by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : November and December 2014
“They just underestimate the potential risk they can bring into the workplace by using insecure devices or not following an acceptable-use policy,” said Larry Ponemon, the institute’s chairman and founder. He described employee resistance as a pervasive prob- lem. But it’s not only users who chafe at what they view as overly restrictive security controls. Business unit lead- ers who advocate BYOD policies might feel that setting the bar for security too high could impair workplace effi- ciency, he added. Ponemon summarized managers’ position as: “We want to have security, but we don’t want to do that at the expense of diminishing the productivity of employees.” The Ponemon Institute’s mobile security report, com- missioned by Raytheon, states that productivity wins out in quite a few cases. Slightly more than half of survey respondents said security practices on mobile devices “have been frequently...sacrificed in order to improve employee productivity.” The reduced security comes at a difficult time. In its malware report for the first half of 2014, Alcatel-Lucent’s Kindsight Security Labs found that infection levels for mobile devices increased 17 percent in the January-to- June period and estimated that about 15 million mobile devices are infected worldwide. The fundamentals The task of setting a mobile security policy — and winning over users — starts with an exploration of the agency’s business. Tim Ruland, chief information security officer at the Cen- sus Bureau, said the agency works closely with the user community to understand mission requirements then moves on to developing a security policy in coordination with its parent agency, the Commerce Department, to make sure the bureau complies with Commerce’s policies as much as possible. When the Census Bureau’s mission dictates a departure from those policies, the agency makes sure the differences are documented and the parties agree that they make sense, Ruland said. Next, the Census Bureau deploys the technical solutions needed to comply with the policies. Because policy and technology flow from the early focus on mission require- ments, users are fully aware of the security controls and why they are necessary, Ruland added. “Our users, so far, seem to understand the real need to balance the mission requirements with security, even with new technology,” he said. “The real issue becomes balanc- ing the security needed with the basic functionality of the device.” Although law enforcement agen- cies are up in arms about new default data encryption on Apple iOS and Google Android devices, experts say the policy could have some benefits for federal mobility. Under the default encryption policies, codes that unlock phones are known only to the users who set them. They cannot be cracked using garden-variety cryptographic attacks, and the companies cannot share the codes with law enforce- ment because they do not possess them. FBI Director James Comey warned in mid-October that the FBI will not be able to access sought- after data, even with a legal war- rant or other authorization, because the companies are not maintaining a back door for law enforcement. The flip side is that a lost or stolen device will not yield up its secrets — an important feature for federal employees who work with confiden- tial, nonpublic or secret information. The Mobile Security Reference Architecture (MSRA), the CIO Coun- cil’s guide to mobility management, lists encryption for data at rest as a key security feature. David Carroll, chief federal archi- tect at cybersecurity firm FireEye, led the team that wrote the MSRA when he was at the Department of Home- land Security. He told FCW that “in general, integrated and device-implemented encryption is a benefit to users for protecting data at rest.” There is still the potential prob- lem of lost data, which can be magnified when a fed is using a personal device connected to an agency network, he added. “Agreements for [bring-your- own-device policies] will have to cover restoration of access to government-owned data on the device if they are used for govern- ment use,” he told FCW. Will new smartphone encryption affect BYOD? 32 November/December 2014 FCW.COM ExecTe c h