• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Compliance Research Group Outlines New Security Model for Much-Needed Mobile Device Compliance

Posted on: Wednesday, 16 September 2009, 10:46 CDT

DENVER, Sept. 16 /PRNewswire/ -- Compliance Research Group (CRG), an industry analyst firm focused on IT risk management and compliance, has developed a new mobile security model to help organizations define and manage compliance requirements for wireless devices and services. Coined the "DUST Model for Managing the Risk to Enterprise Mobility," this practical set of guidelines provides an end-to-end model for the compliance practices and security technologies needed to support growing remote smartphone access to enterprise computing networks. CRG analysts outline a mix of new and traditional methods and technologies to properly secure and manage originating smartphone devices, users and sessions, and the transactions performed at sensitive destinations.

A free CRG Research Brief on the DUST Model is at: http://www.complianceresearchgroup.com/pages/Download-Research.html

"Compliance and security for mobile networks has not evolved significantly from the early consumer adopter stage," said Mark Willoughby, principal and lead analyst at CRG. "Rapid growth in enterprise smartphone usage, with wireless access to sensitive information in the cloud, will require new methods to effectively plan, deploy and operate wireless compliance and security. CRG's DUST Model for mobile compliance and security provides a framework for planning, deploying and managing large scale smartphone access to sensitive corporate and personal information."

The DUST Model for mobile compliance and security addresses secure wireless:

• Devices - to protect the confidentiality of sensitive information on originating wireless platforms and provides a trusted platform for data integrity
• Users - so the risk posed by properly authenticated users can be considered in granting access to devices and sensitive confidential information in sessions
• Sessions - to provide confidentiality and availability of wireless transmissions from the originator to destinations processing and storing sensitive confidential information
• Transactions - performed with sensitive enterprise information, to assure that only authorized users are initiating actions, with availability and non-repudiation when required
  

The DUST Model for mobile compliance and security prescribes layered security for smartphone devices coupled with new types of dynamic user authentication that manages risk-based thresholds based on the sensitivity of the requested resource. It outlines how new types of secured sessions must support traditional voice, VOIP and data over optimized and secure VPNs from the same originating device. In addition, transactions containing sensitive information are assured with trusted device foundations, users authenticated with dynamic risk-based methods and secure sessions.

The DUST Model for mobile compliance and security is best managed from a top-down cloud perspective to correlate device and user actions with session attributes and transactions across a wide scale. "The new DUST Model is the first end-to-end prescription for securing rapidly expanding mobile computing. The model will help vendors and businesses better manage the complex issues of compliance and security for smartphones, which soon will outnumber traditional wired computers."

About Compliance Research Group

Compliance Research Group (www.complianceresearchgroup.com) is a Denver-based analyst firm offering custom risk management research and marketing guidance to the IT, security and compliance community. The firm's principal analysts have decades of experience developing IT security strategies and consulting with enterprise IT organizations and solutions providers.

SOURCE Compliance Research Group

Source: PR Newswire

More News in this Category