by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : November and December 2014
Agencies face a delicate balancing act when it comes to providing mobile security. On the one hand, IT departments seek to extend end- point security to a growing population of mobile devices. It’s easy to see why: Smartphones can go missing along with agency data, and mobile devices in general can intro- duce malware to enterprise networks. On the other hand, employees want the ease of use of consumer technol- ogy, and agency managers covet the potential productiv- ity boost. Those impulses, however, can tip the scales in undesir- able directions. A too-stringent mobile security policy will discourage smartphone and tablet use, especially in bring-your-own-device programs, and thereby elimi- nate the productivity benefit. But a policy that goes too light on security could invite trouble in the form of lost data and business disruption. Federal informa- tion security spe- cialists are tack- ling the dilemma in various ways. For example, in September, the National Insti- tute of Standards and Technology’s National Cyber- security Center of Excellence (NCCoE) pub- lished a revised draft of a mobile security guide that addresses the security versus usabil- ity challenge. Bill Fisher, an information security engineer at NCCoE, said mobile security measures can have the unintended consequence of prompting users to evade protective mea- sures rather than comply with them. “We recognize that a suite of mobile security controls that inhibits an employee’s ability to work or goes against their expectations of functionality often encourages users to find a workaround for the control,” he said. Why it matters NIST’s concern is rein- forced by recent research from the Ponemon Insti- tute. The company sur- veyed IT managers, including public-sector technology leaders, and identified employee resistance (56 per- cent) and the ability to implement and enforce a mobile device policy (40 percent) as the two biggest barriers on the path to an effective mobile security strategy. Users might not set out to flout mobile security standards but can end up taking liberties for the sake of productivity. Striking a balance with mobile device security BY JOHN MOORE Rather than being mutually exclusive, functionality and security can coexist to varying degrees November/December 2014 FCW.COM 31 ExecTe c h Federal security standards have forced some unwieldy mobile solutions, including “sleds” or plug-in readers for the Defense Department’s Common Access Cards. A search for better solutions is underway.