Federal Government Sets Sights on Tablet Security

In our increasingly digital world, our nation’s information security is becoming as important as its physical security. Cyber terrorism threats against the U.S. government and American businesses and infrastructure are a growing concern – so much so that last year former FBI director Robert Mueller said it was on the road to becoming “the number one threat to the country.”

Cyber attacks are a complex problem that requires a proactive and comprehensive IT defense strategy and vigilance at various levels. One important component of this strategy is to ensure that the devices used by government officials, employees and contractors are capable of protecting the sensitive information they contain.

As government goes increasingly mobile, many employees are looking to tablets as their device of choice. Offering a combination of lightweight portability, connectivity and ease of use, tablets can enable substantial gains in productivity and efficiency. However, tablets are ultra-mobile devices that can easily “walk away” in the wrong hands, making it especially important for all users to ensure that the data kept on them stays safe and secure.

With this in mind, the U.S. Office of Management and Budget earlier this year distributed the Federal CIO Council’s “Mobile Security Reference Architecture,” a 104-page document to guide federal agencies on security strategies for government-owned tablets and smart phones. As Patrick Marshall of GCN writes, the guidelines are not applicable for every mission, nor do they include recommendations on specific operating systems or devices, but they represent one of the federal government’s most comprehensive directives to date on tablet security.

The report recommends starting with an assessment of an agency’s digital assets and developing metrics to help determine how best to secure them. It calls for IT staff to ask a number of questions, including:

  • Who has access to what data?
  • What identity levels are needed?
  • What actions can users take on the data?
  • Where and when do users have access?
  • What types of devices can have access?
  • In what physical locations can the devices be used?
  • Are specific locations unsuitable to access data from?
  • Are there availability metrics that define the quality of access?
  • Where can the data exist from its native source and how is integrity and confidentially assured?
  • Should the change log be retained?
  • Does the data have to be encrypted at rest (if allowed) or in transit?

Although not explicitly discussed in the guidelines, another important consideration is device choice – the first step toward mobile security in any scenario. It’s important for decision makers to look for professional-grade technology such as Panasonic’s Toughpad line of tablets, which offer software- and hardware-based security controls unavailable on common consumer devices, to enable them to connect with the data they need wherever they are, safely.

Whether you work for the government or not, these federal guidelines can be a useful resource in the development of strategies to keep your organization’s data secure in the era of the tablet. And as mobility increases in importance for both public and private organizations, it’s becoming more important than ever to keep this important topic in mind.