Mobile/BYOD Security Assessment
Do your employees access sensitive systems and data from their own computers outside of your security team’s control? What happens when sensitive data is downloaded to a user’s mobile phone and then the device is lost? Can a virus spread from your employees’ personally owned systems onto your network?
One of the prevalent trends in the modern workplace is the integration of both mobile and Bring Your Own Device (“BYOD”) scenarios. While the increased use of these devices can present opportunities to add flexibility and cost savings to a mobile workforce, there are also inherent risks introduced to your organization. Without a well-defined mobile and BYOD strategy, organizations are opening themselves to increased risk of malware infestations, breaches, loss of critical data and assets, and the legal and regulatory issues encountered when company policy cannot be enforced.
AppSec Consulting can assist your organization in assessing the technical, operational, and administrative risks introduced by the use of mobile and BYOD, and help you tailor a strategy to mitigate or eliminate risk to the use of these devices. Our comprehensive assessment approach takes into account how your employees use devices, what controls are appropriate to the environment, and assesses whether these controls are working effectively and aligned with a larger security strategy. We look at the entirety of your mobile device lifecycle, from provisioning to ongoing management to decommissioning.
Our assessments typically include a combination of:
- Technical/penetration testing of typical device configurations
- Review of administrative and technical controls in place to protect devices and data, such as Acceptable Use policies, end user training, and Incident Response procedures related to mobile/BYOD
- Assessment of deployed technologies such as Mobile Device Management (MDM) suites and their associated management and monitoring processes
AppSec Consulting will perform interviews with key personnel, perform testing of technical configurations, and compare proposed or implemented solutions against security best practices in order to identify potential issues with the physical, technical, or administrative controls related to mobile/BYOD usage. AppSec Consulting then prepares a detailed report outlining identified issues and associated remediation recommendations.
The AppSec Consulting Difference
- We provide expert assessment and analysis; AppSec Consulting works with everyone from small startups to the world’s largest retail organizations in the mobile security space
- Our approach differentiates us from the competition – clients receive an executable custom-written reporting tailored to your environment, based on the latest security and compliance requirements
- We're with you every step of the way, from explaining findings in the gap assessment to providing remediation project management where needed
- Identify mobiles device profiles and typical use scenarios
- Identify security and compliance requirements associated with mobile/BYOD components
- Assess current or proposed controls, such as Network Access Controls (NAC), VPN, Mobile Device Management software (MDM), and malware solutions
- Review physical, technical, and administrative controls related to mobile payment solutions and other mission critical applications.
- Perform gap assessment against industry best practices and compliance frameworks
- Provide strategic recommendations for securing and integrating mobile/BYOD systems
- Provide a detailed report listing findings and associated remediation recommendations
- Provide or enhance policies and procedures related to mobile/BYOD deployments if requested
What You Get
- A thorough review of your mobile /BYOD environment, with a gap report and detailed remediation recommendations
- A defined strategic direction for integration of mobile/BYOD that takes risk and productivity into account
- Expert consultation and knowledge transfer
- Remediation project management should your organization need assistance