Mobile security to go

Feds encouraged to adopt security policies that adequately cover mobile devices

GCN Lab TV at FOSE 2008 The GCN Lab guys take their testing on the road to the FOSE trade show in downtown Washington DC. Come check out all the great products from the show that may soon be installed at your federal agency. Watch them here.

Federal workers increasingly are reliant on handheld mobile communications devices such as BlackBerrys to increase productivity and government network administrators must 'extend the security perimeter' to cover mobile devices that to a degree have no physical boundaries, said Stephen Orr, senior consulting systems engineer at Cisco Systems' Federal Operations. Orr spoke today during a panel discussion on wireless security at the FOSE Conference and Exposition in Washington.

Mobile devices are extensions of the enterprise network but often communicate back to their home networks and applications over untrusted third-party networks. The devices must be appropriately secured and the information that is transferred encrypted. However, striking a balance between enforcing strict security policies and ensuring that applications are functional for the user community continues to be a challenge.

'Security is always at tension with usability. Flexible approaches are required. There is no one size [that] fits all,' said Scott Totzke of Research in Motion, who presented best practices for securing BlackBerrys.

There is a 'need to have ubiquitous client experience' that is not too confusing because it contains too many access and authentication procedures, Orr said.

The computing power of mobile devices has advanced to the point where they are effectively a handheld personal computer ' one with a plethora of sensitive information. Mobile devices are frequently lost or stolen and can easily become back doors to networks. The devices themselves must be locked down to ensure the data on them is not compromised if they are lost or stolen. Network administrators should periodically assess the device's integrity to make sure there are no holes.

Totzke said that the 'key security measures include encrypting local data at rest on the mobile device, enforcing access controls for downloaded data, deploying strong password protection and promoting user education' about the value of security policies and procedures.

About the Author

Dan Campbell is a freelance writer with Government Computer News and the president of Millennia Systems Inc.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected