take changing environments into account, especially the proliferation of mobile devices involved.

1.1.3 Specific Mobile Policy

When revising existing information security policy, we should consider several elements: business requirements, assets classification and prioritization, user tiers, personal data isolation, levels of service provided, monitoring and controlling policy execution, cost plan & stipend schema and policy extensibility (for future mobile devices or platforms) etc. Newly edited policy is needed to meet the speed and complexity of IT infrastructure evolution.

1.1.4 Integrate Policy into Solution
After the framework has been done and the policy is settled, an integration of policy and solution are called for to provide mobility in business a strong backup force. In latter session, we will discuss the solutions provided by main vendors in current markets.

1.2 Risk Management

1.2.1 Need for Risk Management

In order to prepare fully for emerging risks of mobile devices, we need to understand the components of risk management,...

References: [1] T. Dierks, E. Rescorla, "The Transport Layer Security (TLS) Protocol, Version 1.2", August 2008. 
[2] A. Freier, P. Karlton, P. Kocher "The Secure Sockets Layer (SSL) Protocol Version 3.0". August 2011. 
[3] Ray Stanton, “Securing VPNs: comparing SSL and IPsec”, Computer Fraud & Security, September 2005.
[4] Ray Stanton, “Securing VPNs: comparing SSL and IPsec”, Computer Fraud & Security, September 2005.
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Essay on Unilever Secures Its Mobile Devices
  • Mobile Device Essay
  • Mobile Device Security Threats Essay
  • Security Risk Associated with Mobile Devices Essay
  • Mobile Device Management Change Initiat Essay
  • Mobile Computing and Devices Essay
  • Data Security and Mobile Devices Essay
  • management Essay

Become a StudyMode Member

Sign Up - It's Free