Oct 24 2014

Feds Adapt to Consumerization with Mobile Security Tools

Agencies choose mobile device management to support BYOD initiatives.

Federal agencies have a legacy of BlackBerry use, but ever since the consumer mobility wave hit, government IT managers have fielded requests from staffers wanting to bring their iPhones, iPads and Android devices to the office.

“We have about 140 users who are issued BlackBerrys, but many of our other employees wanted to bring their iPhones and iPads and Android devices to work so they could remain productive outside the office,” says Isaac Hernandez, director of IT operations for the Federal Energy Regulatory Commission. “If there’s a business need, we want to accommodate the staff, but we can’t compromise security.”


Increase in the number of mobile malware samples found by McAfee Labs in the past year

SOURCE: McAfee Labs, “McAfee Labs Threats Report,” June 2014

In response to the bring-your-own-device trend, FERC purchased IBM Fiberlink MaaS360 subscriptions roughly two years ago to secure users’ personal mobile devices. The agency allows workers to use their own devices to access the network, but only if they agree to allow the IT staff to install the MaaS360 software and abide by the agency’s acceptable use policies.

Today, MaaS360 supports more than 50 FERC users on a mix of smartphones and tablets. Last summer, the agency added the container feature offered in MaaS360.

“MaaS360 lets us track and remotely wipe lost or stolen devices, but the container feature that lets us segment the business from the personal data and wipe only the business data has made a huge difference to users,” Hernandez says. “People feel better now that, moving forward, if we’re going to wipe a device, it’s only going to be the agency data.”

Chris Silva, a Gartner research director, says organizations that are adding a lot of mobile devices look to enterprise mobility management tools to ensure the data is protected on the device and to apply policies across different user groups on a significant scale.

“These tools are as much about ensuring that management of mobile devices can be done efficiently as they are about placing an additional level of security on devices out in the field,” Silva explains.

Mobile and Secure

The U.S. Department of Agriculture also opted for a specialized mobile security product. Nancy P. Reeves-Flores, associate CIO for international technology services at USDA, says the agency deployed MobileIron to deliver a full range of mobile security features to the agency’s mobile users.

USDA uses the mobile device management tools for device location, remote lock/unlock, remote wipe for lost or stolen devices, application requests, software distribution and enhanced mobile reporting.

“We also use technology that enforces encryption of data residing on the device and transmitted from the device,” Reeves-Flores says. “It uses a secure encrypted container to isolate the government data from the device’s operating system. Monitoring and alerts provide our mobility support team with immediate notification of any security issues.”