BYOD Security Demands Mobile Data Protection Strategy
As federal agencies develop strategies for an increasingly mobile workforce, the traditional methods of securing a desktop environment have to evolve to account for the growing crop of wireless devices in use. Symantec vice president of public sector urges federal CIOs to embrace BYOD, but to update their security posture to also focus on files and applications.
Thu, August 23, 2012
CIO — WASHINGTON -- As federal agencies slowly warm to the emergence of an increasingly mobile workforce, the traditional methods of securing a desktop environment will have to evolve to account for a vast new crop of wireless devices, a senior official with Symantec warned on Wednesday.
The security issues associated with an increasingly mobile workforce are amplified when CIOs consider adopting a "bring-your-own-device," or BYOD, policy, allowing employees to access potentially sensitive work files and applications on their personal device. At the same time, just as in the private sector, federal workers are coming to expect that they should be able to work on their favorite devices, and adopting BYOD policies, as some agencies are considering, could help lower IT acquisition and management costs.
"If agencies allow their users to bring their own devices then they don't have to buy those devices and maintain them for their life," Schumm said, though she noted that "the more important gains are going to be the gains in productivity."
"But there's an elephant in the room, right? That is how are we going to manage and secure all the information across these mobile devices. Because the truth of the matter is despite all of the virtues, widespread mobility does create a larger threat environment for government employees, and for anybody really," she said.
BYOD remains an unsettled area of federal IT policy. In January, Steven VanRoekel, the CIO of the federal government, offered a first glimpse at a comprehensive mobile strategy, and has since been working with the agencies to formulate specific policies on a number of areas, including rules of the road for working with developers, mobile security and BYOD policies.
Those last two, of course, are closely coupled. For starters, the greatest virtue of mobile device, they're small and they travel with their users, also invites loss or theft. For that reason, Schumm urged a security strategy that focuses on access control and identity management, so that even if the device falls into the wrong hands, the risks would be minimized.