Insight by BlackBerry

Secure communications need to balance usability with risk

Little gets done in the federal government, or any organization for that matter, without the ability to have confidence in their communications. This is especially true during emergencies such as natural disasters, when the phone may be the only device working.

But it’s not just during emergencies, as more and more agencies move to voice over IP (VOIP) and other technologies like instant messaging or texting that depend on the cloud and security making secure communications become even more important.

Market research firm Deltek reported in 2017 that overall federal spending on VoIP equipment, virtual desktop infrastructure, unified communications, and messaging capabilities is averaging at least $24.3 million per year between 2014 and 2016. Deltek says these numbers may actually be a bit conservative given how agencies are bundling these voice and communications capabilities with other cloud offerings.

And as agencies spend more money and employees’ dependence on mobile devices goes up, security of those communications must be at the forefront.

But the government also recognizes the need to balance security with usability.

This is why the Homeland Security Department is working on research around end-to-end phone call encryption.

At the same time, the National Institute of Standards and Technology hasn’t updated its special publication to secure VoIP since 2005 so there may be a few things that has changed since then.

And the need for secure communications is expanding to more than just phones and VoIP as the growth of virtual assistants like Google Home or Amazon Alexa continues. By some estimates 1-in-6 Americans own this type of device.

So think about what this means if you are a federal employee at home talking on a secure device but your Alexa or Google home picks up your conversation, that opens a whole new range security risks.

Addressing these challenges, like most things, require a combination of technology, training and awareness.

Cybersecurity Strategy for Agencies

When you connect to the network, we want to know, whether it’s your mobile device, your laptop or an always connected workstation, what your security posture is, how is that device hardened, are you up-to-date with current anti-virus patches? That gives us a baseline to start from and figure out what you are actually bringing to the environment.

Challenges and Opportunities Around Protecting Mobile Devices

When it’s data in the form of an email, a document or a file, we know how to [secure] that today and we have various networks for that. When we talk about voice and others, that’s a challenge we understand but there are some difficulties and challenges around that, and opportunities too.

Commercial Solutions for Classified Data and Risk of New Devices

There are ways to design those devices [home assistants or smart speakers] as an endpoint that is protected and managed so you can securely use it. One of the ways we do that is by turning off some of those features and making sure you understand when is it monitoring, when isn’t it and what type of environment is it in.

Listen to the full show:

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.