Question

An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user's accounts is sensitive, and therefore, the organization wants to comply with the following requirements:

Active full-device encryption
Enabled remote-device wipe
Blocking unsigned applications
Containerization of email, calendar, and contacts

Which of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?

A. Require frequent password changes and disable NFC.
B. Enforce device encryption and activate MAM.
C. Install a mobile antivirus application.
D. Configure and monitor devices with an MDM.

Answer 1

Enforce device encryption, activate MAM, and configure and monitor devices with an MDM to protect data and meet the given requirements.

Step-by-step explanation:

The technical controls that would best protect the data from attack or loss and meet the given requirements are:

1. Enforce device encryption: By enabling full-device encryption, the organization ensures that the data stored on the devices is protected even if the device is lost or stolen.
2. Activate MAM (Mobile Application Management): This allows the organization to containerize the email, calendar, and contacts, ensuring that these sensitive data are isolated from the rest of the device and can be remotely wiped if necessary.
3. Configure and monitor devices with an MDM (Mobile Device Management): MDM enables the organization to enforce security policies, such as blocking unsigned applications, and remotely manage and monitor the devices accessing corporate data.

By implementing these technical controls, the organization can ensure that sensitive data is protected and the requirements of active full-device encryption, enabled remote-device wipe, blocking unsigned applications, and containerization of email, calendar, and contacts are met.