According to a Cisco report, the number of connected devices per person worldwide will rise 50% from from 15 billion to 50 billion by 2020. And, at the same time – as we all well know the days of a government employee logging on just during traditional business hours, from 9 a.m. to 5 p.m., in one building, on a handful of devices, is over.
Feds bring the “constantly connected” mindset from their personal lives, to work, along with new expectations. For example, the ability to take and share a photo instantly. Instant messaging. Social collaboration. And access to information – all needed/desired information – anywhere, anytime.
For Federal security teams, it’s a love-hate relationship. On the upside, there are huge productivity benefits. And, new opportunities for insights with the data collected and shared. But, as the volume and the variety of connected devices increases, so do potential cyber threats.
A recent study shows barely half of agencies have taken critical steps to secure endpoints, including scanning for vulnerable/infected endpoints, and about one-third of Federal IT managers noted they have experienced endpoint breaches due to APT or zero-day attacks. Additionally, less than half of respondents said their agency’s endpoint security policies and standards are very well integrated into their overall IT security strategy, so how can CIOs and CISOs manage these risks and keep the love strong?
Federal panelists at Dell EMC World in October discussed the need to modernize security practices and consider the full range of connected devices – not just mobile phones and tablets – but devices from drones to the Postal Services’ handheld scanners. Frank Konieczny, CTO of the U.S. Air Force, noted, “We need to shift to more of a risk discussion.”
Everyone warned against making things too difficult for the end user – who will always find a way around a too-burdensome process (i.e., Gmail).
What steps should Federal agencies take?
- Identify all connected devices to identify possible weaknesses and apply security controls and policies
- Patch endpoints regularly and implement exploit and malware prevention
- Take a proactive stance – incorporate lessons learned from the endpoint into the broader cyber security strategy
As today’s mobile workforce, and in turn, the associated potential cyber threats, continue to increase, agencies need to find ways to securely manage data and endpoints without inhibiting employee productivity. Matt Eastwood, SVP of enterprise infrastructure and data center, IDC, stated in a recent announcement, “[A] unified policy-based approach to data and endpoint security which leverages comprehensive systems management capabilities for all connected devices is the best way to achieve security and compliance end-to-end.”