Not a Member?  Become One Today!

 
Feds Take Steps to Make Mobile Devices More Secure
 

By Aliah D. Wright  4/22/2014

 

As more people and companies embrace wearable technologies—or sometimes what’s affectionately being called the “Internet of Things”—employers are figuring out ways to keep secure the data accessed from these and other mobile devices.

Last year, according to a report from Cisco and the Mobile Work Exchange, more than 526 million mobile devices and connections were brought online worldwide, and global mobile data traffic grew 81 percent.

“Mobile devices are no longer a luxury,” according to Managing Risk in a Mobile World. “They are a necessity, and consumers, organizations and agencies rely on them to stay productive. The term mobility is no longer the future of the workforce; it’s here today.”

And while cybercriminals wait for any opportunity to access sensitive employer data, the federal government hopes to make a pre-emptive strike through policy and awareness, especially as more people telework.

The U.S. Office of Personnel Management reported in 2013 that more than 47 percent of the entire federal workforce of 2,157,668 is telework-eligible. In addition, “more agencies are putting BYOD—bring your own device—policies in place to accommodate a more distributed workforce. Viewed in its simplest terms, if the number of mobile devices grows and the number of federal remote workers grows, then the threat increases as well,” the report stated.

Mitigating Risk

To mitigate the risk of cyberattacks, the federal government instituted the Continuous Diagnostics and Mitigation (CDM) program in 2012. It is housed within the Department of Homeland Security and provides tools to federal agencies to “combat cyber threats in the civilian ‘.gov’ networks,” according to the U.S. General Services Administration’s website.

“The CDM approach moves away from historical compliance reporting and toward combating threats to the nation’s networks on a real time basis,” the site states. That can only be done with continuous monitoring and refocusing policies surrounding data protection around data and not devices, IT experts said during Mobile Work Exchange’s 15th annual Town Hall, held April 10, 2014, in Washington, D.C.

“What we need to focus on going forward is what we’re trying to protect … data,” said Robert Palmer, acting deputy executive director of the Enterprise Systems Development Office for the Department of Homeland Security.

“The reason we find it so hard to deploy solutions is that we’re taking policies and making [them] compartmentalized,” he said, adding that the policies shouldn’t focus so rigidly on devices. “Let’s put the protection around the data and then your policies around devices, etc., can become a little bit more agile and flexible.”

For example, experts said organizations large and small, public and government, can take lessons from app developers.

“If I go to iTunes or Google play and I want to rent a movie … they have my account and credit card information,” said Kevin Cox, assistant director of Information Security Technologies and chief information officer for the security staff at the Department of Justice. “I download it. It expires. But it’s that idea of identification—who it’s assigned to and the expiration date. The technology is there. We are so much more concerned about the device, [instead of] what … the user is interacting with.”

Panelists also told attendees that while security is paramount, the buck shouldn’t stop at the end user.

“Security is everybody’s job,” Palmer said. “There are some things you can do, but as deployers of that technology, we have to take some steps to put fail-safes in place. Not every user is going to take that initiative, but we have to put some steps in place to make sure there’s a mechanism in place to catch it.”

Aliah D. Wright is an online editor/manager for SHRM. She is the author of the best-selling A Necessary Evil: Managing Employee Activity on Facebook, LinkedIn … and the Hundreds of Other Social Media Sites (SHRM, 2013).

Copyright Image Obtain reuse/copying permission