Symantec Government Online User Group

Recently I had the chance to speak at FedScoop’s 4th Annual Lowering the Cost of Governing with IT event. Lowering costs without slashing budgets, while at the same time providing a higher level of service to agency employees and their constituents is top-of-mind for most agencies, so I was thrilled to be included in the all-star line up.
 
Agencies themselves have two major concerns at the moment that both focus on mobility.
 
First, they are tasked with mobilizing two customer-facing services before the end of May 2013. As we approach the mobile tipping point, Federal CIO Steve VanRoekel would like to see agencies address what he sees as their biggest technology challenge – enabling secure access to digital government information and services anywhere, anytime, on any device. If it’s true that in 2015 more Americans will access the Internet via mobile devices than desktop PCs, this will be a major and necessary undertaking.
 
Second, agencies must set their plans to deal with the influx of personal devices making their way onto agency networks, approved or otherwise. The bring your own device (BYOD) movement represents an effective way for agencies to lower costs – it eliminates the cost of buying devices for employees and allows them to reap the benefits of a more flexible work environment and compliance with the Telework Act.
 
However, widespread mobility creates a larger threat area for both government employees and U.S. Citizens accessing public data.Reasons for this include:

• Small, portable devices are easily lost or stolen, allowing data to fall into the wrong hands.
• Personal devices mean the potentially hazardous intermingling of personal and public data and applications.

• Devices are reliant on network access and cloud services, which makes them susceptible to threats including network-based attacks and data loss events.

So, how do we mitigate this risk?
 
Traditionally, a “device-centric” security approach that protects mobile devices the same way we protect PCs – by securing and managing individual systems – has been used. However, we’ve found that as people bring personal devices onto government networks, this model loses its efficacy. Instead, agencies need to move from a device management strategy to an application or data management strategy, or a combination of the two.
 
As the new year approaches and more agencies aresetting their mobile standards both internally and for customer-facing services that combine device-centric and app-centric security models, we’re looking forward to helping develop strategies to mitigate risks and set best practices for mobility.
 
Thanks to the folks at FedScoop for including me in the program. If you’re interested, you can see my full presentation here.