With the growing prevalence of mobile devices in the government sector, such as the HP Elite x3, many state and local governments are acknowledging the value of a Bring Your Own Device (BYOD) policy.
From a generational perspective, baby boomers are entering their retirement years, opening state and local leadership roles for Generation X and millennials. Workers from these generations tend to embrace new technologies, often employing the latest devices for their personal and professional use.
Meeting demand for mobility, early adopters of BYOD programs have found solid ground by following these four guidelines:
Each state and local government organization needs to define the limits of what they can securely support within their BYOD policy. IoT-connected devices that don’t have proper security features create additional intrusion vectors for cybercriminals. Finding trusted advisors to align technology trends and security capabilities to specific agency missions is critical to successfully planning and deploying a BYOD policy.
While it’s widely recognized that the most important asset of any organization is its people, it’s also true that those same employees and staff are commonly attacked entry points. As mobile device adoption increases in the public sector, platform management and policies become every bit as important as firewalls and secure networks.
According to IBM, high-profile data breaches are increasingly common, costing an average of $4 million in damages, putting IT infrastructure under intense (often political) scrutiny. With the number of break-ins and the damage they cause on the rise, government IT departments are forced to perform a high-risk balancing act: driving more data, accessibility and capability while mitigating their agencies' or constituents' vulnerability.
As shown in Figure 1, 56% of IT security specialists in the United States believed BYOD device practices were at the heart of endpoint security breaches in 2016.
Although efficient, a BYOD policy may expose state and local governments to security breaches. IT managers delivering new mobile devices must plan to mitigate increasing risks of data theft, fraud, insider threats and privacy breaches. Unfortunately, such security plans negatively impact agility and increase maintenance burdens and IT costs, adding another layer to the existing challenges of government IT services.
With mobile devices, security concerns expand beyond pure data management to device management. In order to succeed, government IT leaders must ask, "How do we secure mobile devices so that if someone leaves their device at a restaurant or friend's house or coffee shop, that device's information and network access is not compromised?"
As the number of foreign-owned device manufacturers increases, supply chain security also becomes a hot topic. Agencies are wise to vet technology vendors by asking, “How do you secure your supply chain?” Agencies need to ensure the security of network devices from the manufacture through installation and deployment. They must also combat instances where something embedded into the hardware or firmware of the device may present a security compromise. Therefore, device discovery needs to include a supply chain element that defines and tracks the logistical path of hardware, software and applications along their entire lifecycle.
Here again, an understanding of the missions served by state and local government IT teams requires a holistic and comprehensive security mentality that spans far beyond the firewalls of the network. Device risk management must peer back to the hardware vendors of such devices, as well as forward to their deployment for a mobile workforce and constituency.