Managing Federal Mobile Application Security with MAM®
In today’s always-on-the-go, bring-your-own-device (BYOD) world, employees want to connect to work through their mobile devices because it gives them more flexibility and makes them more efficient -- and what company doesn't want its workers to work better and smarter? The problem is that IT managers have to manage mobile application security concerns by protecting sensitive corporate data while enabling their employees to be more productive. This is where mobile application management (MAM®) can come into play. But it’s not only enterprises in the private sector that are struggling with the mobile application security challenge -- federal agencies face the same problems. Federal agencies have to deal with mobile security issues that include employees losing smartphones or tablets which could give unauthorized people access to their networks and sensitive data. Additionally, an employee could unwittingly download an application containing malware and infect an agency’s network. The answer is to plug these security holes by focusing on the apps that employees download. This includes; restricting which applications may be used and installed, restricting the permissions assigned to each application, installing and updating applications, restricting the use of synchronization services, verifying digital signatures on applications, and distributing the organization’s applications from a dedicated enterprise app store. Application vetting and certification is also important as it sets security, performance, and other requirements that applications must meet and determines how proof of compliance with requirements must be demonstrated. The federal Chief Information Officers Council agrees that the threats to networks from malicious or vulnerable mobile applications can be mitigated by following best practices for secure application development, as well as the use of application whitelisting, which only allows the installation of mobile applications from an authorized enterprise app store, and application blacklisting, which disallows installation of known vulnerable applications. As part of the mobile application lifecycle, the CIO Council recommends that government agencies also develop a process for vetting enterprise mobile apps to check for vulnerabilities and malware, and digitally sign apps that have been approved. “To manage and secure mobile applications, the [federal agencies] will need to establish guidelines and an environment for mobile application development and testing, and develop a process to vet, certify and sign approved apps,” the CIO council notes. “A MAM solution (product or service) will be required for mobile application management, monitoring, and distribution to [federal agencies] government, or allowed public application stores. The MAM will need . . . to provide app whitelisting and blacklisting services, and to provide apps and updates for installation on managed mobile devices.” We agree that to protect what matters most -- sensitive agency data -- mobile application management (MAM) is the answer. The best approach to protecting sensitive data is with an enterprise mobility solution focused on MAM™, often used with an enterprise app store, or in this case an agency app store. With a MAM™ strategy, federal IT execs can secure and control agency data by managing the enterprise apps that are allowed to access that data. Using MAM™, agencies can encrypt, set, and enforce policies for apps including how they store and share documents. If a device goes missing, IT can wipe the device of sensitive data on demand or remove just the apps they are managing. Additionally, mobile app management tools enable federal IT manager to develop, test, deploy, and control in-house and third-party mobile apps. Not only that, but employees can also download and use IT-approved and provisioned mobile apps from the agency’s enterprise app store. With MAM™, agencies can also control which workers have access to which apps, depending on their jobs. Just as in the corporate world, more and more government employees will want to access their agencies’ networks from their own devices -- and that means federal IT execs must turn to a MAM approach to ensure their workers are productive and their data is secure.