Wipe Out: Data Vanish on Smart Phones

Allowing Gov't Workers to Use Own Devices Comes with a Big If

By , December 7, 2010.
Wipe Out: Data Vanish on Smart Phones
Read Transcript

Unfettered access to state data "is the kind of stuff that causes me to lose sleep at night," Delaware CSO Elayne Starkey says, in explaining new, stringent rules to let employees use their own smart phones to access state networks.State employees in Delaware who want to use their own BlackBerries, iPhones and Droids to access government servers can, but must follow stringent security rules that could result in the loss of all of the data - government generated and personal - from their smart phones if those devices are deemed a threat to state information systems.

Simply, if someone unsuccessfully tries seven times to remotely log on to the state IT network, data on that mobile device would be automatically deleted. "That's not something I want to do very often, but we need to reserve the ability to do it if needed," Elayne Starkey, Delaware state chief security officer, says in an interview with GovInfoSecurity.com.

That's the same policy Delaware uses for state-owned BlackBerries as a protection against those who might use lost or stolen devices to access state networks. "If that smart phone is indeed connected and synced to the state network, if it's not password protected and gets lost or stolen and gets into the hands of someone, they literally have unfettered access to state data, which is the kind of stuff that causes me to lose sleep at night," Starkey said.

Until November, Delaware had allowed employees to access state systems with their own mobile devices, but with limited security, and that posed too great a risk. "I know my peers in other states have taken the approach of just locking everybody out, and we considered that in Delaware, we considered it very seriously," Starkey says. "But we decided we wanted to have a more customer friendly approach and find a way to balance the security requirements with the needs of our customers."

Employees must agree to the stringent security rules that include password management, strong passwords, inactivity timeout monitoring, encryption and the potential that all data could be wiped out before their own smart phones can access state networks.

In the interview, Starkey also discusses:

  • Protecting the privacy rights of employees who use their own devices to access state networks;
  • Preventing data leakage from e-mails emanating from the state IT neworks and
  • Limiting the use of Social Security numbers by the state.

In an earlier interview, Starkey addressed managing a team of IT security professionals not protected by civil service and the use of metrics to evaluate their performance.

Starkey, who was interviewed by GovInfoSecurity.com's Eric Chabrow, holds two computer science degrees, a BS from James Madison University and an MS from the Rochester Institute of Technology.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Ramping Up Medical Device Cybersecurity

The FDA is ramping up efforts to strengthen the security of medical devices. That includes a...

Latest Tweets and Mentions

ARTICLE Ramping Up Medical Device Cybersecurity

The FDA is ramping up efforts to strengthen the security of medical devices. That includes a...