Enterprise Mobile Security

New NIST Guidelines for Managing Security of Mobile Devices


Ricardo Sanchez

I remember having one of those indestructible Nokia 3310 back in my college days, and how great it was the ability to receive text messages. Cellphones were considered basic communication devices used only for voice and messaging. Mobile devices today are basically a replacement for your Desktop/Laptop, in terms of business functions that can be achieved and performed. Based on recent statistics, mobile devices dominate Internet traffic versus Desktop counterparts. Enterprise users are now using more mobile devices to access enterprise networks, and that means more sensitive data is being exposed and put at risk.

NIST explains that “Mobility has transformed how enterprises deliver information technology (IT) services and ensure mission impact”. This resonates deeply with the current COVID19 pandemic that has affected business worldwide. Business are scrambling to transform themselves into a ‘mobile-agile’ enterprise, for the ability to provide their services and value to customers.

With this incredible increase in telework and remote workforce, the Mobile Threat Landscape has greatly increased. This includes mobile malware, vulnerabilities and out-of-date or out-of-compliance devices. NIST details this information on their Mobile Threat Catalogue (access here), in which the Attack Surface (the different areas an attacker can exploit a device) is now distributed across multiple categories, including Application, Cellular, GPS, Payment (i.e. NFC), Physical Access and much more.

Enterprises should now, more than ever, incorporate Mobile Threat Analysis and Assessment into their current Risk Management program. To achieve this goal, an Enterprise Mobility Management (EMM) system should be enabled to enforce these policies. These type of systems allow organizations to manage, deploy, configure and apply security policies to their Mobile Landscape and devices. Examples of such systems include Sophos Secure Unified Endpoint Management (more information here).

Access to the draft NIST document can be found here.