A Conceptual Framework for Mobile Security Supporting Enterprises in Adopting Mobility
Nowadays enterprises demand mobility and flexibility of their workers as inevitable success factors.
Integrating mobile devices, namely smartphones and tablets, into the enterprise gives the employees possibilities to work more productively. However, this integration has also brought new security challenges and risks. Despite all the advantages of mobility, many organizations continue to procrastinate about it due to security concerns. Mobile devices are exposed to a wide range of threats that have to be countered. Simply porting information security standards from workstations, notebooks, and server domains to mobile devices is unlikely to be effective. Thus, from an enterprise point of view, security levels are not clear on mobile devices. Generally, a high level of security might be reached on mobile devices by setting a high level of restrictions. On the other hand, this might minimize user acceptance and satisfaction factors.
To address the issues mentioned above, a conceptual framework that supports enterprises in adopting Mobile Enterprise Applications (MEAs) is proposed. A risk analysis with focus on mobile devices is conducted. During risk analysis, potential security threats are determined and assembled in a list, along with their likelihood of occurrence and harm impact on business. Each security threat has a reference to one or more applicable security measures along with their consequences (restrictions) on mobile users. Furthermore, the proposed framework will not only determine the threats and measures for mobile enterprises, it will be enriched with a security check method. The method checks if the security concept of MEA, which is being designed, fulfills the security requirements needed to achieve a predefined security level.
This research is mainly intended to support enterprises in decision-making process when designing MEAs and will help them to understand mobile security issues and classify the MEAs into security levels. Moreover, the security transparency provided by the proposed framework promotes the trust-worthy usage of mobile devices in the business sector. The framework will be developed along with its guidelines and enhanced with a meta-model that describes its components and their relations.
Finally, the framework (the resulted artifact) will be evaluated descriptively by constructing detailed mobile business scenarios around the artifact to demonstrate its utility.