New guidelines could help agencies adopting bring-your-own-device strategies manage the potential risks smartphones and tablets could pose.
wfedstaff | April 17, 2015 3:58 pm
By Keith BieryGolick
Special to Federal News Radio
The mobile revolution is putting agencies under a new kind of cyber pressure. With employees pressing to bring their own devices, or use smartphones or tablet computers more and more, the cyber risks from these devices continues to grow.
To combat potential problems, the National Institute of Standards and Technology (NIST) advised agencies to test any software prototypes before putting them in the hands of employees, and centralize device management in new draft Guidelines for Managing and Securing Mobile Devices in the Enterprise.
“To put things into perspective, think of what your agencies did when your users were using their laptops or taking their laptops home and telecommuting,” said NIST Computer Scientist Tom Karygiannis in an interview on In Depth with Francis Rose. “If you compare the capabilities that you have with a cellphone, with a mobile phone or a smartphone today, they probably are, in computing power, a lot more powerful than the laptops of just a few years ago.”
With equal ability to store confidential data, the biggest difference between mobile devices and laptops is that mobile devices have a greater chance of being lost or stolen, he said.
“On laptop you may have biometrics for example. This is a lot harder to do on a hand held or mobile device,” Karygiannis said.
NIST recommended running a pilot test — something that is often overlooked — on security software to help lessen some of this risk.
“Right now there’s a lot of hype about the productivity gains, the cost-savings and so on with these mobile devices, but some of these don’t actually play out when you actually try to use the devices in your enterprise,” Karygiannis said. “You don’t just open the device out of the box and start using it.”
In an era of overwhelming budget concerns, the allure of letting employees bring their own devices to work can be strong, but Karygiannis said agencies should proceed with caution.
“The two main arguments for bring your own device are the cost-savings and possibly the productivity gains,” he said. “I would recommend people to do a really good analysis to see if that’s the case. Sometimes they cite the cost-savings of having the employee buy the device, but there’s a lot of work to do to support the services you want by adding security, help desk, training, incidence response. All these things would add up the cost.”
As far as productivity gains go, Karygiannis said those are notoriously difficult to measure.
“There are some cases, where maybe you’re doing data acquisition in the field, really nice examples of how there are huge productivity gains,” he said. “And then in other cases you might want to ask yourself is the technology this device is replacing … am I really doing that much more and at what cost? Is it worth the extra risk, if there is extra risk?”
In the report, NIST provided six guidelines to help agencies secure its mobile devices:
Keith BieryGolick is an intern at Federal News Radio
RELATED STORIES:
NIST adds mobile flavor to revised draft HSPD-12 guidance
Agencies struggle to grasp mobile cybersecurity
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.