When it comes to delivering services online, the government is far behind the commercial sector. Legislators has taken notice. A bill working its way through Congress would require government agencies to take a mobile-first approach to delivering services. The 21st Century Integrated Digital Experience Act (IDEA Act) is just one of the signs that the government is serious about modernizing its technology.
That said, transformations this big in scope always come with challenges, particularly in relation to security concerns. With mobile, the concerns are particularly thorny, since security now applies not only to the environment or the application, but the device itself. It’s no wonder that mobile is the new frontier for rogue actors, hackers and nations with cyberattack capabilities.
The good news is that CIOs are likely to be given more authority and autonomy over federal IT budgets, so that when new technologies become available, slow procurement cycles don’t prevent agencies from integrating them. Despite this flexibility, however, agencies leaders still have to make decisions about how to mitigate the risk from mobile devices.
Here are 3 trends for agencies to consider when managing their mobile devices.
Strive for the ‘Single Pane of Glass’
Agencies are driving toward the “single pane of glass,” meaning a consolidation of how they manage devices, in terms of updates, upgrades to software, education and training. Right now, agencies not only have different ways to manage PCs versus laptops versus mobile devices, they also have multiple ways of managing each of those categories. The trend is toward having a single MDM program or platform, or as few as possible, as vendor solutions have evolved encompass different devices and platforms with the same level of security.
Likewise, agencies want to reduce the number of networks on which users can connect. Fewer ports means fewer opportunities for a hacker to intrude. The ultimate goal is a centralized system where agencies can manage everything that’s connected on a network: Mobile, tablets, PCs, laptops … even air conditioning units and any other devices with sensors.
Policy Enforcement Is Critical
More important than having a specific hardware or brand or type of device, the best defense against intrusions into mobile devices are good policies. Government agencies already use management systems to secure the PCs on their networks. That knowledge and those policies can be applied to mobile device management as well. In other words, the best approach to managing mobility is to start with the policies and systems that the agencies already have in place.
Still, with millions of phones in play, it’s important to have all phones up-to-date so that the most powerful encryption is embedded. The applications on the phone also have to be updated in a timely manner. From a technology standpoint, policy enforcement keeps improving.
For instance, one of the best tools available is notifications from the IT department to users. Technology makes it easy to mass distribute text messages to users, alerting them that they need to be in compliance by a certain date. The same technology informs them of the need to report back that they’ve complied. If they don’t, enforcing compliance is critical, because the longer a user operates a system without the most current patches, the more a vulnerability grows.
Take a Second-Look at Security Containers
Beyond enforcement, agencies can make use of applications on mobile devices that separate personal data from government agency. These security ‘containers’ isolate the government data by controlling and encrypting the use of sensitive data, and they’re set to prevent distribution of the data from the phone.
Security containers of the past used to be somewhat unwieldy, but they’ve improved and offer seamless integration with environment.
They’re being widely adopted in the government because of the security levels they provide, including the use of multifactor authentication. If a user wants to access their government email through their mobile device, for instance, it can be set up so they have to get permission first. If the phone is lost or stolen, the data is protected, since anyone trying to access the sensitive data lacks the second authentication factor.
Hear more from Paul Battaglia on how government agencies can find the balance of security and mobility in an increasingly connected world during his interview on Federal News Radio.