The public sector, just like businesses around the world, is in the process of adopting mobile strategies in an attempt to improve efficiency and employee satisfaction. Currently, one of the biggest debates is whether allowing individuals to bring personal computing devices into the workplace is a good idea, according to a Network World report.
The National Security Agency (NSA), as an example, outlaws employees from bringing personal phones into the building, which means BYOD (bring your own device) programs are out of the question, Network World noted.
"God forbid you bring a phone in," NSA mobility mission manager Troy Lange said, according to Network World. "It's not a pleasant experience."
Similar data privacy and security concerns linger throughout the rest of the public sector. The Department of Veterans Affairs (VA), for example, questions whether bringing in personal devices introduces new opportunities, as many IT professionals are unsure if BYOD policies improve the workplace, Network World reported. Meanwhile, some of the biggest fears include a lack of policy and governance, which would introduce new vulnerabilities to databases of the VA's personal information, including personally identifiable information on past and present individuals in the military.
"We haven't jumped into BYOD because of policy issues in the government," VA director of mobile and security assurance Donald Kachman said, according to Network World.
The introduction of mobility in the workplace means IT departments need to take a firmer stance on data protection, which can include raising employee awareness and promoting best practices through education, CompTIA reported.
"Mobile devices and working in a mobile environment opens up new vulnerabilities, particularly in the area of privacy," IT expert Allan Friedman said. "Having clear industry best practices can help establish guidelines for and encourage good, pro-consumer behaviors."
To minimize risk, many decision-makers in the public sector, like the National Nuclear Security Agency, are taking data-centric approaches to security by using "containerization" methods, Network World noted. Containment strategies separate personal information and corporate records, implementing appropriate protection tools based on sensitivity levels.
Another security solution that is being looked into sits idly by as unauthorized users enter the corporate atmosphere. Instead of preventing these attacks, the technology, which was introduced as the recent RSA conference, observes hacker activity and gathers intelligence to enhance other solutions and learn from the incident. This visibility will be an essential part of data security in the coming years as new services continue to be introduced and used in the public sector, according to a Dark Reading report.
"I believe security breaches are inevitable," IT security expert Kevin Mandia said, according to Dark Reading. "We're always trying to dumb down security but we need to scale our experts and we need software that scales [with them.]"
A new philosophy is being adopted in the public sector, which accepts data breaches as a fact of life. This concept was brought on by the increasingly complex and "hard-to-kill" attacks from outsiders, Dark Reading noted. Completely preventing these attacks is difficult. By having a visible and highly governed workplace, however, organizations can be better prepared, aware and knowledgeable of how to minimize damage.
As more government agencies adopt BYOD policies, data security threats grow substantially, especially when employees are not trained or aware of the vulnerabilities personal electronics can introduce to the workplace. Education, visibility and containment methods may be the best approaches to data security during today's era of consumerization.
Consumerization News from SimplySecurity.com by Trend Micro