It is possible to balance data security and user flexibility -- if agencies follow these key guidelines.
Mobile devices, the near-ubiquity of wireless networks and cloud-based business applications have cultivated an enterprise mobility trend that is changing the way people work and affecting IT at all organizations, including government agencies.
A desktop computer and a mobile phone do not serve the needs of the always-on workforce of today. The balance of power has shifted from IT toward the end user, who demands mobility, choice and the option to bring his or her own device. That shift has given rise to a wide range of devices -- laptops, tablets and smartphones -- connecting to government networks.
In the eye of the mobility storm, the agency IT department faces a major challenge: to strike a balance between data security and control on one side and end-user flexibility and productivity on the other. Data security is imperative, especially in the government, where devices are more likely to contain highly confidential, regulated or classified data.
Organizations that successfully enable and manage mobility follow three key rules:
1. Manage the user, not the device.
In the past, the IT department could dictate the type of equipment an employee could use, thereby maintaining control over the device and the endpoint and ensuring that security measures were enforced. Today, users expect the same network and data access on all devices, and without that flexibility, productivity is impeded. On the flip side, agencies must ensure that access to data is appropriately permitted or restricted for each user, regardless of the device used to access it.
By managing user profiles rather than devices, the IT department can consider the needs, rights and permissions of users and build a template to support their productivity. And agencies can provide users with the flexibility to use a device of their choice while ensuring that data security is not compromised.
2. Implement and enforce a mobile-use policy.
Many users believe that data security is not their responsibility. Therefore, effective mobility management is supported by a policy that clearly defines what is expected of end users.
The policy should outline employee accountability and the penalties that can be incurred if the agreement is breached. If employees are allowed to bring their own devices, the policy should clearly state the steps the IT department can take to avoid data breaches if the device is lost or stolen, if the employee leaves the organization or if a suspected security threat occurs.
3. Maintain a persistent connection to the devices.
Satisfying users and establishing policies are fruitless if the IT department cannot maintain visibility of the device and the data it contains. A persistent connection is essential.
The Environmental Protection Agency relies on persistence technology for a constant connection to all the devices in its deployment. Because the persistence module is built into the firmware of each device, if efforts are made to remove it, the technology simply rebuilds itself so that the IT department can continue to track, manage, and protect the agency's assets and data, regardless of device location or user.
If a device leaves a designated area, EPA's IT department receives an alert. If a device is lost or stolen, the department can remotely freeze it or delete confidential data. Those functions allow EPA to be proactive about data security while supporting a mobile workforce.
Mobility is arguably the most disruptive technology since the World Wide Web, and IT departments that try to resist it will ultimately fail. Those that follow the three rules outlined above can secure data while embracing mobility and enabling a more productive workforce.