Government Agencies Slow to Secure Mobile Devices

INFOTECH

Government Agencies Slow to Secure Mobile Devices

12/19/2017
By Vivienne Machi

Photo: Getty

Many U.S. government agencies — including the Defense Department — have been sluggish to adopt new security guidelines to protect their employees’ mobile devices, said one company executive.

Bob Stevens, federal vice president of federal systems for Lookout Mobile Security in San Francisco, said agencies need to develop new policies that can protect devices, keep rogue applications at bay and educate employees and stakeholders about mobile security best practices.

One area that needs improvement is application analysis, he said. Too often, agencies take too long — sometimes up to six or eight months — to determine whether an app is safe to use within their networks.

“I see the government sort of spinning its wheels when it comes to the applications that they want to download,” he said. “There are tools out there today that can analyze those applications within minutes, and provide data that the government needs to make a decision.”

When a client downloads an application to a mobile device, Lookout’s team can compare it to a back-end collection of over 35 million apps, Stevens said.

“We’re trying to determine if that application has risky behavior,” he said. That could include sending out the user’s contact information to a command-and-control server in another country, installed malware, or bugs and other vulnerabilities, he added.

Government agencies must also assess whether allowing employees more freedom to use mobile devices will encourage productivity and efficiency, he said. Restricting access to cell phones or specific applications is “not really making those employees more productive,” he added.

In order to promote mobile usage but keep devices secure, Stevens recommends agencies invest in encryption tools, such as a secure container application that insulates sensitive work data separate from personal information, in an authenticated area of a user’s cell phone or tablet.

Employers also have to consider access to WiFi networks, he noted. “When you’re walking down the street, your mobile device is trying to attach to every WiFi network that exists, whether you want it to or not,” he said. “You need to be conscious that there are bad people trying to get into your system via a bad WiFi network.”

Some assume that the Defense Department is more secure than civilian agencies and may not need to worry as readily about implementing new guidelines, Stevens noted.

“A lot of times, the DoD thinks, ‘we buy lockdown devices and produce lockdown devices, so they’re not as open to a breach as a civilian agency might be,’ but I would disagree with that conclusion,” he said.

Topics: Infotech, Cyber, Cybersecurity

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES