As feds access more agency data on their smartphones and tablet computers, network managers are increasingly challenged to balance utility and security.
Their challenges include:
Keeping tabs on the growing number of mobile devices connecting to their networks.
Adopting new techniques and tools for managing devices on the network.
Managing more network traffic and troubleshooting bandwidth issues as feds access more data.
“It’s a rat race trying to stay ahead of the curve,” said Joe Beal, director of security services and chief information security officer at Creative Computing Solutions Inc., a program management and information technology services firm.
Agencies aren’t just managing agency-owned desktop computers, stationed within the four walls of an office and configured with mandatory security settings. Today, feds are using laptop computers, and in some cases their own handheld devices, to access data through virtual private networks or other means.
“As the network boundary becomes borderless, the attack surface increases,” said Beal, who also does security contract work for the Department of Homeland Security.
The more devices that connect to the network, the more there are to control, he said. Agencies have to properly track the devices that are connecting to their networks. In the past, network managers knew the virtual path devices were taking to get into the network and where the devices were located because they were government-issued, Beal said.
But that is rapidly changing. The federal government spends about $1.2 billion annually on mobile and wireless services and devices and has more than 1.5 million active accounts, according to the Digital Government Strategy, released in May. “These figures will only increase as agencies accelerate their adoption of new mobile technologies,” according to the strategy.
People aren’t just using their agency’s networks to share resources and data, said Kurt Roemer, chief security strategist of Citrix Systems. Today, they are working at Starbucks, in hotels and from home offices.
“The network is, in many cases, far beyond their control,” Roemer said of agency network managers.
Agencies are being forced to adopt new technologies to provide employees with secured access to agency data, whether they’re using a personal or government device.
“[Generally], security was there to put an end to anything they thought shouldn’t happen,” Beal said. “We are always thought of [as] being the folks that say no.”
The reality, however, is that feds are finding ways to bypass security and use applications and devices that help them get work done easier and faster.
Network managers have to understand their user community and their evolving needs, Roemer said. In the past, network managers needed to understand the network and how devices communicated on the network. Today, they have to understand what people need to do on their network and ensure that technology enables that work.
Some solutions are more intrusive than others and may require employees to download third-party software on their devices.
Agencies are already using versions of this software, known as mobile device management, to track the sprawling usage of mobile devices and ensure those devices are in compliance with agency policies.
Agencies want to manage personal devices the way they would government devices, Roemer said. They’re basically taking over someone’s device, and that is not appropriate for a bring-your-own-device program.
Mobile application management is less focused on the device’s security settings and more on managing access to agency applications on the device, in the event that it is lost or an employee leaves the agency, he said.
Network managers also must understand how much bandwidth over its network is being consumed by applications for work versus YouTube and iTunes, said Michael Patterson, CEO and co-founder of Plixer International, which develops and markets network traffic, and monitoring and analysis tools.
“You don’t want to shut users off completely,” Patterson said. There is a fine balance that IT managers have to master: How do they give users flexibility but not put the agency at risk?
The company offers a joint solution with Enterasys Networks, which allows network administrators to determine:
Which employees and mobile devices are connected to the network.
What applications they are using.
Where the devices are located and who they are communicating with.
When employees are consuming too much bandwidth.
Agencies need to set policies to maximize the bandwidth they have and avoid spending more money, Patterson said.