The Move to MobilityObama's Initiative Requires Different Approach to Security
On the surface, it seems like a no-brainer.
In the U.S., President Obama announced this past week his Digitial Government strategy, which essentially requires federal agencies to re-think their use of mobile technologies. At minimum, every agency must make at least two services available to the public via mobile applications within a year. Within 90 days they must create a page on their websites to publicly report progress toward meeting these requirements.
Convenience seldom is easy, and the government faces significant privacy and security challenges in fulfilling its mobile initiative.
Makes sense, right? Increasingly, we all are conducting more of our personal business on smart phones, tablets and laptops. We're already doing our banking, shopping and making travel plans. Why shouldn't we use mobile devices to access government agencies and their services? I mean, how soon can you get this mobile initiative to the local level, so we can bid farewell to those long lines to renew our automobile registrations?
But convenience seldom is easy, and the government faces significant privacy and security challenges in fulfilling its mobile initiative.
Let's just think about some of the fundamental challenges any organization encounters when it dives into mobility:
- Mobile Malware: Trojans, viruses and other forms of malware are now designed specifically for the mobile marketplace. And researchers only see an increase in mobile malware development - in pace with market growth. Agencies are going to have to consider how to help protect constituents from the fraudsters.
- Third-Party Apps: Consumers love their smart phone and tablet applications, but often these apps come from third parties with questionable security practices. Or worse, the apps are created by fraudsters and loaded with malware. Will agencies now be operating their own internal app stores to help ensure security?
- Unsecured Wi-Fi: The unsecured wireless network is a toll-free highway for fraudsters to gain access to mobile devices, either to seize control of or gain access to private information. Will agencies now routinely encrypt all data that is transmitted via mobile?
- User Behavior: This is the biggest security threat of all, and it's the one over which agencies have the least control. Consumers are prone to download third-party apps, use unsecured wireless networks, open and click links in SMS text messages and e-mails, and lose their mobile devices. Mobile-use behavior is creating a whole new suite of vulnerabilities, and fraudsters are eager to take advantage. What efforts will agencies make to help educate consumers to make smarter decisions when conducting government business via mobile?
Lots of questions; few easy answers.
The larger issue, of course, is the seismic shift within security departments. Up to this point, they largely have been focused on protecting data and devices within their own organizations' perimeter. Firewalls, authentication, access management, antivirus protection - if you could just manage the equipment and users within your reach, then you could meet most of your security and privacy objectives.
With mobile, this all changes. Suddenly you're talking about consumer devices - equipment, users and behavior that are beyond an organization's control or policies. How do security professionals manage this shift? How do they train their personnel to essentially be consultants - trying to influence the behavior of individuals they really can't control? Government agencies will need security personnel with new skills, and frankly they've been challenged enough to hire staffs with the old ones.
Don't get me wrong. I don't challenge the Obama administration's digital strategy. Mobile is the right way to go. I just say the transition is a lot tougher for the agencies than for the consumer - and with security and privacy on the line, there's no margin for error.
There is no app for this. It's an evolution the federal agencies - and all of us - are going to have to undergo the hard way.