3 federal IT security predictions for 2011

Patricia Titus is vice president and global chief information security officer at Unisys.

In 2010, unprecedented numbers of workers invested their own resources to buy and learn to use a broad range of consumer technologies. Inevitably, those devices found their way into enterprises as employees began using them to get things done in the workplace.

As the nation’s largest employer, the federal government stood little chance of escaping that trend. It must now work to successfully navigate a swiftly changing landscape by supporting employees’ desire for convenience and efficiency while guarding against the security challenges that arise as thousands of new devices and applications are introduced into the enterprise. The recent increase in telework, which will expand even further with the passage of the Telework Enhancement Act, is also driving that need.

Therefore, we can expect to see three important federal IT security trends emerge in 2011.

1. Increased focus on security policies for consumer devices. A recent Unisys-sponsored study revealed that employers, including the federal government, often do not have an accurate understanding of which technologies their employees are using in the workplace. As a result, new vulnerabilities are cropping up at the perimeters of agency networks.

In the coming year, we can expect to see the federal government reassess and extend its security policies beyond the network. We’re already seeing an increase in virtualization, and it will be expanded to the devices teleworkers use to ensure that government data falls within defined security policies. Other policy changes will likely focus on authenticating the identities of device users and encrypting enterprise data as it traverses the network.

2. Use of biometric technology to secure mobile devices. Already a leader in the use of biometric technology, the federal government will begin using it to help secure mobile devices.

Recent Unisys Security Index research shows that although many consumers are taking steps to protect themselves against cyber crime and identity theft, only slightly more than one-third of Internet users in the United States regularly use and change passwords on their mobile devices.

In addition to the use of biometric tools, such as face or voice verification, to supplement user IDs and passwords, we can expect to see an increase in the use of token-based encryption to authenticate mobile device transactions, similar to how financial institutions allow online banking applications to run on handheld devices. The Federal Emergency Management Agency was the first agency to deploy such a capability — for online claims processing after catastrophic events — and more agencies will move toward delivering citizen services via those types of secure transactions in 2011.

3. Business continuity planning as a defense against cyberattacks. The growing use of consumer technologies to conduct business can drive new options for business continuity in the event of a cyberattack.

With more devices dependent on the Internet, we can expect to see increased interest in business continuity planning in 2011. That focus might include greater federal investment in alternative communications paths, such as automatic rerouting of voice over IP to satellite phones or the use of personal cell phones for critical communications in the event of an Internet outage.

Agility and innovation will be watchwords in 2011 and beyond as the government seeks to ensure the security of its networks and data while supporting employees’ desire to use powerful consumer tools — such as instant messaging, smart phones and tablet PCs — to stay informed and productive in their personal and professional lives.