NIST SPECIAL PUBLICATION 1800 -4 Mobile Device Security Cloud and Hybrid Build s Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How -To Guide s (C) Joshua Franklin Kevin Bowler Christopher Brown Spike E. Dog Sallie Edwards Neil McNab Matthew Steele This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800 -4 The original draft of this publication is available free of charge from: https://www.nccoe.nist.gov/projects/building -blocks/mobile -device -security/cloud -hybrid NIST SPECIA L PUBLICATION 1800 -4 Mobile Device Security: Cloud and Hybrid Builds Includes Executive Summary (A); Approach, Architecture, an d Security Characteristics (B ); and How -To Guides (C) Joshua Franklin National Institute of Standards and Technology Information Technology Laboratory Kevin Bowler Christopher Brown Spike E. Dog Sallie Edwards Neil McNab Matthew Steele The MITRE Corporation McLean, VA February 2019 U.S. Department of Commerce Wilbur Ross , Secretary National Institute of Standards and Technology Walter G. Copan, Undersecretary of Commerce for Standards and Technology and Director NIST SPECIAL PUBLICATION 1800 -4A Mobile Device Security Cloud and Hybrid Builds Volume A: Executive Summary Joshua Franklin National Institute of Standards and Technology Information Technology Laboratory Kevin Bowler Christopher Brown Spike E. Dog Sallie Edwards Neil McNab Matthew Steele The MITRE Corporation McLean, VA February 2019 This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800 -4 The original draft of this publication is available free of charge from: https://www.nccoe.nist.gov/projects/building -blocks/mobile -device -security/cloud -hybrid NIST SP 1800 -4A: Mobile Device Security 2 This publication is available free of charge from: https:// doi.org/10.6028/NIST.SP.1800 -4. Executive Summary ◼ Adopting mobile devices without the nec essary policies and management infrastructure in place increases the opportunities for attackers to breach sensitive enterprise data. ◼ The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) devel oped example mobile device and enterprise mobility management solutions that organizations can use to reduce the likelihood of a data breach. ◼ The security characteristics in this guide are informed by guidance and best practices from standards organizations. ◼ The NCCoE ʼs approach uses commercially available products that can be included alongside your current products in your existing infrastructure. ◼ The example solutions are packaged as a “how to ” guide that demonstrates implementation of standa rds-based, commercially available cybersecurity technologies in the real world. The guide helps organizations utilize technologies to reduce the risk of intrusion via mobile devices while saving them research and proof of concept costs. CHALLENGE Informati on technology (IT) environments have changed drastically because of the increasing popularity of smartphones, tablets, and other highly capable, rapidly maturing mobile devices. These devices have many functional similarities to traditional IT systems — including access to a wide range of enterprise applications and data, as well as additional functionality particular to mobile computing. This has greatly expanded the utility and value of mobile devices, enabling employees to do their jobs more effectively and efficiently. Unfortunately, security controls have not kept pace with the security risks that mobile devices can pose, not only in bring your own device (BYOD) scenarios but also in corporately owned and personal