by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : May 2015
GCN MAY 2015 • GCN.COM 19 SHUTTERSTOCK/GCNSTAFF POLICY “It’s about governance first,” said Su- sie Adams, chief technology officer for Microsoft’s Federal Business Practice. “You have to carefully balance infor- mation security classifications.” Agencies must develop an under- standing of the sensitivity of their data. She advised classifying data as low, moderate or high impact. “You also have to balance the poli- cies that govern access to the data,” she added. “Just in general: Who should be able to access that data?” The answer might depend on the trustworthiness of the device itself. “Not all devices are created equal,” Adams said. “We know it depends on the version of the device, how old the device is, does the device have malware on it? Has it been compromised?” MANAGEMENT TOOLS “There are a few considerations when implementing a BYOD pro- gram,” said Paul Brubaker, director of government solutions at VMware’s AirWatch. “What’s most important is to partner with an [enterprise mobility management] solution that can accommodate the broad range of available devices and applications while also [giving] IT the security tools they need to securely deploy and manage this breadth of devices and applications.” In an email interview, Brig. Gen. Kevin Wooton, principal deputy director of integrated operations at Air Force Space Command, said a commitment to a risk management framework is essential. “Any attempt to translate a tradi- tional ‘risk-averse’ security model will likely make the devices so locked down as to be useless,” he wrote. “This doesn’t mean you don’t want your security folks to be muted or to give them short shrift, but decision- makers must understand rationale, modern security capabilities within mobile device management ‘sand- boxes’ and their own agencies’ risk tolerance. Key to that will include not treating all data the same with regard to sensitivity and then draw- ing appropriate lines in the sand that maximize the user experience while incorporating the critical security requirements.” Wooton concluded by saying, “If one doesn’t understand the already value-added security coming from modern mobile device makers and the MDMs, typical agencies will have trouble finding the happy medium between security and usability.” Chris Roberts, vice president of the worldwide public sector at mobile security platform provider Good Technology, took a broader view. “I think usability doesn’t just mean the native applications on the device,” he said. “It means [asking] what sort of a password do I need to put in just to get access to my phone? Is that more complicated today than it was yesterday when this device fully belonged to me? It means [asking] would I possibly lose data or applications on that device? There are a number of things that af- fect usability beyond the ease of use, which is why they got the devices in the first place.” Justin Marston, CEO of Hypori, a startup company that developed a virtual mobile infrastructure plat- form, offered another usability/mo- bile security balancing option. “What we’ve seen the government actually doing...is enabling dual personas but doing it with enter- prise-owned phones,” Marston said. “They’ve been trying Samsung Knox, they’ve been trying Good, and you have this incredibly ironic situation where you have an enterprise-owned phone provided by [the Defense Information Systems Agency] under the [DOD Mobility Unclassified Capa- bility] program that lets you do email and calendar in a special container, the Good container, and that’s all you can do.” He added that users can download any app on the personal side of a The insider threat in employees’ pockets INSIDER THREAT “I think usability doesn’t just mean the native applications on the device. It means [asking] what sort of a password do I need to put in just to get access to my phone?” CHRIS ROBERTS, GOOD TECHNOLOGY 0515gcn_018-020.indd 19 4/30/15 10:17 AM