Page 627 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 627
range of devices and can operate across many service providers. You
can use MDM to push or remove apps, manage data, and enforce
configuration settings both over the air (across a carrier network) and
over Wi-Fi connections. MDM can be used to manage company-owned
devices as well as personally owned devices (such as in a bring your
own device [BYOD] environment).
Device Access Control
A strong password would be a great idea on a phone or other mobile
device if locking the phone provided true security. But many mobile
devices aren’t secure, so even with a strong password, the device is still
accessible over Bluetooth, wireless, or a USB cable. If a specific mobile
device blocked access to the device when the system lock was enabled,
this would be a worthwhile feature to set to trigger automatically after
a period of inactivity or manual initialization. This benefit is usually
obtained when you enable both a device password and storage
encryption.
You should consider any means that reduces unauthorized access to a
mobile device. Many MDM solutions can force screen-lock
configuration and prevent a user from disabling the feature.
Removable Storage
Many mobile devices support removable storage. Some devices
support microSD cards, which can be used to expand available storage
on a mobile device. However, most mobile phones require the removal
of a back plate and sometimes removal of the battery in order to add
or remove a storage card. Larger mobile phones, tablets, and notebook
computers may support an easily accessible card slot on the side of the
device.
Many mobile devices also support external USB storage devices, such
as flash drives and external hard drives. These may require a special
on-the-go (OTG) cable.
In addition, there are mobile storage devices that can provide
Bluetooth- or Wi-Fi-based access to stored data through an on-board
wireless interface.
