by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : November and December 2014
Accordingly, NCCoE’s mobile security effort will attempt to create a reference design that lets organiza- tions “dial security and functionality up or down based upon the expectations of their user base and the risk tolerance of the organization,” Franklin said. The hurdles Even with security methods that promote usability, agen- cies still need to convince users of their role in keeping devices and enterprise data safe. Paul Christman, vice president of the public sector at Dell Software, said users ultimately have the biggest responsibility for making security happen, and they should meet IT managers halfway when it comes to instituting user-friendly security measures. “We have to make it easier, but the user has to accept their part of the bargain,” Christman said. “We have to have users participate. There is just no way around it.” Another obstacle is devising a security policy and sup- porting technologies that are sufficiently innovative to thwart increasingly sophisticated attackers. Ponemon said it isn’t enough to develop a security strategy that adheres to a particular framework or set of guidelines. He noted that Target was compliant with the Payment Card Industry security standards at the time of its mas- sive 2013 data breach. He said following a guideline to the letter will “get you pretty high up on the food chain” for a security grade in the B to C range, but getting to the A level of security requires a “secret sauce.” He added that cyber criminals read the security frameworks and guidelines, too, and therefore have a good idea of what they are up against. He said some organizations are investing in “security intelligence” technology (see “Next steps”) to provide an additional layer of protection. Finally, the pace of mobile technology development presents challenges. The landscape is constantly shifting in response to new devices, operating system upgrades and the ever-growing population of apps. “The thing to remember is that mobile technology is evolving quickly, and we have to have the ability to remain agile enough to take advantage of those changes where they make sense and control them efficiently where they do not,” Ruland said. ■ Next steps • Security intelligence. Security information and event man- agement (SIEM) systems rank among the leading technolo- gies in what Larry Ponemon, chairman and founder of the Ponemon Institute, describes as security intelligence solutions. The National Institute of Standards and Technology, meanwhile, envisions integrating mobile device monitoring with enterprise SIEM tools. Bill Fisher, an information security engineer at NIST’s National Cybersecurity Center of Excellence, said SIEM solutions often function as dashboards for security analysts. Adding mobile devices to SIEM would let enterprises oper- ate a single pane of glass for situational awareness. “Our goal is to help unify the management of mobile devices with the management of more traditional endpoints,” he said. • SIM virtualization. J.R. Cun- ningham, director of CISO programs at Accuvant, cited a couple of mobile security technologies that he said bear watching: SIM virtualization and dual-SIM mobile devices that act as two phones in one. Those technologies could pro- vide a way to address the issue of business and personal data occupying the same device. “In government applications, this has potential to remediate some of this problem, especially if half of a phone could be FIPS- compliant while the other half is a person’s pictures and music,” Cunningham said. • Access standards. Application- level mobile authentication and authorization developments include the OpenID Connect and FIDO standards-based initiatives, said Kayvan Alikhani, RSA’s senior director of technology. Those efforts aim to pro- vide a “common framework for seamless and secure multifactor mobile authentication and user- authorization services,” he said. — John Moore 34 November/December 2014 FCW.COM ExecTe c h