securityforum.org: Information Security Forum launches report to help organisations tackle challenge of securing consumer devices

Independent information security body, the Information Security Forum (ISF)www.securityforum.org, has launched its new report, Securing Consumer Devices to provide information security professionals with advice on meeting the ‘consumerisation’ challenge. The report also coincides with the launch of the ISF’s Securing Mobile Devices Special Interest Group for Member organisations.

The ISF believes that regardless of what stage they are currently at, organisations are struggling to understand and manage the ever-increasing number of powerful consumer devices being brought into the workplace. Many of the most popular devices, particularly smartphones and tablets, were not designed originally as business tools and do not offer levels of security comparable to desktop and laptop computers. 

The report also highlights that these devices are blurring the line between personal and business use and behaviour. Potential risks include misuse of the device itself, exploitation of software vulnerabilities and people downloading and using poorly tested business applications. Organisations also need to seriously consider the legal issues around who actually owns the device.

The new report, which provides organisations of all sizes with an independent, business-focused approach to planning a security response, offers best practice in several key areas, including user guidance, protection solutions, provisioning and support, and meeting the necessary statutory requirements. It breaks down consumer device security into four manageable components:

· Governance – with no control over consumer devices, little or no visibility of usage and penetration, and poor knowledge of ownership, policies or compliance, organisations need to create a framework for ensuring correct and consistent mobile device security assurance

· Users – with no control over consumer device working practices, users are free to mix work and personal tasks and data. Organisations need to ensure employees are aware of what constitutes good working practice for mobile devices, by creating an Acceptable Use Policy (AUP) for staff to sign. The report includes an easy to use AUP to get businesses started

· Devices – left unprotected and unmanaged, consumer devices are exposed to a range of potential security threats, including malware targeted at the device’s OS or apps, unauthorised connections, and compromise and irrecoverable loss of data. Organisations must put in place technical solutions for securing access to mobile devices and content

· Applications and data – the provenance of most apps designed for consumer devices are unknown, and most have not undergone formal testing. Unfortunately, most users do not think about this when downloading them. Organisations must ensure apps used for business and the types of data they can access or generate are appropriate and properly tested.

“Consumerisation is a fast-moving trend that organisations are struggling to keep up with and this report provides the first detailed examination of consumer device security, the challenges and the solutions,” according to Steve Durbin, Global Vice President, ISF. “As well as this report, we are delighted to announce that the ISF is establishing a Securing Mobile Devices Special Interest Group (SIG) to provide a collaborative environment for Members to keep on top of the rapid pace of change in this area.”

An executive summary of the Securing Consumer Devices report is available fromhttps://www.securityforum.org/about/sampledocuments/publicdo..., while the full report – available only to ISF Members – offers more detailed practical guidance on the challenges and solutions, as well as an overview of the consumerisation trend and guidance on planning a response to it. It also includes a high-level comparison of the Mobile Device Management (MDM) systems mentioned most often by Members.

Ends 

About the ISF

Founded in 1989, the Information Security Forum is an independent, not-for-profit association of leading organisations from around the world. It is dedicated to investigating, clarifying and resolving key issues in information security and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organisations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Further information about ISF research and membership is available from www.securityforum.org.