Government agencies face the same mobile security concerns as any other organization, including malware and issues related to misuse of devices by employees. A recent survey by Lookout found that approximately 7 percent of federal employees jailbreak or root a device that they use for work purposes, and 24 percent admit to installing apps from sources other than official app stores, significantly raising the risk of malware infecting their device.

Government employee mobile devices not only contain sensitive information related to government functions, but may also provide access to systems storing information pertaining to millions of citizens, notes the Department of Homeland Security (DHS) in a recent report from its science and technology directorate. A breach of such data would constitute a major security incident that could cause widespread damage to all concerned.

To combat this threat, DHS has identified security gaps that need to be addressed and stresses the need for all government agencies to follow best practices, including those identified by NIST, and to ensure that they have suitable mobile security and management technologies in place.

Integrating Remote Configuration as a Best Practice

Areas identified in the report include the ability to remotely enroll, manage and configure devices in order to boost security. In combination with an MDM or EMM, a remote configuration tool such as Knox Configure can address many of the challenges that administrators face with regard to secure mobility. It can be used as an extension to enterprise mobility management solutions and enables bulk device configuration so that settings and other options can be deployed to all devices in use at the same time via a secure web portal.

This means that sanctioned apps can be installed on all devices that have been enrolled for use without any manual intervention, and unauthorized apps can be blocked through application whitelisting and blacklisting capabilities. Users can also be prevented from altering device settings so that security risks are not introduced. These can include restrictions on Wi-Fi, Bluetooth, NFC, USB connection and SIM lock settings.

As different users require access to different applications according to their role, user profiles are created centrally, and applications and settings can be pushed out to users according to need, which ensures that employees can’t access sensitive information on their device if their role doesn’t require them to. When users change roles or departments change their policies, any updates can be pushed out to users when required. For example, an employee may be granted access to sensitive data stores as part of a new role, requiring that strong authentication mechanisms be available to them, which can be done on the fly with remote configuration tools. By having multiple options for configurations and the ability to make selective over-the-air updates, mobile security can evolve as department and employee needs change over time.

Greater Control and Reduced Costs

A remote configuration tool such as Knox Configure is a significant time and money saver for IT, as it allows all device provisioning processes to be performed over-the-air. By using Knox Configure in conjuction with an MDM or EMM, organizations can ensure that they have a consistent configuration and ongoing control over all devices.

By selecting a device with security built in at the hardware layer, utilizing a remote configuration tool and an EMM, government agencies can mitigate many of the risks associated with sensitive information on mobile devices.

As government employees blur the lines between personal and professional device use, agencies need a mobile security platform to separate and protect data.