The latest mobile innovations in government operations
Securing mobile devices throughout the United States government is no easy feat. The government uses of mobile devices continue to grow over time, and according to research from FedScoop, 49 percent of federal employees rely on their personal smartphones to do their jobs. Another 74 percent use personal tablets for work purposes.
At the federal level, enacting the necessary security changes is an uphill battle. Federal agencies must implement changes without exceeding restrictive budgets, and they must go through bureaucratic approval processes that hinder the rate of mobile innovations.
Meanwhile, many security measures available for consumer devices, such as biometric tools like fingerprint readers and eye scanners, are not government grade and therefore can’t be used, according to Computer World. Even the mobile devices themselves — including hardware from leading manufacturers — don’t clear government-grade regulations, which means the task of raising mobile security to meet government standards is both costly and time intensive.
Even so, government IT professionals are finding ways to upgrade security that better protects federal mobile devices. Here’s a look at how this strategy is taking shape:
Mobile threat detection
Mobile threat detection software (MTD) uses machine learning to evaluate devices for behavior anomalies that might indicate a vulnerability or breach. The data and behaviors used by this software are not high-level data sources themselves, but MTD is able to monitor patterns and changes in behavior in a way that allows for near-instant responses to potential breaches.
According to the Computer World article mentioned above, if an irregular behavior occurs that reflects possible malware or the creation of a vulnerability — such as an employee turning off their device password, or a user approving a connection and data sharing with an unauthorized source — the MTD solution can instantly freeze access, deny permissions to certain data or lock the phone entirely until IT personnel are able to address the issue, investigate the root behavior and verify that the device and network are both secure. Before MTD, it was possible for such vulnerabilities to go undetected until a cyber attack or data breach struck.
Remote device management
To protect government employee devices operating outside of an agency building, IT professionals have been implementing remote device management to control permissions and protect sensitive data and assets from falling into the wrong hands.
According to the FedScoop article, 67 percent of government IT professionals surveyed have already implemented remote device management or are currently in progress. Another 22 percent are considering or planning for remote management capabilities, making it one of the mobile security strategies with the highest adoption rates among government agencies.
Implementing a layered approach to mobile innovations
While government IT security can’t rely on any one solution to provide consistent, reliable protection, Nextgov advocates a layered approach to security that meets threats with at least three different types of security.
The first layer is common sense on the part of the user, which means not clicking on questionable links and not granting permission to untrusted third parties. Training programs are one way to educate employees on the government uses of mobile devices while enacting this layer of security at the federal level, and without creating excessive strain on federal agency budgets.
Mobile devices should also operate within the framework of a mobile device management system, allowing for permissions management, analytics, behavioral patterning and other critical management services that can identify threats and mitigate attacks.
Over time, government agencies need to bolster hardware to meet government standards, implementing a process known as hardening to provide a maximum level of security. Since this costly process likely can’t cover all or even a majority of devices at first, agencies should prioritize devices with access to highly sensitive data and assets.
Prioritized enhancement of data access and asset protection
There are many emerging security measures anticipated for implementation later this year and currently being developed by thousands of government IT professionals. These enhancements reflect the highest priorities for government mobile security going forward and reflect the agendas of both the Department of Homeland Security and the White House.
According to Lookout, among the most pressing areas of focus are the “delineation and increased protection of high-value assets,” which means that security measures lacking the cost efficiency for a nationwide rollout may still be used to protect sensitive data and digital assets held by the government. Processes are also underway to enhance government policies regarding Trusted Internet Connections in an effort to reduce malware infections as well as fake Wi-Fi connections set up to steal data from mobile devices.
Additional priorities include an increased focus on data access and cloud security, along with general upgrades to mobile device management strategies throughout the government.
Government cybersecurity has for years lagged behind the rate of development and enhancement in the private sector. Because cyber threats capable of attacking governments with devastating consequences are more prevalent than ever before, 2018 is shaping up to be a year of long-overdue mobile innovations for the federal government.