As data theft continues to grow, the U.S. federal government is moving away from spending money to keep legacy IT systems limping along and increasingly adopting mobile device management strategies with an eye on thwarting cyber attacks.
The annual government technology buying cycle - that time of year when agencies plan what technology they’ll buy to prepare for the next year - is wrapping up, and it’s clear the public sector is moving toward mobile device management. This is a forward-looking step away from the 70 percent of federal IT spending that historically focused on maintaining legacy systems, as outlined in an August 2013 MeriTalk report.
Instead, in 2016, more government agencies will be using advanced strategies to thwart cyber attacks with a focus on mobile strategies. In my work coordinating technology solutions for U.S. agencies through this year’s buying cycle, what has become clear is that agencies are done struggling to simply keep pace with outdated IT and are embracing next-generation technologies. A large motivator has been the rise in data breach threats, as well as the need to make sure government employees can use mobile devices and access data, not only while in government facilities, but anywhere else through virtual private networks.
Government agencies are working to strike a balance between vigilant security and efficient mobile usability. An estimated 94 million citizen records have been exposed through government data breaches since 2009 - costing $18.2 billion in damages, according to a Ponemon Institute study. The Government Accountability Office’s analysis of US-CERT data found that the number of reported information security incidents involving information that identifies citizens’ personal information has doubled from 10.4 million in 2009 to 25.6 million in 2013.
To combat the scourge, the government is embracing a layered security approach that breaks “the cyber attack kill chain.” This is the name IT leaders have given the chain, which begins with initial identification of a breach and adds layers of security across several additional links leading up to isolating and managing the breach.
That approach shows the best defense truly may be a good offense. And being on the offense means preparing a technology policy that each mobile user can adhere to. By embracing the below nine-point policy, any organization should be well on its way to protect from cyber attacks:
- Use a password or other authentication on every device and make sure these turn on automatically
- Enable encryption either as part of a device’s hardware or a customized add-on solution
- Install and activate remote wiping or remote disabling in the event of a lost or stolen device
- Disable and do not use file sharing applications which can enable unauthorized users access to a device
- Use firewalls to intercept incoming and outgoing connection attempts and install ways to block them
- Enable security software to protect against malicious applications, viruses, spyware and malware
- Keep security tools up to date
- Make sure any mobile apps downloaded will only perform the functions the user approves
- Completely wipe a device before discarding or reusing
Anand is director of Federal Sales at Insight Public Sector. Based in Washington, D.C., Anand works hands-on with technology leaders and the federal government’s choice of intelligent technology products, services and solutions.