BYOD Security Demands Mobile Data Protection Strategy

As federal agencies develop strategies for an increasingly mobile workforce, the traditional methods of securing a desktop environment have to evolve to account for the growing crop of wireless devices in use. Symantec vice president of public sector urges federal CIOs to embrace BYOD, but to update their security posture to also focus on files and applications.

By Kenneth Corbin
Thu, August 23, 2012

CIO — WASHINGTON -- As federal agencies slowly warm to the emergence of an increasingly mobile workforce, the traditional methods of securing a desktop environment will have to evolve to account for a vast new crop of wireless devices, a senior official with Symantec warned on Wednesday.

Federal CIOs, which have been developing mobility strategies for their agencies and departments at the direction of the White House, need to take an information-centric approach to securing the files and applications on mobile devices, rather than trying to lock down the device itself, Gigi Schumm, Symantec's vice president and general manager for the public sector, said in a presentation here at the FedScoop government IT conference.

The security issues associated with an increasingly mobile workforce are amplified when CIOs consider adopting a "bring-your-own-device," or BYOD, policy, allowing employees to access potentially sensitive work files and applications on their personal device. At the same time, just as in the private sector, federal workers are coming to expect that they should be able to work on their favorite devices, and adopting BYOD policies, as some agencies are considering, could help lower IT acquisition and management costs.

BYOD: What Can We Learn from China?
The Consumerization of IT and BYOD Guide

"If agencies allow their users to bring their own devices then they don't have to buy those devices and maintain them for their life," Schumm said, though she noted that "the more important gains are going to be the gains in productivity."

"But there's an elephant in the room, right? That is how are we going to manage and secure all the information across these mobile devices. Because the truth of the matter is despite all of the virtues, widespread mobility does create a larger threat environment for government employees, and for anybody really," she said.

BYOD remains an unsettled area of federal IT policy. In January, Steven VanRoekel, the CIO of the federal government, offered a first glimpse at a comprehensive mobile strategy, and has since been working with the agencies to formulate specific policies on a number of areas, including rules of the road for working with developers, mobile security and BYOD policies.

Those last two, of course, are closely coupled. For starters, the greatest virtue of mobile device, they're small and they travel with their users, also invites loss or theft. For that reason, Schumm urged a security strategy that focuses on access control and identity management, so that even if the device falls into the wrong hands, the risks would be minimized.

1 2 next page »

More from CIO

You are here: Technology Topics » Security » News

Most Recent Data protection Stories

White Papers »

Top 10 Endpoint Backup Mistakes

When considering endpoint backup options, be sure you're making the right decisions. Protecting data on endpoints has become more challenging because of recent trends like exponential data growth, the rise in endpoints, BYOD, and SaaS applications.

8 Must-Have Features for Endpoint Backup

Save IT time and maximize user productivity by choosing the right features. Protect corporate data while benefiting administrators and users.

Security Intelligence: A Key Component of Big Data Security Analytics

This ESG brief discusses best practices to proactively address risk while exploring how organizations maximize the benefits of security intelligence.

The Big Data Security Analytics Era Is Here

Security management must be based upon continuous monitoring and data analysis for situational awareness and data-driven security decisions. Organizations have entered the era of big data security analytics.

Transforming SIEM into A Warning System for Advanced Threats

Given the state of today's security systems, most organizations are a long way from using these types of advanced technologies for security management. Security professionals need to get more value from the data already collected and analyzed.

Six Steps to Tighter PCI and Data Security

Learn six steps designed to keep loss prevention executives out of the spotlight's uncomfortable glare, including new PCI recommendations for handling complexities of mobile payments.

Webcasts »

Security Analytics Video

At a time when security teams need to know literally everything that is going on in their infrastructure, how can your team utilize this information in the most efficient way possible and stay one step ahead of attackers?

Overcoming Security Blind Spots in Network, Endpoint and Server Security

Date: May 30th, 2013 Time: 11 AM PDT/ 2 PM EDT
This webcast will showcase security technologies that meet attacks with integrated defense, focusing the advantage of intelligence more directly on some of the targets in the enterprise

Customer Success Video (State of Michigan)

Learn how the State of Michigan is utilizing DeepSight security intelligence to protect critical infrastructure.

PGI Customer Success Video

Learn how PGI is using Symantec Managed Security Services to protect their systems, while allowing them to focus on running, and building, their business.

Simplifying the Complexity of Mobility: A Holistic Approach to Develop a Mobile Enterprise Strategy

Simplifying the Complexity of Mobility

Vblock Specialized System for SAP HANA

Overview video from DJ Long about the new Vblock Specialized System for SAP HANA.