Key Security Implications of a Heterogeneous Device Approach
Question
A company provides mobile devices to its users to permit access to email and enterprise applications.
The company recently started allowing users to select from several different vendors and device models.
When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?
A.
The most common set of MDM configurations will become the effective set of enterprise mobile security controls. B.
All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries. C.
Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors. D.
MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
C.
Explanations
A company provides mobile devices to its users to permit access to email and enterprise applications.
The company recently started allowing users to select from several different vendors and device models.
When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?
A.
The most common set of MDM configurations will become the effective set of enterprise mobile security controls.
B.
All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries.
C.
Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors.
D.
MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
C.
The key security implication of allowing users to select mobile devices from different vendors and models when configuring Mobile Device Management (MDM) is that certain devices are inherently less secure than others, which will require compensatory controls to address the difference between device vendors. Therefore, the correct answer is C.
The heterogeneity of device models and vendors within the enterprise mobile security architecture presents a challenge for security teams as they must address security controls based on the unique security features and vulnerabilities of each device. Some devices may have more inherent security controls, while others may have known security weaknesses. As such, an enterprise's security strategy must account for the security posture of each device, taking into account the risks and compensating for any security deficiencies.
To mitigate the risk, compensatory controls such as device-specific policies, data encryption, and strong authentication can be put in place to address any identified security deficiencies. In some cases, an organization may need to prohibit the use of certain devices altogether if they do not meet the organization's minimum security requirements.
It is worth noting that answer A is incorrect because the most common set of MDM configurations will not necessarily become the effective set of enterprise mobile security controls. Answer B is incorrect because not all devices need to support SCEP-based enrollment, and the architecture's heterogeneity does not unnecessarily expose private keys to adversaries. Finally, answer D is incorrect because modern MDM solutions support heterogeneous deployment environments, allowing different devices and vendors to be managed from a single console.
