Agencies work to close mobile security, connectivity gaps
The demands of security and connectivity are the two major challenges confronting agencies as they roll out mobile networks, government IT executives say.
The right mix of technology and policies will help agencies strike a balance between government-issued and personal devices as they attempt to give a mobile workforce secure access to data from anywhere, anytime and any device.
The sometimes conflicting demands of security and connectivity are two major challenges confronting agencies as they roll out mobile strategies, according to government and industry representatives speaking at a recent conference.
“We as an agency don’t have the ability easily to provide bring-your-own-device environments. It is something we want to do,” said Rob Bectel, chief technology officer and senior policy advisor with the Energy Department’s Office of Energy Efficiency & Renewable Energy.
“At the end of the day, we want workers to do the work securely.” Giving them the ability “to get data securely, in a space that is appropriate to that work environment, is important to us,” Bectel said.
Bectel himself carries two separate mobile devices because he says he does not want personal data to mix with business data. However, some workers use their mobile devices in a virtualized or BYOD mode, which allows them to use one device for both work and personal matters.
They have accepted the risk, Bectel said, during a panel discussion on June 10 at the Citrix Mobility 2014 conference in Washington, D.C.
For DOE, the more demanding issue is how to provide data securely to the its internal and mobile workforce beyond its Germantown, Md. headquarters as well as to grantees working on projects funded by the department. In situations where researchers need to input and clean up data, DOE has a data repository where competitive research data is stored and secured. As a result, it is developing secure connections to that data using a private cloud, Bectel said.
For its part, the Federal Communications Commission is confronting similar requirements for both data sensitivity and flexibility. The FCC chairman’s office has been a beta tester for a project to roll out a virtual desktop infrastructure in its Washington, D.C., headquarters.
The pilot has gone well, said John Skudlarek, the FCC’s deputy CIO. By deploying VDI, organizations can store and virtualize desktop applications at the data center and then deliver them to mobile endpoints via secure connections, and in some cases via cloud infrastructures
The FCC recognizes that in many cases its mobile workforce and business partners might not have the best connectivity to securely access information. “In our less advantaged locations where we don’t have as clean a connectivity, you do need multiple solutions to be able to cover all of the workforces’ requirements,” Skudlarek said.
But government-furnished equipment (GFE) shouldn’t be the only way to lock down data on a device, said Todd Hillegass, a cloud solutions architect with Concurrent Technologies Corp. Agencies need to take a look at where data resides and incorporate the policies needed to address those requirements.
The best path depends on whether or not the agency is looking at the endpoint as a means for their employees to do their job or share information with partners. Questions to pose to determine the proper tactic might include, “Is my endpoint a consumption device or ingestion device? Do I need to use it 24/7? Is it sufficient only when I’m online and connected?”
“So policy will dictate that. It can’t be just GFE,” Hillegass said.
At the end of the day, technology can allow people to do a lot more on devices without compromising data, said Chris Green, systems engineer with PCI Strategic Management.
Technology such as Citrix’s Netscaler Insight Center, for instance, enables security engineers to see the flow of data across applications and devices. Insight Center gives IT admins a view of all mobile, web and virtual desktop traffic. The result is a network big data analytics platform that gives visibility and real-time insight into datacenter traffic for mobile and cloud services, he said.
The Homeland Security Advanced Research Projects Agency, the research arm of the Department of Homeland Security, is also looking at how to protect data residing on mobile devices. “This is one of the really challenging spots,” said Luke Berndt, a program manager working with the cyber security division of DHS’ Science & Technology Directorate.
“It is challenging to make sure you have the right amount of data on the [mobile] device,” he said “This is a priority for DHS to think about how we handle data at rest and data over the network and putting a little more intelligence in there. Keep an eye out for some things happening in the future,” Berndt said.
NEXT STORY: Last call for comments on Keccak encryption