Page 35 - Mobile Data Loss
P. 35
CHAPTER 4 4
Ensuring Mobile Compliance
Mobile devices are making their way not only into the Enterprise
through BYOD and Corporate Issued scenarios, but also in hospitals,
retail stores, traveling technicians, logistics, and many other industries.
Due to the sensitivity of the data on the mobile device, ensuring security
as well as compliance is important to many organizations. But as
previously mentioned, mobile devices architecturally are designed to be
very different from legacy PCs and Servers, therefore the traditional
security policies and legacy compliance requirements do not always
apply. This also impacts compliance security approaches and require-
ments as well. Let’s explore some of the most common regulatory,
industry, and government compliances.
PCI
More retailers are using mobile devices in their stores to improve the
customer experience, provide “line-busting” during heavy periods,
and better security in light of all of the retail breaches. But some of
the PCI requirements don’t map entirely to the design differences
of mobile device operating systems. A good example of one key
difference is anti-malware, as outlined in chapters “Understanding
Mobile Data Loss Threats” and “Mobile Security Countermeasures.”
Again, anti-virus alone on mobile can identify threats, but there are
many limitations to mitigating the threat. Therefore, EMM or MDM
is required to respond to the threat with a quarantine. These differ-
ences in mobile are what prompted the release of the Mobile
Payment Acceptance Security Guidelines, designed for mobile devices
running Point-of-Sale (POS).
As of this writing, PCI DSS 3.1 standards are now in-place (July 1,
2015). To support Mobile POS, the PCI Council also released the PCI
Mobile Payment Acceptance Security Guidelines, v1.1 in July, 2014.
Furthermore, Mastercard has set a deadline for the retailers to support
Mobile Data Loss. DOI: http://dx.doi.org/10.1016/B978-0-12-802864-3.00004-0
© 2016 Elsevier Inc. All rights reserved.
