5 Levels of Mobile Security

Mobile security forms a key component of a business’s overall security strategy. The use of mobile devices impacts all size businesses from small to large, highlighting the need for a robust mobile security solution. Earlier this year, Gartner Research released a report listing five levels of mobile security that can help business conduct a assessment.

Each business should assess their own response and preparation for mobile security while also considering the level of security required for their specific needs. Some organizations like healthcare and financial require a higher level of security due to the sensitivity of information exchanged and the regulatory compliance requirements. On the other hand, some businesses conduct a robust mobile engagement with customers and businesses alike. A comprehensive solution will take into consideration the way mobility operates within a given business.

  • Level 1 – Basic
  • Level 2 – Managed
  • Level 3 – Structured
  • Level 4 – Strategic
  • Level 5 – Optimizing

Movement up each level requires an investment of resources within the organization and the higher two levels obviously take the most time and money to implement. Not all organizations require the same level of mobile security. As you consider your business in relation to the security levels listed below remember that Integracon can help you develop a strategic plan for addressing all your security solutions from mobility to networks to security audits. Please keep us in mind for all your security challenges.

Level 1 – Basic

At a basic level, many organizations have a vague notion of the need for some type of mobile security, but they lack an awareness of mobile uses within the company and various security challenges that are already present. At this level, businesses are simply beginning to talk about the need for security and the specific challenges of their given organization. Oftentimes, companies end up in discussion due to a security problem that was connected to mobile devices.

There may be some limited security measures in place, but they are not managed consistently if at all, and little or no budget has been set aside for mobile security. The key challenge at this level is to get management support in terms of commitment to infrastructure development and policy enforcement.

Level 2 – Managed

As organizations learn their current challenges and the industry benchmarks for mobile security, they can begin to address challenges by mitigating risks and closing gaps in security. The management in conjunction with a security consultant has begun to focus on the particular challenges and develops a plan of response.

This will involve establishing and implementing mobile policies, introducing medium level security measures, implementing mobile device management (MDM), ongoing security health checks, and some type of basic profiling and role based access.

Level 3 – Structured

The move of level 2 to level 3 will be a major challenge, but will also result in the dramatic improvement of mobile security. Now management has invested in a mobility manager who takes responsibility for mobile security. MDM is now moving forward in a structured path with proactive security solutions being implemented among workforce as a well as a comprehensive security plan for mobile access to email and calendar.

The business is following industry-wide best practices including things like decomissioning devices and remote wiping processes within a short period (48 hours). The company is also conducting regular audits with penetration testing, and advanced security tools are in place for managing devices, applications, content and more.

Level 4 – Strategic

Transitioning from level 3 to 4 requires investment and considerable integration efforts. Companies with compliance requirements usually aim for level 4 security. Mobile security at this stage in integrated within the overall security strategy of the company. At this level, business must meet specific standards like risk oversight, direct involvement from the security department, ongoing feedback about mobile security shared with security department to help shape strategic planning. Ongoing collection of security metrics and response plans play a key role at this level. The software at this level supports advanced MDM with granular control.

Level 5 – Optimizing

Level 5 is for businesses that consider mobility the primary driver of business expansion. These business use mobility heavily for B2C and B2B engagement. At this level, businesses are driving change in mobile security and even advising software companies for future mobile security enhancement. In these cases, the CIO may play a key role in mobile security and may regularly report on mobility to the board.