InfoEdge Logo
Offering Select IT And Business Management Research
research@infoedge.com
800.544.7337 | 617.969.9080
Home Page About Us Contact | Questions Shopping Cart
Recent Reports Information Centers Free Research IT Business News and Articles CIO Strategy Center Browse Categories
Related Reports
Security Audit Program
The audit program is one that either an external auditor or an internal auditor can use to validate the compliance of the Information Technology organization and the enterprise to ISO 17799, Sarbanes-Oxley, HIPAA, and PCI-DSS.
IT Spending, Staffing and Technology Trends
The study tracks spending in ten industry and government sectors and provides objective and comprehensive data designed to assist IT and business executives in the financial and strategic management of information technology.
Options in Enterprise Backup
This report reviews the intricacies of backup practices and procedures, including security, business continuity, archiving and compliance.
The State of the Mainframe
Mainframe MIPS growth is averaging around 20% per year. This new report looks at the current state of this "legacy" system.
IP Telephony Solutions: Product Comparison Report
This report includes an overview of the enterprise IPT market, a comparison of nine leading IPT solutions, and a summary of the relative strengths and weaknesses of each product.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Regulatory Resource / Sectors

Protecting data as Government Becomes Mobile

Stacey McDaniel

Data loss isn't a problem that's restricted to a single agency. Rather, it's a government-wide concern. Data loss represents a persistent and omnipresent threat to the vital electronic records that our country relies upon to operate.

A House Government Reform Committee report found that 19 federal agencies have reported at least one loss of personally identifiable information since January 2003. It is worth noting that the vast majority of data losses arose from physical thefts of portable computers, drives and disks, or unauthorized use of data by employees.

Here are just a few of the incidents that involved mobile devices and related hardware:

  • May 2007: The Transportation Security Administration investigates the possible loss or theft of an external hard drive that contained the payroll data of about 100,000 current and former employees.
  • May 2006: The Department of Veterans Affairs announced that a laptop containing the personal information of approximately 26.5 million veterans and active duty members of the military was stolen from the home of a VA employee.
  • April 2006: The Department of the Treasury learned that an IRS employee laptop containing 48 corporate taxpayer records and four individual taxpayer records had been stolen.
  • March 2006: The Department of Defense confirmed the loss of a thumb drive containing personal records on approximately 207,570 enlisted Marines who served between 2001 and 2005.

Easy to use...and to exploit
Portable devices, like laptops, PDAs and handhelds make it easier for government employees and contractors to perform work outside of the traditional physically secure office environment. However, the portable and lightweight nature of these devices also makes them an attractive target for theft. Not only that, but because they are designed for employees to access the network remotely, these devices also offer an easy path into the network for unauthorized users.

Three-pronged approach
So how does an agency protect data that is being accessed by an assortment of endpoints from a variety of locations? The answer is not just about data security, but also endpoint and network protection:

  • Protect data infrastructure: IT needs to implement security procedures that protect critical data inside network boundaries, while ensuring the security policies regarding data use are enforced, regardless of where the data is being accessed from. Security measures shouldn't interfere with keeping applications and the infrastructure reliable and responsive. Keep operations as simple and as standardized as possible -- backups should be centralized and metrics can be used to help resolve problems and restore performance quickly.
  • Secure mobile devices: More government employees than ever are teleworking and even more use mobile devices on an occasional basis to perform work-related functions from outside the office. That is why it is so crucial that agencies ensure that mobile devices used to store, transfer and process data are secured. This includes protecting the data from unauthorized use, should the device be stolen or lost. Endpoint security solutions are available that will keep the devices compliant with the agency's security policies and up-to-date with the latest security features.
  • Safeguard data transfer: This requires a layered approach that stops potential threats from appearing at network gateways, via end users, or at archiving and storage systems. The solution should enable all relevant email messages and data transfers to be delivered and stored in a secure (and accessible) location. The overall solution will also include anti-spam, fraud, virus, and spyware protection, as well as threat protection software enabled for all network tiers across all mobile devices.

Conclusion
Once an agency is confident that its data infrastructure is secure and those who access it will not pose undue threats, other goals can be achieved. These goals include increased inter-agency sharing, a more realistic continuity of operations plan (COOP) and the opportunity for more employees to telework. Achieving data security in a mobile environment requires a comprehensive, agency-wide effort. Employees must be educated on the proper use of devices and safe practices and the data infrastructure must be secured at all levels, down to the devices that connect to it.

Stacey McDaniel has been writing about high-tech issues for more than six years.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Sectors
Law
Tactics
Related Content

Features

View More


Metrics

View More

Fast Fact

Nineteen federal agencies have reported at least one loss of personally identifiable information since January 2003.

-- House Government Reform Committee report
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.
Geography Specific | Advanced Technologies | Industry Verticals | Executive Management | Information Technology | Human Resources | Telecommunications | Sales And Marketing | Finance | Hardware | Software | Web | Outsourcing | Top IT Priorities
home   |     site map   |     about us   |     privacy statement   |     research providers   |     contact us   |     categories

Entire contents ©2008 InfoEdge. All Rights Reserved.
Email: research@infoedge.com