Public sector privacy, security concerns slow BYOD adoption
Security concerns slow BYOD adoption in the public sector.
The public sector, just like businesses around the world, is in the process of adopting mobile strategies in an attempt to improve efficiency and employee satisfaction. Currently, one of the biggest debates is whether allowing individuals to bring personal computing devices into the workplace is a good idea, according to a Network World report.
The National Security Agency (NSA), as an example, outlaws employees from bringing personal phones into the building, which means BYOD (bring your own device) programs are out of the question, Network World noted.
"God forbid you bring a phone in," NSA mobility mission manager Troy Lange said, according to Network World. "It's not a pleasant experience."
Similar data privacy and security concerns linger throughout the rest of the public sector. The Department of Veterans Affairs (VA), for example, questions whether bringing in personal devices introduces new opportunities, as many IT professionals are unsure if BYOD policies improve the workplace, Network World reported. Meanwhile, some of the biggest fears include a lack of policy and governance, which would introduce new vulnerabilities to databases of the VA's personal information, including personally identifiable information on past and present individuals in the military.
"We haven't jumped into BYOD because of policy issues in the government," VA director of mobile and security assurance Donald Kachman said, according to Network World.
The introduction of mobility in the workplace means IT departments need to take a firmer stance on data protection, which can include raising employee awareness and promoting best practices through education, CompTIA reported.
"Mobile devices and working in a mobile environment opens up new vulnerabilities, particularly in the area of privacy," IT expert Allan Friedman said. "Having clear industry best practices can help establish guidelines for and encourage good, pro-consumer behaviors."
To minimize risk, many decision-makers in the public sector, like the National Nuclear Security Agency, are taking data-centric approaches to security by using "containerization" methods, Network World noted. Containment strategies separate personal information and corporate records, implementing appropriate protection tools based on sensitivity levels.
Another security solution that is being looked into sits idly by as unauthorized users enter the corporate atmosphere. Instead of preventing these attacks, the technology, which was introduced as the recent RSA conference, observes hacker activity and gathers intelligence to enhance other solutions and learn from the incident. This visibility will be an essential part of data security in the coming years as new services continue to be introduced and used in the public sector, according to a Dark Reading report.
"I believe security breaches are inevitable," IT security expert Kevin Mandia said, according to Dark Reading. "We're always trying to dumb down security but we need to scale our experts and we need software that scales [with them.]"
A new philosophy is being adopted in the public sector, which accepts data breaches as a fact of life. This concept was brought on by the increasingly complex and "hard-to-kill" attacks from outsiders, Dark Reading noted. Completely preventing these attacks is difficult. By having a visible and highly governed workplace, however, organizations can be better prepared, aware and knowledgeable of how to minimize damage.
As more government agencies adopt BYOD policies, data security threats grow substantially, especially when employees are not trained or aware of the vulnerabilities personal electronics can introduce to the workplace. Education, visibility and containment methods may be the best approaches to data security during today's era of consumerization.
Consumerization News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Twitter now offers two-factor authentication
- DHS needs better sharing plan, experts say
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet