As government goes mobile and makes greater use of cloud services, IT leaders must adopt a more data-centric, not device-centric, security approach.
9 Android Apps To Improve Security, Privacy (click image for larger view)
In Gartner's latest quarterly PC sales analysis, it's hard to miss the enormous shift away from desktop and laptop PCs toward tablets and smartphones. Worldwide PC shipments in the second quarter were down 10.9%
from the year before, marking the fifth consecutive quarter of falling sales.
U.S. government agencies are following this trend and, in some cases, even leading it. According to a Mobile Work Exchange report released in May 2013, many federal IT executives say they have launched new internal and customer-facing mobile applications, including apps for timecards, document sharing, inventory tracking, and weather watch and warning systems. A solid 59% of agencies has developed an enterprise-wide inventory for mobile devices and wireless contracts.
The good news is that these federal users say their agencies are realizing the benefits of access to mobile devices, including improved communication with colleagues in different locations, employee productivity and availability to constituents.
The shift toward tablets raises an important issue that promises to change the data governance dynamic for most agencies. Since iPads and other tablets have limited on-device data-storage facilities, we must ask: What about the data? Where is it stored and how is it protected?
According to the Mobile Work Exchange report, 73% of government respondents admit security and the ability to protect sensitive information across devices is the top barrier to going mobile.
[ After two major breaches this year, you have to wonder whether the DOE is serious about security. See Department Of Energy Cyberattack: 5 Takeaways . ]
So while many agencies are adopting tablets and other devices and moving to the cloud, which supports anytime/anywhere computing, doing so without the proper data protection strategy and controls puts that data at risk.
The challenge this creates for government IT is significant, as very few legacy endpoint security technologies can reliably extend their protection into the cloud. Not only this, but there are regulatory hurdles to be met when it comes to moving data into and across the cloud, as well as storing or replicating data on mobile devices.
A report published in March from the Department of Defense inspector general's office on the effects of BYOD on U.S. military data security found that the military command was unaware of more than 14,000 commercial mobile devices in active use across the Army. The report's findings are a classic example of what happens on the data security front in very large organizations.
Just like a large enterprise, not only do government agencies need security policies, they need the technology in place to enforce those policies and ensure the proper governance surrounding the data as it flows into, across and out of the organization. A lack of technology to both enforce the required security policies, as well as control what happens to the data, whether it is held in a local or cloud environment or even across a mobile device, creates a huge data exposure risk that exists across all unknown devices.
Effective data security is already a complex issue for most IT and security departments, but adding mobile access -- with all the challenges this entails -- changes the ballgame significantly. As more agencies embrace mobile access to corporate data, it is imperative that the information governance systems they use take a data-centric approach to business security.
That's one of many reasons why encrypting the data as it is used and moved across a network, through the cloud and over mobile devices assumes significant importance. Encryption takes data protection to a completely new level.
As we've seen, it only takes one email and attachment containing sensitive materials to fall into enemy hands to create a breach that's difficult to contain. Given current budget pressures and the challenge of getting users to willingly encrypt their data and overcome their worries that data encryption will hamper productivity, there is plenty of resistance to properly managing data over today's mobile networks. However, the stakes for not adopting a more data-centric security approach are high -- and growing higher -- as more workers turn to mobile devices to do their work.