| Executives June 7, 2018
June 7, 2018
The federal government has moved aggressively in recent years to put mobile technology into the hands of its workforce. This is a positive step for both the agencies and the individual employees. These steps have increased employee productivity and have brought government use of mobile more in line with the private sector.
Unfortunately, it's inevitable in today's cybersecurity climate that increased use of mobile creates a potential attack vector for malicious actors. For example, mobile is now a key target for Advanced Persistent Threat actors.. These are called mobile APTs (mAPTs) and they take advantage of a smartphone's features and capabilities to turn it into the ideal weapon for cyber espionage. Batting Human NatureCompounding this threat is how humans use mobile devices. Convenience often supersedes following policy, leading to increased risk of security incidents involving mobile devices. According to a recently published report from Lookout, 96 percent of respondents said their agency had a mobile security strategy, and 94.5 percent said to enforce that policy they are using some sort of management tool, either EMM or Mobile Device Management (MDM). These tools are important for mobile security, and taken as face value these percentages are reassuring.
However, our survey revealed some sobering numbers regarding actual employee behavior using mobile:
Current mobile security efforts are falling short. People are bringing their devices into work whether their agency allows them to your not. According to a study we conducted in 2015, 27 percent of federal employees use their personal device for work email, and 24 percent use it to download work documents. This means that governments are not only facing how their employees use their GFE phones, they're tackling the issue of personal device usage as well. Any effective security solution needs to work with - not against - this fundamental premise.
A comprehensive mobile security solution must protect against the Spectrum of Mobile Risk, including:
These advanced solutions can be seamlessly integrated with existing EMM and MDM platforms to create true mobile protection for today's modern government agencies. Most mobile security providers integrate their various offerings with the leading EMM/MDM platforms, including Microsoft Intune, VMWare AirWatch, and MobileIron.
Once deployed, mobile security can detect new or emerging threats and then work with EMM/MDM solutions to remediate them. This integration provides businesses with significant policy flexibility by enabling a more precise matching of the risks posed by certain threats to particular remediation strategies.
The current status quo puts government data at risk. Agencies should move now to secure the mobile mission, rather than wait for these steps to be mandated.