Almost half of the federal workers surveyed in a recent study admitted they used poor mobile app security
practices. According to a Mobile Work Exchange and Cisco Systems study
, 31% of respondents said they've used public Wi-Fi networks. 52% reported that they don’t use multifactor authentication (or any type of data encryption). In addition, an amazing 25% reported they do not use passwords on devices used for work. This study, combined with the security concerns with stolen or lost devices, indicates a real need for better federal mobility security practices.
"Ensuring policies are being enforced is the best way to secure critical government data. Closing this gap equips government employees with the knowledge to thwart potential security breaches", says Cindy Auten
, Mobile Work Exchange’s general manager.
It’s no secret that the federal government has been slower to adopt mobile infrastructure than the corporate world. However, the government is moving forward with the monumental task of integrating mobile devices into its complex infrastructure.
In order to do this successfully, civilian and defense agencies are creating pilot programs to develop standards to address the government’s unique security requirements. This is likely to create new opportunities for contractors who are willing to meet the government’s strict requirements for mobile access.
The NSA is responsible for making sure classified-level IT systems for the entire government have the proper levels of security. They've stated that some commercially available technologies are not “sufficiently developed” in the area of mobile device management. “The NSA highlights its need for dynamic policy management solutions that can be enterprise-controlled, but react to device types, user locations, and other parameters", says Jon Yim
, director of Kipps DeSanto & Co.
According to Mr. Yim, “The National Institute of Standards and Technology (“NIST”) is close to releasing Special Publication 800-157, Guidelines for Personal Identity Verification Derived Credentials, addressing authentication technologies for mobile devices, which has been among the biggest obstacles to mobile adoption. While this publication brings government agencies closer to implementing a comprehensive mobile infrastructure, adoption will face further challenges, and likely require additional technological development.”
After researching part of its July 2013 Mobility Capability Package, the NSA determined that they have not been able to find commercially available off-the-shelf software that meets their requirements for mobile device management. It may be that the NSA will be forced to custom develop software in order to fit the requirements.
BYOD and the government
Like most organizations, government employees would like to bring their own devices (BYOD)
to the workplace. Currently, the implementation has only focused on government furnished devices. However, a future step may be to allow a true BYOD infrastructure which would allow employees to bring personal devices to access secure government networks. This would include app servers that would allow fully customized version of enterprise mobile applications
with the proper security built in.
To learn more about overcoming MDM interoperability issues and mobile security in an app-centric Federal environment, attend the webinar we are hosting with FedResults on Thursday, August 14th at 11:00 AM ET / 8:00 AM PT. Register now.