According to Deniece Peterson, director of federal industry analysis at Deltek, security remains the greatest barrier to mobile adoption in the federal IT space.
Government agencies, particularly the Defense Department, preferred BlackBerry products for so long because they passed the department’s rigorous security standards.
The idea of derived credentials has gained momentum among security-sensitive agencies, Peterson says. The system would play off the Common Access Cards (CAC) that DOD personnel already use, where the card must be plugged in to a reader in order to gain access to sensitive department information.
While a CAC card would not work for a device, plans for a token or similar system have gained momentum, especially as the cry for a wider range of devices continues to grow.
Many agencies install mobile device management (MDM) to help with security. AirWatch, Maas360, MobileIron, Citrix and Intel serve as industry leaders for MDM platforms that allow administers to control the activities of their employees.
Those features don’t restrict work-related uses of a device, but limit actions such as downloading malicious software or accessing sensitive information over an unsecure network. Those solutions allow departmental security leaders to ensure federal employees use devices in ways that do not increase risks.
Faisal Iqbal, the chief technology officer of public sector at Citrix, advises going one step further by deploying enterprise mobility management (EMM) solutions.
“EMM can help manage a mobile program by supporting the mobile work styles people rely on to get their work done, wherever they can be most productive, all with the freedom of choice for both devices and apps,” he says. “EMM also allows for restricted containerized mobile work environments that keep work, personal information and apps separate and offer other options for protecting vital apps and data in the event a device is lost.”
Rajan says that, along with protecting devices, agencies can also protect content through tools such as the AirWatch Content Locker, which allows agencies to exert FIPS encryption to files accessed on a device and set up data loss prevention features. For instance, IT managers can restrict a file from opening on a third-party application or attaching to an email. Content Locker also watermarks data to further guard against data loss.
Evolving Security Protections
Mobile security options continue to evolve. While MDM platforms provide an outer layer of security, Siegel says the future will offer more hardware-based approaches that focus on areas such as chip-level security.
“Microsoft has done a great job including security in its hardware,” Siegel says. “While MDM serves a purpose, security will continue to evolve past it.”
As more devices use cloud-based or virtualized systems, continuous monitoring technologies will also enable administrators to see problems faster and greatly reduce remediation time.
Products such as the Samsung Knox offer attractive alternatives, featuring encrypted workspaces and a virtualized application container that allow applications to be fully tested in a specific environment without fear of introducing harmful code.
“Mobile security still has a long way to go,” Siegel says, “but it is evolving.”