by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : November 15, 2012
Speakers: Col. Jeffery R. Schilling, Chief of Current Ops for the Army Cyber Command William Corrington, principal at Stony Point Enterprises and former CTO for the Interior Department The first step toward securing the mobile enterprise is to accept that mobile devices are here to stay. That is not easy for some information security experts, who consider mobile tech- nology as introducing a whole new array of vulnerabilities to an enterprise. But the fact is that while the vulnerabilities are real, the solutions are too. In a recent webcast, Col. Jeffery R. Schilling, chief of Current Ops for the Army Cyber Command, and William Corrington, principal at Stony Point Enterprises and former CTO for the Interior Department, highlighted some of the essential elements in the mobile security enterprise. 1. Device Security Device security begins with a secure operating system, both Schilling and Corrington agreed. This is an evolving issue, and one that is complicated by the bring-your-own-device (BYOD) mentality that dominates the mobility market. But its importance cannot be overstated. "It is one of the building blocks of a security framework that you have to start with, because if your OS isn t secure, your platform will never be secure," Schilling said. Other important security measures include requiring a password to activate the device and setting a short device-idle time- out, said Corrington. Users might balk at such measures, particular if they are using their own devices, he noted, but "from an enterprise perspective, those are a couple of the things you want to treat differently." 2. Data Security With increased mobility comes increased risk that a device might be stolen or lost. For that reason, the IT shop needs to have the ability to do a remote wipe of the device. As an added measure, agencies should require data encryption. Again, this is a measure that BYOD users might resist. But there is a solution, said Corrington. Some devices support the use of add-on products for creating encrypt- ed partitions, which can be used to secure work-related data while leaving other data untouched. 3. Access Control Security experts have it right when they say that mobile devices introduce new vulnerabilities in an agency s net- work. The key is making sure you know what those vulner- abilities are, said Corrington. What applications and databases are being accessed? What information is being exposed and how critical is it? And what access points and endpoints are being used? Endpoint and en route encryption are good solutions, he said. End-user authentication also is impor- tant, but somewhat trickier. Corrington and Schilling agree with security experts across government that the best solution is two-factor authentication -- a combination of biometrics, passwords or other measures. But such solutions, often involving smart- card readers or other external devices, are not a natural fit for mobile devices. That can be a security problem. "We can t make it real clunky for the user, or the user will bypass it and not use it," Schilling said. 4. App Security Large-scale mobile initiatives often involve the use app stores from which users can access applications, whether commer- cial or internally developed. Agency offi- cials need to think out the security around that storefront. For example, said Corrington, when it comes to commercial applications, agencies need a policy about what types of applica- tions will be approved for use. And when it comes to custom applications, they need to make sure they understand how enterprise data is being accessed -- and how to secure that access. 5. Management and operations The conflict between the consumer and enterprise mindsets is nowhere as apparent as it is with mobile device management and operations. Security requires clear policies and procedures around provisioning and deprovisioning both users, devices and data plans. Asset management and usage track- ing also are vital to understanding what devices are being used and how. "These are things that are not part and parcel to the consumer model" said Corrington. But it s not just a matter of good poli- cies: It s also a communications exercise. Users need to be educated about what mea- sures are being taken and why. "Our biggest vulnerability is the user, and we still see users out there who don t understand that they are operating in a con- tested environment and that they can intro- duce a lot of risks by their risky behavior," Schilling said. Securing the Mobile Enterprise: Five Factors That Can t Be Ignored SPONSORED CONTENT "We still see users out there who don t understand that they are operating in a contested environment and that they can introduce a lot of risks by their risky behavior." -- Col. Jeffery Schilling, Army Securing the Mobile Enterprise: Five Factors That Can t Be Ignored The security threats to mobile computing is real, but so are the solutions SPONSORED BY: For more from CDW-G go to CDWG.com/mobility For more from VMware go to vmware.com
October 30, 2012
November 30, 2012