With the risk of Smartphones going missing, along with agency data, mobile devices in general can introduce malware to enterprise networks. On the other hand, employees want the ease of use of consumer technology and agency managers covet the potential productivity boost.
If a policy is too stringent, it will discourage smartphone and tablet use, especially in BYOD programs. A policy that goes too light on security could invite trouble in the form of lost data and business disruption.
Federal information security specialists are tackling the dilemma in various ways.
In September, the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) published a revised draft of a mobile security guide that addresses the security versus usability challenge.
Bill Fisher, an information security engineer at NCCoE, said mobile security measures can have the unintended consequence of prompting users to evade protective measures, rather than comply with them.
Though users might not set out to deliberately shun mobile security standards, they can end up taking liberties for the sake of productivity.
The NCCoE recognizes the need to keep users on board with mobile security. Its “Mobile Device Security for Enterprises” guide, which it describes as a building block, lists a number of security capabilities that promote usability. They include making remediation procedures, the establishment of protected connections and making authentication methods as unobtrusive as possible.
To read the entire article, please visit www.fcw.com.