Developing an Mobile Device Security Reference Architecture – Your Help Needed

Several times in recent months, I have been asked to recommend some sort of mobile device security reference architecture. My initial reaction was sure, let’s have a look and see what Google brings up and we can evaluate those architectures. To my surprise, nothing came back!

It seems therefore that right now the World is lacking a good reference architecture document for mobile security. First off, if you know of a publicly available architecture, please comment at the end of this post. In that case: job done and we can all use it.

If one the other hand, no-one reading this knows of an architecture then is seems there is a real need for one. That’s where you come in. I’m happy to coordinate efforts to create this architecture but need input on two major issues:

  1. What does a mobile application security architecture need to cover
  2. Suggestion about real-World architectures which both have and have not worked for you

As a starting point, Wikipedia had the following useful words describing a reference architecture. It’s:

  • A template solution for an architecture for a particular domain.
  • Provides a common vocabulary with which to discuss implementations

For me, a picture is always the best starting point, so here is a picture of a basic security architecture.

Initial thoughts on a security architecture

As you can see, I’ve sketched out an architecture in which behind the firewall there is some form of server layer (perhaps and MDM) which is providing access to the internal email and application servers. At a glance I can see at lease one omission but that it really the whole idea. I can only define an architecture based on what I know. With input from others we might just be able to move toward a robust security architecture.

Mike Way

Type to search

Do you mean "" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.