An enterprise security architecture for accessing SaaS cloud services with BYOD

In contemporary times IT plays a major role in enterprises' business processes. Companies pursue the adoption of new technological trends in order to improve their business in terms of both performance and efficiency so that they can keep up with the fierce market competition. However, the emergence of cloud computing technology and the opportunity for employees to work using their personal smart phones through the adoption of Bring your own Device (BYOD) policies introduce additional risk for the enterprise. In this paper we propose an enterprise information security architecture for accessing SaaS cloud services by Smartphone BYOD. This architecture is based on the SABSA security architecture framework, which consists of the hardware, software and service-oriented security components that can reduce the aforementioned risks to acceptable levels.

[1]  Hyeokchan Kwon,et al.  Efficient Mobile Device Management Scheme Using Security Events from Wireless Intrusion Prevention System , 2013 .

[2]  C. Yeun,et al.  Cloud computing security management , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[3]  Sougata Mukherjea,et al.  Securing Enterprise Data on Smartphones Using Run Time Information Flow Control , 2012, 2012 IEEE 13th International Conference on Mobile Data Management.

[4]  Richard Walters The cloud challenge: realising the benefits without increasing risk , 2012 .

[5]  Marianne M. Swanson,et al.  Recommended Security Controls for Federal Information Systems , 2005 .

[6]  P. Bowen,et al.  Information Security Handbook: A Guide for Managers , 2006 .

[7]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[8]  Joan Hash,et al.  SP 800-100. Information Security Handbook: A Guide for Managers , 2006 .

[9]  Joint Task Force Recommended Security Controls for Federal Information Systems and Organizations , 2009 .

[10]  Feng Liu,et al.  SaaS Integration for Software Cloud , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[11]  Dongho Won,et al.  Security Requirements of a Mobile Device Management System , 2012 .

[12]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[13]  Timothy Grance,et al.  Guide to Selecting Information Technology Security Products , 2003 .

[14]  Andrew Walker-Brown Managing VPNs in the mobile worker's world , 2013, Netw. Secur..

[15]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[16]  Antonio Scarfò,et al.  New Security Perspectives around BYOD , 2012, 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications.

[17]  Jeong Hyun Yi,et al.  Smartphone Remote Lock and Data Wipe System Based on Message Authentication Codes , 2011 .