NIST’s Guidelines to Improving BYOD Mobile Device Security and Privacy
Over the last several months, Zimperium has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a mobile device security project.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released a draft practice guide, titled Mobile Device Security: Bring Your Own Device (BYOD), leveraging industry, government, and academic expertise.
“The NCCoE collaborated with industry stakeholders to provide a guide that businesses can use to integrate and configure the example mobile solution within their organization’s enterprise and to help achieve enhanced security and privacy throughout their enterprise,” said Gema Howell, NIST Computer Scientist.
This practice guide is for organizations that want to allow employees to use personal mobile devices to conduct their work while protecting organizational assets and end-user privacy. In addition to Zimperium, the NCCoE collaborated with technology vendors including IBM, Kryptowire, Palo Alto Networks, and Qualcomm to successfully develop an example solution that organizations can reference to adapt and adopt increased security for their mobility programs.
“With this project, the NCCoE focused on applying robust standards, industry best practices, and commercially-available products to address real-world challenges businesses face when deploying mobility programs,” Gema said. “The Mobile Device Security: Bring Your Own Device (BYOD) guide provides an example of how businesses can protect organizational assets and end-user privacy.”
This practice guide can help enterprises reduce their risk by showing how commercially available technologies, like Zimperium’s zIPS* can be used to improve the security of their mobile infrastructure.
We view BYOD as the direction most organizations are heading not just in response to the dramatic shift to working remotely, but also for the cost savings. This NIST guide brings forth what is needed by decision-makers to ensure BYOD can be executed more securely. Mobile Threat Defense (MTD) specifically, enables device integrity, which is critical to the popular notion of Zero-Trust. We applaud and thank NIST for their effort in bringing this guidance forward.
*While the example implementation uses certain products, including Zimperium’s zIPS, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.