This page is part of a Security School lesson, featuring a selection of expert technical content on this topic. Explore more in this school:
1. - Security in the mobile era: Read more in this section
- Enterprise mobility management must cover all the security bases
Explore other sections in this guide:
Enterprise mobility management must cover all the security basesDate: May 30, 2014
Security is the one area in IT that a manager's work is truly never done, says Craig Mathias, principal at Farpoint Group, a firm that focuses on wireless networking and mobility management. In this video, Mathias takes a comprehensive look at enterprise mobility management (EMM) in a security context, starting with policy and outlining a thorough framework for ensuring security in the mobile era.
IT management in general is concerned with a variety of elements in the modern workplace. Computers, of course, and network management, as well as security management and personnel. But for mobility itself, there are five key additional domains: mobile device management (MDM); mobile application management (MAM); mobile data or content management (MCM); mobile expense management; and mobile policy management.
Mathias delves into each of these areas in detail, though he begins with the crucial starting point for any InfoSec pro: creating a formal security policy. Mathias notes that it's surprising how many companies have no set policy when it comes to mobility. A solid policy, he notes, requires three key elements: identification of what information is sensitive; explication of who is allowed to access this information; and what should be done in the event of a breach.
The focus of any such security policy for EMM must be on endpoint security (where information lives). Sensitive information must be encrypted and Mathias strongly recommends two-factor authentication.
From the foundation of solid mobility security policy, a company's IT staff must then develop plans for dealing with new technology, employing both MAM and MCM, and also be sure to continually communicate security policy through training, support and continual policy review and revision.
These are just the highlights of Mathias' informative and practical presentation. It is one every InfoSec pro should view to make sure his company has in place an EMM strategy strong enough to stand up to an always-evolving environment, in terms of both technology and the threats to it.