A Checklist for the Security of Mobile Computing Platforms
Information security provides a fairly well established set of standard protection measures going back to the NSA’s rainbow series of publications. Where do the new mobile computing operating stems fall compared to the older pc and server operating systems? In the first place, the degree of integrating/bundling in the modern systems is vastly different than was routine in previous generations, so any comparison is certainly not the same. Security has had a bad history for years as hard to fully grasp and not user friendly. Mobile computing is more is more structured on the idea of simplicity and functionality, the bottom line then becomes security features require a lot of work to be brought up to acceptable standards, it’s certainly a great opportunity and challenge.
Nonetheless, particular capabilities are desirable, including:
User logon, but at least authentication, some indicates of verifying user identity is extremely desirable. The anonymous user is really a very difficult concept. A user friendly way to manage authentication data is also required, equivalent to but hopefully more capable than the old password management subsystems.
Account management, user accounts need tools to allow ease of use and management of account parameters.
Accountability, the capability to make a user responsible for actions requested by and performed on behalf of the user is really a baseline require.
Access control. Mediation of access to resources on a prior granted basis needs a lot of believed, even though the basic concept is fundamental. Generating it user friendly will be the problem/challenge.
Encryption for the protection of communications is really a baseline require for mobile platforms. Key management is rather like access manage, it needs lots of thought to come up having a user friendly solution. VPN and SSL appear to be becoming the standard answer set.
Backup and restore. The ability to create copies of information that may be retrieved if the originals are damaged or lost is a baseline requirement. Cloud based solutions provide one approach.
Encryption for storage is really a desirable capability given the risk of data theft accompanying the risk of device theft.
Remote device reset is an fascinating risk management concept to mediate/minimize information theft risks.
Privileges and roles. The notion that certain capabilities should be set aside for a small number of trusted individuals is a server concept, Roles are perceived as a nuisance by numerous, so work requirements to go into the implementation to create any solution acceptable
Future needs. It doesn’t take a crystal ball to see risk management related requirements that don’t justify main investment these days but that soon could.
Malware management. The integrity problems related with malware infections are beyond normal antivirus. As apps are added, risk intensifies, consequently an advanced answer is going to be required, not today, but some day, most likely soon.
Firewalls, some method to manage network connections is going to be required that’s simpler to make use of and much more capable than private firewalls.
Information management, the ability to mark data as especially sensitive and worth special protection is needed. This might simply involve re-bundling sets of protection measures to provide more robust protection.
Intrusion detection/prevention, given hacker activity, a capability to alert to suspicious activity is desirable, false positives have been the historic issue, so real believed requirements to go into the answer.
Vulnerability management, identifying and eliminating algorithmic vulnerabilities, particularly in operating program configurations has been feasible for years, its time it becomes a routine capability.