Putting advanced mobile security on CDM DEFEND

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Bob Stevens
 

Connecting state and local government leaders

By Bob Stevens

|

As the mobile threat landscape continues to evolve in a post-perimeter world, smoother acquisition processes and funding for the best possible security must keep pace.

The government is entering the era of post-perimeter security -- an entirely cloud-based, no-perimeter IT infrastructure, which is  forcing agencies to move key security functions to the endpoint and establish a zero-trust access model. Meanwhile, the move to mobile has exploded the number of endpoints, exposing government networks to mobile threats. According to a report Lookout published last year, 60.5 percent of federal agencies reported security incidents involving mobile devices.

The Department of Homeland Security has integrated mobile protection into the Continuous Diagnostic and Mitigation program. CDM's Dynamic and Evolving Federal Enterprise Network Defense (DEFEND) contract acquisition process and its Request for Services processes are touted as an easy way for agencies to achieve "CDM parity" for agencies' mobile devices, comparable to other CDM-protected endpoints.

However, agencies cannot currently use DEFEND contract dollars to pay for mobile threat protection, because it is considered an emerging technology and therefore ineligible for DEFEND. This classification is leaving agency networks and data vulnerable to mobile threats.    

Last month, a letter signed by two senators highlighted the serious nature of this vulnerability regarding government employees' mobile devices.

The letter from Sens. Ron Wyden (D-Ore.) and Marco Rubio (R-Fla.) to Christopher Krebs, the director of the Cybersecurity and Infrastructure Security Agency at DHS, explains how the growth of mobile services could be causing a security vulnerability. Federal government employees’ web browsing data could be exposed to third parties, particularly those affiliated with countries of national security concern through the use of apps, VPNs and mobile data proxies. The senators urged Krebs to conduct an immediate threat assessment and, if necessary, issue a directive prohibiting the use of certain mobile services.  

To prevent the loss of government data, DHS needs two related capabilities: visibility/notification about the threat and then protection/mitigation when a threat is revealed. Mobile device management (MDM) tools do not deliver this functionality. Advanced mobile threat protection tools, however, can provide these capabilities and prevent the data vulnerabilities cited by the two senators without resorting to an outright ban of popular devices and apps agencies use.

For example, advanced mobile threat tools can automatically detect when an agency device connects to a new Wi-Fi, cellular, VPN or tethered network and immediately run a series of health checks on that new network to ensure that it is behaving properly. If a new network connection is deemed unsafe, these tools alert the employee, IT administrators and the MDM platform within seconds to ensure government data is protected and steps are taken immediately to remediate the threat. 

These advanced tools give agencies the opportunity to select, based on their risk tolerance, policies that help ensure devices stay compliant with internal and external mandates. If a device exceeds the acceptable level of risk as defined by the agency, a remediation message is sent to the employee, the issue is flagged to the relevant admin and employee is logged out of any agency resources.

CDM DEFEND needs to include a comprehensive mobile security solution that protects government data against the full spectrum of mobile threats, including:

  • App threats and risks
  • Device threats and risks
  • Network threats and risks
  • Web and content threats and risks (e.g., phishing)

These advanced solutions can be seamlessly integrated with existing enterprise mobile management and MDM platforms to create true mobile protection for today's modern government agencies. Most mobile security providers integrate their various offerings with the leading EMM/MDM platforms, including Microsoft Intune, VMWare AirWatch and MobileIron. These mobile threat protection solutions not “emerging” technology, they are “here now” technology. DHS can make these tools available to every agency, allowing them to receive off-setting CDM DEFEND dollars to help pay for them.

CDM DEFEND was designed to make it easier for government agencies to protect themselves from cyber threats. As the mobile threat landscape continues to evolve in a post-perimeter world, smoother acquisition processes and funding for the best possible security must keep pace.

NEXT STORY: The shadow IoT lurking on enterprise networks

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.