Government Commitment to Mobile Devices Highlights ... - AT&T

Pantone 1797CMYKPantone 1797100M 99Y 12KMOBILE APPLICATION SECURITYGameChangerSPONSORED REPORTGAME CHANGING TECHNOLOGY TO MEET AGENCY MISSIONSGovernment Commitment to MobileDevices Highlights Security NeedsLast spring, President Barack Obamaput mobile devices on the centerstage when the Office of Managementand Budget released the DigitalGovernment Strategy, the first documentaimed at standardizing and securing thegovernment’s use of mobile technology.“The innovative use of technologyis fundamentally transforming how theAmerican people do business and livetheir daily lives,” Obama said in a May 23,2012, memo titled “Digital Government:Building a 21st Century Platform to BetterServe the American People.”Government employees are notimmune to this new way of conductingbusiness. In fact, with mandates to getmore feds teleworking and improvecontinuity of operations planning, thegovernment has been pushing mobility forsome time. The development of mobilerelatedpolicies is playing catch-up.Federal agencies are also not immuneto the threats that come with these newoperations. As more feds use smartphones, laptops and tablets to conductofficial business and access governmentnetworks, the risk of exposure to viruses,malware and data theft multiply. Malwareattacks directed at mobile devicesincreased by 185 percent in less than ayear, according to a Sept. 18, 2012, reportfrom the Government AccountabilityOffice titled “Better Implementation ofControls for Mobile Devices Should BeEncouraged.”But securing a device is only part ofthe issue. Agencies must also protecttheir networks. To do that, government ITmanagers are turning toward applicationcontrol. Application control involves settinglimits on what apps are appropriate forcertain devices and restricting what the appscan do and who can use them.There is a growing market formobile device management solutionsfor desktop and mobile computers.For instance, the Agriculture and theVeterans Affairs departments awardedMDM contracts last year, and NASAruns several at its facilities. Agenciescan also develop their own.Several organizations are developingpolicies or guidelines to help agenciesget and stay secure. For instance, theNational Institute of Standards andTechnology recently released revisionsto “Security and Privacy Controlsfor Federal Information Systems andOrganizations, Special Publication(SP)800-53, Revision 4,” outliningapproaches to application security.In August, the federal CIO Councilreleased a toolkit for agencies planningto implement a bring-your-own-devicepolicy, allowing workers to use their ownmobile technology within limits set bythe agency for which they work.“‘Mobility’ is not just aboutembracing the newest technology, but“THE INNOVATIVE USE OFTECHNOLOGY IS FUNDAMENTALLYTRANSFORMING HOW THEAMERICAN PEOPLE DO BUSINESSAND LIVE THEIR DAILY LIVES.”—PRESIDENT BARACK OBAMArather reflects a fundamental change inhow, when and where our citizens andemployees work and interact,” states theDigital Government Strategy. “Mobiletechnology – the devices, infrastructureand applications required to support amobile citizenry and workforce – is acritical enabler of mobility, but is onlypart of the profound environmental shiftthat mobility represents.”WHAT AGENCIES ARE DOING ALREADYIN 2012, 2,400 SPECIAL AGENTS at the Bureau of Alcohol, Tobacco, Firearmsand Explosives switched from BlackBerrys to iPhones in an effort to makeApple’s mobile platform the agency’s standard and thereby simplify theinfrastructure for managing those devices.The Defense Department’s National Center forTelehealth and Technology is using mobile applicationsto help members of the military and veterans handlehealth information. Among the apps it has created forAndroid, iOS and BlackBerry is Breathe2Relax, whichshows videos of deep breathing exercises and explainshow breathing works.The Census Bureau has a mobile app called America’sEconomy that mashes up Census statistics with data fromthe Bureau of Economic Analysis and Bureau of LaborStatistics to provide real-time economic indicators that economists, planners,business owners and the public can use to see trends in the U.S. economy.The Equal Employment Opportunity Commission was one of the firstfederal agencies to implement a bring-your-own-device program. It allowedemployees to eschew government-provided mobile devices in favor ofinstalling third-party software on their own smart phones so they could usethem for official work.

