Advances in mobile technology are making it easier for government workers to be more efficient and productive, and deliver more advantages to their colleagues and citizens who need their services.
The owners of homes and businesses destroyed by Hurricane Sandy, for example, were able to get faster responses to their claims from the Federal Emergency Management Agency than would have been possible during previous disasters – because FEMA employees were equipped with secure mobile devices for gathering and wirelessly submitting their initial damage assessments.
A new generation of secure mobile solutions eliminates the need for agents to draft handwritten reports and travel back to an office or staging point to type them up. The growth of this mobile mission – which began by supplying workers with devices to allow them to send simple email messages and make phone calls – has expanded to include smartphones and tablets with impressive computing power, creating many new operational advantages.
Greater efficiency brings some risks, however.
When a single device is used for tasks ranging from taking photographs to creating new documents to editing others' documents, uncompromised security is required. Some new applications, for example, may contain personally identifiable information, that must be kept strictly separate from native or personal applications on the device.
Other solutions may give users access to remote resources – making security even more essential since a breach of their mobile device could lead to a breach of internal systems.
Addressing Enterprise Security Requirements
How can agencies and working groups protect their data while still giving employees and contractors the mobile access and tools they need? The focus has to be on protecting people, information, and the broader infrastructure.
Mobile device management, the mainstay of many agencies' security protocols as they started using mobile technology, takes care of the basics – enabling phone calls and email, and monitoring who is using the device.
However, those basic functions are not enough. Today's best-of-breed mobile software and devices provide unified enterprise technology solutions that deliver capabilities ranging from secure voice communication to application-level security to digital rights management. Not only do they deliver the security and reliability that agencies need today but they include advanced functions and protocols that anticipate and fulfill requirements that will likely be needed in the near future, as processes and requirements evolve.
Mobile Security Procurement Checklist
If your agency is researching new mobile security solutions, consider the following issues:
- Does a potential solution provide a range of secure, trusted technologies – from software to devices to communications networks?
Secure solutions must protect the three C's – content, credentials, and configurations. And they must do this across all of an organization's devices and systems – even in the cloud.
As you assess the solution's security, consider what types of encryption are offered: Does the solution meet the minimum federal requirements, such as FIPS 140-2? And does it use AES-256 encryption? Ensure the system offers state-of-the-art encryption and security.
- Do candidate vendors deliver holistic, end-to-end communications, rather than focusing on just a single device or a single app structure?
Mobile devices are personal and it's wise to support your end-users desires for a broad range of experiences, It is wise to invest in devices with a rich assortment of security features. But in order to optimize functionality, mobile devices must interact with other components on the network – and thus security must extend beyond the device. The most effective uses of mobile devices allow users in the field access to secure internal content – enabling them to edit documents from a mobile device, for example.
Typical security features – passcodes, encryption on the device, and an ability to remotely wipe the device if it becomes lost – are not sufficient for all applications and data that may be accessible. Mobile devices have vulnerabilities at the local, network, and cloud levels. Even with some precautions in place, there are ways for users to unintentionally leak content and data. There are also a number of ways that attackers can hijack data or access keys to back-end resources.
Therefore, an end-to-end enterprise-oriented focus on security is essential.
- Has your agency contracted with consultants who possess expertise in helping government organizations and employees develop and implement privacy and security measures?
A transition from one type of technology to another is not always smooth – users may assume that a new system works similarly to the old one and then discover that it does not. Mobile environments are growing more complex, and the same new demands that led an agency to purchase a new system may make implementing it more complicated.
Agencies often have specific requirements that private sector companies do not. Finding consultants familiar with government environments is critical. The best consultants will be able to help you identify – and avoid – the pitfalls and risks of new systems.
- Does your agency's security strategy recognize the new ways government workers are increasingly using connected systems and devices?
Few government agencies encourage employees to Bring Your Own Device, or BYOD. But even when the agency is providing the device, it is naïve to think that no personal activity will take place on it.
Smart phones, for example, were originally created as consumer devices, and require the user to participate in the activation process. They are so consumer-driven that it is both easy and likely for users to check their personal email, snap a non-work-related photo, or download the latest game in between submitting work reports from the field.
Protection from the native content and the consumer-grade applications is a necessity.
Multi-Layered Content Protection
Best-of-breed enterprise mobile security solutions make it easy to separate personal activities on smartphones, tablets, and laptops from critical government content.
This strategy recognizes the reality of how today's employees work – while keeping critical data safe.
By asking and answering the important questions, government entities can be sure they are selecting a mobile solution that is adequately secure, scalable, and operationally practical.