Pro-Tip: Secure Not Just the Device, But the Data Too

Our recent mobile report explored many factors shaping the future of government mobility. But one aspect we didn’t touch on in the report was the concept of geo-fencing. Simply put, geo-fencing technology provides agencies with the ability to control mobile use in a defined location.

During an interview with Joe Marenin, US EliteBook Product Manager in the commercial PC division at HP, he provided a great anecdote about the power of geo-fencing:

“Imagine you are a federal government employee working on a top secret project, and secrecy is of the highest importance. Today, tablets and smartphones have microphones and cameras. You can easily turn on the camera, turn on the microphone, and that tablet or phone becomes a spying device. With geo-fencing, you can automatically, through software and central management, disable the webcam, turn off the microphone and just be able to use the tablet as a computing device when that tablet and user enters a particular building. And once they leave that building, the webcam, and the microphones are automatically re- enabled. If you want to make sure that data never leaves the premise, with geo-fencing, you can instruct the device so that if the tablet leaves the physical building, the tablet automatically goes through a de-sanitization process and permanently deletes all the data on the device.”

This kind of technology is one way that to protect critical information and manage the flow of data on your network. Geo-fencing also reenforces the importance of centrally managing devices, and understanding what devices have access to your network and when. By having an inventory available, and knowing when new devices access the network, your agency can work towards having a more robust security strategy.

Marenin’s quote reminded me of two important best practices we found in our mobile security report: 1 Secure not just the device, but also the data and 2. Pick the low-hanging fruit. For more, read below for a full explanation of these best practices (and make srue to download the guide here). Also, we’re having a great mobile event in D.C. in a month – so if you’re in the D.C. area, it’ll be another great chance for you to connect with your peers and learn about how to stay secure with mobile.

Best Practice: Secure Not Just the Device But the Data, Too

Our report finds that securing devices is often easy – but understanding how to secure mobile data is a challenge for agencies. For many security professionals, containerization has enabled agencies to control data while within the perimeter, but once the data leaves the container, security becomes more difficult.

To overcome this obstacle, agencies must invest significant time understanding how data moves within and outside the perimeter. To help you get started, consider the following questions:

  1. Who needs access to mobile solutions?
  2. Where do they need access?
  3. What kind of data do they need access to and why?
  4. What are high-value datasets? Is there a risk to providing access?
  5. What’s our plan if there is a breach? How do we wipe data and have data redundancy?
  6. As we inventory our devices, have we also prioritized our datasets and devices?

Best Practice: Pick the Low-Hanging Fruit

To remain secure, you must be sure that you have covered the basics. This means having the essential features of MDM set up, including the ability to conduct remote wipes, data encryption, and training on safe and secure passwords.

This also means that agencies should be able to assess what devices are on the network and who is accessing information.

An additional step is training employees. In many cases, your employees want to do the right thing — but they don’t know they’re putting the agency or themselves at risk with their mobile device habits and use.

These initial practices will make it one step harder for unauthorized access to affect your network. To make sure you’re taking care of the basics, ask yourself:

  1. When was the last security training held? What did it cover?
  2. How often are users required to change passwords?
  3. How do we authenticate users?
  4. What kind of encryption strategies do we use?
  5. Have we considered adopting role-based access?
  6. What do people need to do on mobile devices?

Read our report to learn more, and develop the confidence that you are adopting mobile in a safe and secure manner. Here are a few additional resources:

Want More GovLoop Content? Sign Up For Email Updates

HP’s mission is to invent technologies and services that drive business value, create social benefit and improve the lives of customers — with a focus on affecting the greatest number of people possible. Check out their HP for Gov group on GovLoop.

Leave a Comment

Leave a comment

Leave a Reply