No easy answers on managing mobile security
At the Jan. 13 AFCEA Bethesda breakfast, a trio of agency IT execs offered advice on weigh the risks of aggressive mobile deployments.
How much risk is too much when it comes to mobile security? It all depends on whom you ask.
According to a 2014 Mobile Work Exchange study, 90 percent of government employees are using a mobile device, and 41 percent of those employees are putting themselves and their agencies at risk by doing so.
At a Jan. 13 AFCEA Bethesda breakfast panel, however, three senior IT officials suggested that at least a little risk is in order, and offered some ideas on handling the growing problem.
Walter Bigelow, division chief for the IT Services Management Division at the Bureau of Alcohol, Tobacco, Firearms and Explosives, said agencies must decide for themselves how much of a managed risk they're willing to take with their mobile devices.
"In our case, we are willing to be relatively liberal with the devices to get them used," Bigelow said.
David Rubin, head of mobility at the FBI, said the bureau has also taken a similar implementation approach. "We treated every mobile device like a desktop," he said. "Fail fast, fail cheap. We backed off of things we didn't see as sustainable."
Joseph Ronzio, special assistant to the chief health technology officer at the Veterans Affairs Department, said 10,000 iPads were given to VA employees, and about three-quarters have an iOS device of some kind.
Mobility has also been a platform for biometric capabilities. In the criminal justice field, Rubin said, the FBI is using biometric technology to expedite many daily tasks, like taking fingerprints of fugitives. What used to require large and heavy dedicated equipment and can now be done on a mobile device -- using small "additional peripherals" to capture the scans.
Biometric technology has also long been considered a viable alternative for multi-factor authentication, as a replacement for passwords -- widely viewed as both insecure and inconvenient -- when the multiple levels of authentication and different passwords often needed to log into one system are factored in. But on that front, Rubin said, the FBI is not there yet.