Several times in recent months, I have been asked to recommend some sort of mobile device security reference architecture. My initial reaction was sure, let’s have a look and see what Google brings up and we can evaluate those architectures. To my surprise, nothing came back!
It seems therefore that right now the World is lacking a good reference architecture document for mobile security. First off, if you know of a publicly available architecture, please comment at the end of this post. In that case: job done and we can all use it.
If one the other hand, no-one reading this knows of an architecture then is seems there is a real need for one. That’s where you come in. I’m happy to coordinate efforts to create this architecture but need input on two major issues:
As a starting point, Wikipedia had the following useful words describing a reference architecture. It’s:
For me, a picture is always the best starting point, so here is a picture of a basic security architecture.
As you can see, I’ve sketched out an architecture in which behind the firewall there is some form of server layer (perhaps and MDM) which is providing access to the internal email and application servers. At a glance I can see at lease one omission but that it really the whole idea. I can only define an architecture based on what I know. With input from others we might just be able to move toward a robust security architecture.