In our most recent resource entitled, “Agency of the Future: Guide to Mobile Security in Government” (you can download it here), I had the chance to interview two senior leaders in government:
- Rick Holgate, chief information officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives.
- Bradley Nix, chief information security officer at the Department of Agriculture’s Food and Nutrition Service.
I gleaned their insights around implementing a mobile security posture in government. With this blog post, I wanted to summarize their main points and encourage you to read the full interviews with them in the guide:
1. Deploy flexible models. “We need to get more comfortable with things like relying on proper user behavior, but also monitoring user behavior on devices.”
2. Leverage existing controls. “If someone is doing something on e-mail that looks unusual, most enterprise tools have inherent monitoring built into the enterprise services.”
3. Develop sound policy. “We have one for anyone using an enterprise device [and] one for people who are not using an agency-issued device to access agency information.”
4. Engage your end users. “The users group will help us to identify particularly attractive applications that are truly productivity.”
5. Take a user-centric approach. “Take a more user behavior-centric approach to mobile security, allowing more latitude, which is a very different model than we are used to, which is more control-oriented and control-centric.”
6. Think outside the box. “Consider publishing some of these services that we’ve initially kept internally, but make them available in a way that’s secure yet accessible from outside the enterprise.”
1. Provide practical training. “Sometimes people look at training and think it won’t give enough bang for what you are paying, but this is very important not only for mobile security, but also for security in general.”
2. Context is critical. “We need to help users respect the data and make sure they are taking care of the data through the same level of vigilance when they are operating in different capacities.”
3. Create feedback mechanisms. “Create an opportunity to interact with end users on a one-on-one basis to give them a better idea of what they are looking at and what they should be considering when they get [spam] communications.”
4. Know your data. “We need to do a better job of identifying types of data so that when we get to a place with the technology, we can better segment the different types of data that we are allowing for different devices.”
5. Think enterprise vs. device. “Be concerned more about controlling the virtualized environment of the devices rather than controlling the devices themselves.”
6. Assess your ‘risk bubble.’ “Understand the risk bubble that surrounds a business implementation and the degree
Which tip(s) most resonate with you?
Again, I’d encourage you to read the full guide. You can find it here: “Agency of the Future: Guide to Mobile Security in Government” or click here to download it now.
SPECIAL THANKS TO OUR SPONSORS:
We also thank Carahsoft and their partners: Symantec, EMC, Adobe, Ironkey, BoxTone, Good Technology and VMWare, for serving as the exclusive sponsors of this guide, underwriting the research and interviews that led to this report.
- GovLoop’s Mobile and Cybersecurity Hubs
- Agency of the Future: Cloud Computing
- Agency of the Future: Customer Service
- Agency of the Future: Open Source
- Agency of the Future: Telework
Want More GovLoop Content? Sign Up For Email Updates