Mobile Device Security Assessment
Harden existing devices and streamline the process to secure new ones
This client is a large energy company serving millions of customers across several states.
The customer was facing the challenge of securing a whole new class of computing devices – including iPhones, iPads, and Android-based phones – some owned by the company and others by employees.
Company-owned devices were provided to a select group of users, while the remaining employees were using personal devices to access their company email, calendar and contact lists. The internal IT staff was tasked with creating a Bring Your Own Device (BYOD) policy and ensuring that company data, including confidential customer information as well as sensitive internal material, would not be exposed if a device was lost, stolen, or otherwise compromised.
A security assessment team from CBTS met with the customer’s security and technical staff, to discuss how mobile devices were being used. The team examined the various use cases for each platform, the applications and data each would interact with, and the concerns of executive leadership. The team also explored the customer’s existing mobile device policies and the controls currently in place, as well as the regulatory and compliance requirements which they were subject to.
Using a set of widely accepted industry best practices, the assessment team developed recommendations for stronger controls that would mitigate the risk of a breach from mobile devices. The team illustrated how to implement these controls using the mobile device management tools already employed by the customer. The team also recommended organizational policy changes that would foster greater awareness to mobile device users of their responsibility to protect company data.
The CBTS team boasts hands-on experience with industry-leading BYOD and mobile device management solutions, as well as extensive research into mobile threats, and the controls and defenses that protect the data stored on them. This gave the team a unique perspective into this rapidly growing domain of enterprise security.
CBTS Employees Deployed on the Project:
A CBTS Security Architect and a CBTS Security Project Manager
With a stronger BYOD policy and more comprehensive controls, the customer was able to harden existing devices and streamline the process to secure new ones. User adoption of the additional controls went more smoothly with greater visibility into the mobile threat landscape leading to buy-in at the executive level. Security staff was also far better equipped to handle a mobile device breach.