Mobile security to go

Feds encouraged to adopt security policies that adequately cover mobile devices

GCN Lab TV at FOSE 2008 The GCN Lab guys take their testing on the road to the FOSE trade show in downtown Washington DC. Come check out all the great products from the show that may soon be installed at your federal agency. Watch them here.

Federal workers increasingly are reliant on handheld mobile communications devices such as BlackBerrys to increase productivity and government network administrators must 'extend the security perimeter' to cover mobile devices that to a degree have no physical boundaries, said Stephen Orr, senior consulting systems engineer at Cisco Systems' Federal Operations. Orr spoke today during a panel discussion on wireless security at the FOSE Conference and Exposition in Washington.

Mobile devices are extensions of the enterprise network but often communicate back to their home networks and applications over untrusted third-party networks. The devices must be appropriately secured and the information that is transferred encrypted. However, striking a balance between enforcing strict security policies and ensuring that applications are functional for the user community continues to be a challenge.

'Security is always at tension with usability. Flexible approaches are required. There is no one size [that] fits all,' said Scott Totzke of Research in Motion, who presented best practices for securing BlackBerrys.

There is a 'need to have ubiquitous client experience' that is not too confusing because it contains too many access and authentication procedures, Orr said.

The computing power of mobile devices has advanced to the point where they are effectively a handheld personal computer ' one with a plethora of sensitive information. Mobile devices are frequently lost or stolen and can easily become back doors to networks. The devices themselves must be locked down to ensure the data on them is not compromised if they are lost or stolen. Network administrators should periodically assess the device's integrity to make sure there are no holes.

Totzke said that the 'key security measures include encrypting local data at rest on the mobile device, enforcing access controls for downloaded data, deploying strong password protection and promoting user education' about the value of security policies and procedures.

About the Author

Dan Campbell is a freelance writer with Government Computer News and the president of Millennia Systems Inc.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected