by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August and September 2016
READ ANY STORY about cybersecurity these days and chances are you’ll see at least some mention of the importance of mobile secu- rity. That’s for good reason because mobile is consid- ered one of the greatest risks — if not the greatest risk — to overall enterprise IT security. Despite that acknowledg- ment, enterprises are still not doing enough to protect against mobile threats, according to MobileIron’s latest quarterly Mobile Security and Risk Review. The report details a fairly big gap between the threats faced by both private-sector and government organiza- tions and the protections those organizations have implemented. Mobile threats are in- creasing in number and so- phistication, yet MobileIron found that only 8 percent of organizations are enforcing operating system updates, and less than 5 percent are using the most modern mobile security tools. The “lack of security hygiene demonstrates that enterprises are alarmingly complacent, even when many solutions are avail- able,” said James Plouffe, MobileIron’s lead solutions architect. Other surveys have come to the same conclusion. In a recent Ponemon Institute study, a large majority of respondents viewed mobile devices as susceptible to hacking and the probable cause of data breaches in their organizations, but only a third were “vigilant” in protecting their data. Close to 40 percent did not even see a pressing reason to protect data on their mobile devices. Sean Frazier, chief technology evangelist for MobileIron’s Public Sector Practice and someone who has years of experience working with government, said that although agencies are thinking about mobile security, they are not look- ing beyond the most basic capabilities. They are not as capable as many other organiza- tions around the world, and they either don’t fully understand the dangers “or they do but find they can’t respond as quickly or as well,” Frazier said. Government overall responds well to most IT security incidents, but it doesn’t seem to understand how to transfer that insight to mobile. Disconnects show up in other areas as well. The Obama administration has been pushing for the increased use of encryption to safeguard at least some part of the IT traffic chain. The Office of Management and Budget issued a memo last year requiring agencies to use HTTPS for all website and services connections by the end of 2016. At the same time, however, national security officials have been making a concerted pitch to get some kind of back door inserted into operating systems and messaging services to help them tap into encrypted communications from sus- pected terrorists. Experience has shown that, if those kinds of workarounds exist, at some point the bad guys will find them and use them to get into government networks and systems. Frazier said government has not caught on to the fact that mobile technology has fundamentally changed how IT should be viewed and managed, with users now much more involved at a higher level. That’s a radical departure from traditional views of mobile technology in which agency IT departments handed out BlackBerries to their employees preloaded with IT-approved apps and data. Today’s mobile IT envi- ronment — with all the is- sues bring-your-own-device policies and shadow IT bring with them — presents a starkly different ecosystem to manage. Mobile devices today are computers, not just communication tools. And users themselves, many of whom have been relying on mobile technology for their own needs for years, know how to securely man- age the apps and data on their devices. Frazier said he believes government will eventually see the value of letting users manage mobile security, particularly now that major manufacturers such as Apple and Samsung have built sophisticated secu- rity management into their devices. “It’s about time that the user was brought more directly into the conversa- tion,” he said. • Can users help solve the mobile security disconnect? BY BRIAN ROBINSON CYBEREYE Government has not caught on to the fact that mobile technology has fundamentally changed how IT should be viewed and managed. 26 GCN AUGUST/SEPTEMBER 2016 • GCN.COM 0916gcn_026.indd 26 8/30/16 9:44 AM
June and July 2016
October and November 2016