by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : December 2012
10 December 2012 FCW.COM Commentary | ERIC RIFE ERIC RIFE is director of collaboration at Red River, a provider of IT products and hardware-related services to the U.S. government. The hottest topic in enterprise IT is secure mobility --- in other words, allowing secure access to the enter- prise infrastructure from any device, anywhere and at any time. Success- ful mobility solutions require delib- erate implementation, disciplined security plans, careful consideration of who needs to be mobile-enabled, and the implementation of a sophis- ticated, secure, mobile enterprise infrastructure. Here are ve steps to take com- mand of your organization s mobility initiative. 1. Create a policy. Before com- mitting enterprise resources to secure mobility, you must determine which job functions truly need to be mobile and why. Letting every- one go mobile without restriction is unrealistic, so de ne what job functions require mobility and set up user pro les accordingly. For instance, many workers will only need secure mobile access to e-mail rather than an entire suite of appli- cations. 2. Make security dynamic. Bor- derless anytime/anywhere mobility presents genuine security challeng- es, and obviously, the consequences of a breach --- especially of govern- ment networks --- are extremely serious. A security plan must be dynamic enough to change as hack- ers tactics change and incorporate the latest multilayered credentialing technologies. Moreover, any secu- rity strategy must strive to eliminate vulnerabilities while presenting a fast-response action plan for dealing with a breach or failure. The plan should be at least as strong as the security plan at the physical of ce, with the addition of the capability to automatically lock out mobile devices that exceed security allow- ances set up in the user pro le. For instance, device lockout can occur when someone uses unauthor- ized software or applications. User pro les can enforce corporatewide policies or be individualized. 3. Decide which devices to allow. Mobility doesn t mean a device free- for-all, and an organization obvi- ously cannot support all hardware, software, devices and apps. In other words, what does "bring your own device" (BYOD) really mean? What policies should be in place to screen or prepare devices for use on a secure network? Administrators of secure networks that are mobility- capable must de ne the rules for allowable hardware and software (down to the version level) and might need to go even further. Will all types of browsers be allowed? Which apps must users have on their mobile devices before they can access the network remotely? You should set those policies early, while also creating a process for review- ing new devices and apps. 4. Set standards for hardware and software. For anyone who is granted network access, are there limits to resource allocation? Once those limits are set, then the real battle begins. Every single time a mobile device attempts to access your network, it must be compared against some type of standard to validate if the device meets the most current security criteria. If a viola- tion occurs, prede ned remediation steps should occur. As mentioned above, you should be prepared to lock out devices that suddenly appear to violate their approved pro les or have unauthorized soft- ware or applications. 5. Put someone in charge. Does your agency need a new position, role and title for mobility? De n- ing the security requirements for a mobility network will require sophisticated leadership, to say nothing of the ongoing rules and policies that must be put in place as devices, networks and threats change. Administration of the network isn t a part-time job, so consider a dedicated mobility of - cer or a consultant who can provide the required level of expertise and attention. In today s BYOD world, a chief mobility of cer has to be part of every IT conversation. ■ Before committing enterprise resources, you must determine which job functions truly need to be mobile and why. 5 steps to kick-start your mobility initiatives Mobile security presents a complex set of challenges, but here are some ways to make it more manageable
November 30, 2012