Pantone 1797CMYKPantone 1797100M 99Y 12KMOBILE APPLICATION SECURITYGameChangerSPONSORED REPORTGAME CHANGING TECHNOLOGY TO MEET AGENCY MISSIONSDefining and Preventing ThreatsMobile technologyexposes users,organizations and networks toa spate of risks. Enter a newgenre of protections: mobiledevice management (MDM)and mobile applicationmanagement (MAM). MAMmaps out what applicationsare allowed on companyissuedor personal mobiledevices accessing companysystems, while MDM includesall of a device’s configurationsettings.The bring-your-own-deviceprinciple of incorporatingpersonal handhelds intoworkplace networks isa driving force behindMAM. Characteristics ofMAM include applicationdelivery, updating,performance monitoring, userauthentication, user controlsand analytics.BY THE NUMBERSMOBILE USEMDM solutions help byworking across multipleoperating systems – such asApple iOS, Google Androidand Microsoft WindowsMobile -- and device typesand brands, includingiPhones, iPads, BlackBerrys,Samsung Galaxies and more.Security measures built into those devices are simplynot enough to combat threatsthat can come throughmultiple portals: SMS, MMS,Bluetooth, Wi-Fi, 2.5G, 3G,4G or desktop sync.In addition to addingsecurity layers, MDM keepsindividual devices andorganizations’ networkssafe by helping informationtechnology managers trackdevices and users. MAM andMDM also help establishpolicies and standards forusing handhelds by forcingIT leaders to think aboutwhat mobility means at theirorganizations. Consequently,MDM outlines how anagency supports mobiledevices.The General ServicesAdministration recognizesthe need for reliable MDMACCORDING TO THE Digital Government Strategy, overall mobile broadbandsubscriptions are expected to grow from about 1 billion in 2011 to more than 5 billionin 2016, and by 2015 more Americans will get online using mobile devices thandesktops.Within the government, statistics from the Mobile Work Exchange’s “The 2013 DigitalDilemma Report: Mobility, Security, Productivity – Can We Have It All?” released Jan.15 support such an explosion in use:• Three out of four feds use mobile devices to do work an average of nine hoursper week.• 95 percent of feds said access to mobile devices improved their work.• 55 percent bring their own devices to work, but one in three of those users lackspassword protection.• 85 percent of feds have downloaded an app to their personal smart phone or tablet.suppliers. It issued a requestfor technical capabilities onFeb. 1 to find vendors offeringMDM and MAM solutions.Other organizations, suchas the National Institute ofStandards and Technologyand the CIO Council, are alsoputting together policies formanaging mobility while alsoencouraging it.“To provide the highestvalue of services, we mustrethink from step one howgovernment builds andprovides services for theAmerican people,” federalCIO Steven VanRoekel saidAug. 23, 2012, in “Building-Blocks of a 21st CenturyDigital Government.” “Wemust unlock rich governmentdata, information and servicesso that everyone from citizendevelopers and private-sectorentrepreneurs, to our veryown federal agencies can helpprovide the American peoplewith the access to theseservices ‘anywhere, anytime,on any device.’”

Pantone 1797CMYKPantone 1797100M 99Y 12KMOBILE APPLICATION SECURITYGameChangerSPONSORED REPORTGAME CHANGING TECHNOLOGY TO MEET AGENCY MISSIONSSimplifying Mobile Securityhe advantages of a mobileT workforce are many, and so arethe risks to security as employeesuse personal devices from a varietyof manufacturers and providers toconduct business. In fact, unsecuremobile devices account for a largepercentage of workplace data loss. Butmultiple problems don’t require multiplesolutions, which is why AT&T createdMobile Security, a single end-to-endservice that protects organizations withmobile device users.“AT&T Mobile Security is a greatexample of AT&T getting ahead ofemerging threats and leveraging thepower of our network for new securityarchitectures and mechanisms,”said Miles Mendenhall, director ofsecurity technology at the company. “Itprovides endpoint protection throughantivirus and antimalware supportingbuilt the service to handle large capacityand have plans to add more sites as thespecific needs of our commercial andgovernment customers arise.”UNIVERSAL PROTECTIONACROSS WIRE LINE, WIRELESSBy leveraging the AT&T network andenabling organizations to apply thetypes of controls and security policiesto mobile devices that they wouldto desktop or laptop traffic, AT&TMobile Security offers a unique edge,Mendenhall said. The key is in thesolution’s core strengths:• Network-based applicationmonitoring.• Traffic inspection.• Authentication.• Access control functions.“We leverage the strength of thenetwork to do the heavy lifting inrequired to support secure governmentcontracts,” Mendenhall said. “Not onlyare the personnel separated, but theplatform is isolated in secure nodes,along with a dedicated disaster recoverylocation in another U.S. time zone, awayfrom any outage that might impact aprimary production location.”DEDICATION TO SECURITYAT&T Mobile Security illustrates thecompany’s dedication to continuedsecurity innovation. The technologybehind the service originated at theAT&T Research Security Center, where aspecialized team of more than 12 Ph.D.sis dedicated to creating and implementinga secure future for mobile devices.“AT&T has been focusing onnetwork security for most of ourhistory,” Mendenhall said. “It has beenat the forefront of many developments“AT&T HAS BEEN FOCUSING ONNETWORK SECURITY FOR MOST OFOUR HISTORY.” —MILES MENDENHALL, DIRECTOR OFSECURITY TECHNOLOGY AT AT&Tmajor mobile operating systems,and implements core mobile devicemanagement functions, such as lock,wipe, locate, password policy andencryption policy.”Where most mobile security focusesonly on the device, AT&T MobileSecurity provides multilayered protectionon the device and in the network.“AT&T Mobile Security usesstate-of-the-art and leading securityproviders within its service design toenable integration with other AT&TManaged Trusted Internet ProtocolService [MTIPS] services with the samenodes,” Mendenhall said. “Our abilityto scale the platform is enabled throughcarrier-grade methodology in bothrouting and blade-based design. We’veproviding secure data traffic anddestination policies without drainingmobile device CPU, storage or batterycapacity,” he said. “We believe thatin addition to enforcing a strong setof perimeter controls, you must alsoconsider that the perimeter has beenopened with access from mobile devicesthat would not be normally permitted.Thus, you need a solution that takes intoaccount the differences between mobiledevice traffic and traffic originating fromthe PC or other desktop environment.”In addition to physically protectingthe platform within AT&T MTIPSarchitecture, the company also monitorsthe people who handle security.“Additionally, support personnel arevetted and have background clearancesthat have become today’s networksecurity best practices, including asecurity governance/policy model, riskmanagement methodologies, defense-indepthsecurity design, firewalls, threatmanagement and analysis, and securityevent correlation. It’s only fitting that toaddress the challenges of mobile security,AT&T is using our expertise in networksecurity to help protect an organization’sassets through wireless access.” •To learn more about AT&T MobileSecurity, please visitwww.att.com/gov/protect