April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
All aboard for the migration to government’s mobile security environment of the future
In the rapidly changing mobile environment of government security, agency executives are challenged as never before by two stark realities. First, in an ecosystem increasingly shaped by the “bring your own device” (BYOD) trend, they need to be preparing their workforces to use mobile devices. Second, they must make sure that they are able to provide a level of security for mobile devices that matches the level found on their desktops.
But, effective mobile device management (MDM) must do more than allow for various security levels and ensure end-user authentication. It also needs to maintain the quality of end-users’ experience by integrating work and personal digital space on a single device and providing ease of use and convenience. Fortunately, there are mobile security solutions that enable the migration to mobile devices while preserving the necessary security and authentication policies required by Homeland Security Presidential Directive 12.
Need for a mobile security strategy
Two over-arching executive branch policy directives are driving the evolution of the mobile security landscape in the federal government. First, Homeland Security Presidential Directive 12 (HSPD-12) requires U.S. federal agency employees and contractors to use smart cards for physical and logical access to systems. Second, OMB Memorandum M-11-11 (issued in February 2011) has expedited implementation of Personal Identity Verification (PIV) cards for access to facilities, networks and information systems.
Meanwhile, more and more agency Security Technical Implementation Guides (STIGs) are specifying that people who access federal or military applications through mobile environments must use some second factor form of identification. Typically, this second factor identification is a PIV or CAC card, validated by a personal identification number (PIN). But PIN numbers, much like user IDs and passwords, can be forgotten and stolen.
Advantages of multi-factor authentication
As government security executives are acutely aware, they must be continuously vigilant to meet the ever-evolving threats driven by the BYOD trend that reaches across defense and civilian agencies. When it comes to minimizing the authentication risks of mobile devices, the most effective remedy is “anywhere, anytime” multi-factor authentication capability.
What do we mean by “multi-factor” user authentication? Proof-positive authentication should be comprised of some combination of what you know (password or PIN), what you have (ID card or token) and who you are (biometrics). The more factors, the stronger the authentication.
Passwords alone are inadequate because they can be so easily compromised. While solutions combining password/PIN and ID card/token are often considered strong enough, only biometrics -- fingerprint, palm print, iris scan, facial recognition and other technologies -- can provide absolute proof that a person is who they claim to be. Biometrics, in fact, is the most powerful line of defense against unauthorized mobile access.
Building an effective mobile security infrastructure
Evolution of the federal government’s mobile security infrastructure took a giant leap forward on July 1, 2013 when the Defense Information Systems Agency (DISA) awarded the contract to develop its MDM system. According to a DISA news release, the establishment of the MDM system “sets the stage for the digital ecosystem that will operate and assure the mobile devices that connect with DOD networks. (MDM) is the next major step forward in DOD’s process for building a multi-vendor environment, supporting a diverse selection of devices and operating systems.”
Now that DISA has made its much-anticipated first move, other agencies can be expected to follow suit with their own MDM awards that will establish which software -- Apple’s iOS or Google’s Android -- controls devices out in the field, who gets what applications, and how many levels of authentication -- PIN, PIV/CAC and/or biometrics -- will be required to gain access.
MDM implementation: Bringing it all together
What is the key to an agency MDM deployment that provides the same level of security on mobile devices as on desktops? The answer can be found in the latest security hardware solutions that not only include multi-factor authentication but also provide a new level of integration and interoperability with existing government identity management systems -- be they iOS- or Android- based. Solutions that are currently available in the marketplace support strong multiple authentication mechanisms for:
- Secure Internet browsing;
- Secure email or text messaging;
- Secure and convenient digital signature;
- User friendly and secure replacement for PINs and passwords;
- Protection of user’s identity; and
- Protection of user’s credentials and the actual device.
One such solution is a sleeve for smartphones and tablets that contains a combination smart card and fingerprint reader to protect against unauthorized application access. There has never been a more user-friendly way to incorporate multi-factor user authentication on a mobile device, by instantly reading the PIN and other credentials on a PIV or CAC card.
Looking to future of mobile government security, one thing is abundantly clear. The key driver of organizational productivity and security for government agencies in the BYOD-driven mobile environment is going to be secure migration of applications from the desktop/ laptop ecosystem to mobile devices. By creating the right policies, implementing the right mobile security infrastructures and taking full advantage of currently available mobile security tools, agency security executives can keep the evolution of MDM heading in the right direction -- toward a mobile world with the most powerful defenses against security threats.
Jeff Scott is vice president of sales for North America for Precise Biometrics. He can be reached at: