In 2015, over 61 percent of private sector employees reported working outside of the office – typically on three or more devices. Businesses have kept pace. According to Citrix, the number of managed devices increased by 72 percent over one year, showing how organizations have expanded their resources. Not only does government have the means to match the proactivity of the private sector, but it must get a handle on this trend before employees adopt practices outside of policy.
Security is the highest priority of every agency – and it’s little wonder why. Mobile device infections increased by 83 percent between the first and second half of 2016. The incidence rate of nearly one percent across all cellphones appears to indicate the issue isn’t as dire as regulators claim, but malware isn’t the only way systems are compromised or data is stolen.
Step 1: Device Management
Another private sector example– this time from the financial industry – shows the potential consequence of incomplete device policies. A report that tracked sources of data breaches from 2006 onward found that over 25 percent of data loss occurred from lost or stolen devices, beating out hacking, insider leaks, or accidental disclosures. Knowing that negligence is the greatest offender should give most administrators reason to pause.
The solution? Manage all known devices on the network and user permissions. The incidence rate would decrease significantly if employees couldn’t permanently store files on their devices. Preventing unauthorized access to files, blocking unauthorized access to networks, and managing which devices can access these assets all offer ways to regulate file sharing. Enterprise mobility-management (EMM) platforms offer containerization features to securely house files without giving full access past the locked screen.
Step 2: Security
Smartphones, with their potential for instant communication, support many business activities, including team collaboration. However, this liberalization of communication comes with trade-offs, such as unencrypted text messages.
Moreover, this traffic isn’t just threatened internally and domestically, but in the case of agencies such as the Department of Defense, cellular data becomes a potential target of foreign actors. According to a joint statement that included James Clapper, U.S. National Intelligence Director, more than 30 countries are developing cyber offensive capabilities. and consumer-grade devices like smartphones offer paths into the back ends of agency networks. Containerization allows employees to protect their devices with military-grade firewalls, preventing wholesale access even if a device is compromised.
Step 3: Control
After the infamous Office of Personnel Management data breach in 2015, control has dominated federal priorities. The lapse in control allowed the hackers to export the files of federal employees directly to outside websites. With EMM platforms, policies can be enforced on documents so that they only display with correct credentials no matter their location. Even if another attack like the OPM breach occurred, the exported data would be useless without the decryption key.
Control doesn’t come through more restrictive security policies that fail when employees lose devices or through more firewalls that cannot prevent access to a document once they’re breached. Only by managing with a holistic approach – who can access the network, what traffic they can send and if they can view specific files – can organizations get a handle on mobility and reap its benefits.
Click here to learn more about EMM platforms and how they can manage all aspects of mobile traffic to enforce security policies.