3 federal IT security predictions for 2011

How use of consumer tech will reshape federal security

Patricia Titus is vice president and global chief information security officer at Unisys.

In 2010, unprecedented numbers of workers invested their own resources to buy and learn to use a broad range of consumer technologies. Inevitably, those devices found their way into enterprises as employees began using them to get things done in the workplace.

As the nation’s largest employer, the federal government stood little chance of escaping that trend. It must now work to successfully navigate a swiftly changing landscape by supporting employees’ desire for convenience and efficiency while guarding against the security challenges that arise as thousands of new devices and applications are introduced into the enterprise. The recent increase in telework, which will expand even further with the passage of the Telework Enhancement Act, is also driving that need.

Therefore, we can expect to see three important federal IT security trends emerge in 2011.

1. Increased focus on security policies for consumer devices. A recent Unisys-sponsored study revealed that employers, including the federal government, often do not have an accurate understanding of which technologies their employees are using in the workplace. As a result, new vulnerabilities are cropping up at the perimeters of agency networks.

In the coming year, we can expect to see the federal government reassess and extend its security policies beyond the network. We’re already seeing an increase in virtualization, and it will be expanded to the devices teleworkers use to ensure that government data falls within defined security policies. Other policy changes will likely focus on authenticating the identities of device users and encrypting enterprise data as it traverses the network.

2. Use of biometric technology to secure mobile devices. Already a leader in the use of biometric technology, the federal government will begin using it to help secure mobile devices.

Recent Unisys Security Index research shows that although many consumers are taking steps to protect themselves against cyber crime and identity theft, only slightly more than one-third of Internet users in the United States regularly use and change passwords on their mobile devices.

In addition to the use of biometric tools, such as face or voice verification, to supplement user IDs and passwords, we can expect to see an increase in the use of token-based encryption to authenticate mobile device transactions, similar to how financial institutions allow online banking applications to run on handheld devices. The Federal Emergency Management Agency was the first agency to deploy such a capability — for online claims processing after catastrophic events — and more agencies will move toward delivering citizen services via those types of secure transactions in 2011.

3. Business continuity planning as a defense against cyberattacks. The growing use of consumer technologies to conduct business can drive new options for business continuity in the event of a cyberattack.

With more devices dependent on the Internet, we can expect to see increased interest in business continuity planning in 2011. That focus might include greater federal investment in alternative communications paths, such as automatic rerouting of voice over IP to satellite phones or the use of personal cell phones for critical communications in the event of an Internet outage.

Agility and innovation will be watchwords in 2011 and beyond as the government seeks to ensure the security of its networks and data while supporting employees’ desire to use powerful consumer tools — such as instant messaging, smart phones and tablet PCs — to stay informed and productive in their personal and professional lives.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Mon, Jan 31, 2011 DC

There's a reason Patty's not at TSA any longer. She's thinking short when she should be thinking long. Consumer devices in the Fed workplace? Please. I can thing of 100 more important issues facing us in 11 than this.

Fri, Jan 28, 2011 WOR

I would have to disagree. "as the government seeks to ensure the security of its networks and data while supporting employees’ desire to use powerful consumer tools — such as instant messaging, smart phones and tablet PCs" Well, this will happen very slowly. The risk involved in a breach/hack (bad PR, Administration and congressional scrutiny) is too high for HQ vs. the reward (workers get gadgets they swear will make them more productive somehow). Already, federal agencies have a hard time protecting a few chosen standard operating systems. Are they going to open the door to many others, which often have short upgrade cycles, while IT departments suffer cuts? Are they going to allow devices which don't have verified encryption modules, or with unverified biometrics? Few if any smartphones or tablets have FIPS verification required for federal use. And yes, an encrypted vm/vpn can run on some, but then the user is just using the base hardware without the user interface which is so important to the consumer experience. I think data like "only slightly more than one-third of Internet users in the United States regularly use and change passwords on their mobile devices" puts up big red flags for agencies, and when the goal is zero security incidents, they just look too risky.

Thu, Jan 27, 2011

I just puked in my mouth reading this, here is my three: 1. Automation of compliance requirements- To reduce the total cost of ownership for compliance and re-invest that savings into more critical areas 2. Focus on Cyber Domain awareness- We dont know what we know 3. Tactical Risk Management- Risk management based on the operating environment and the threats to that environment and not a canned risk management process

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above