Education, technology key to keeping government mobile devices safe _ statetech magazine

As smartphones, notebooks and ruggedized tablets become the mobile devices of choice for city workers, mobile security grows more complicated for the Philadelphia Office of Innovation and Technology. Baseball league standings But CISO Jeffrey Gardosh worries less about multiplying endpoints than he does about the applications running on those devices.

Philadelphia’s focus on application security is right on target, says Patrick Hevesi, research director at Gartner. Masonry veneer Applications are the most dangerous territory in the mobile threat landscape, he says, and not just because they could contain malicious code.

“The cases in which malware is built into the application are risks, but most won’t get by the IT team,” Hevesi says. Drip “Potentially more dangerous are unauthorized applications that request permissions from the operating system that can open pathways for attacks and have unpredictable consequences.” Hevesi also warns that, because mobile applications work with segmented and containerized data, tradi­tional security defenses such as anti-virus and anti-­malware software may be ineffective.

Instead, he recommends implementing application risk scanning, protections against network-based attacks, enterprise mobility management (EMM), and application- and file-level encryption. Baseball field drawing Hevesi also encourages use of behavioral anomaly prevention, which detects changes in the ways an app runs, and vulnerability management, which patches flaws in mobile ­operating systems.

“Build your strategy for the kind of data on the device and then add multiple layers of security — the more the better,” Hevesi says. Facebook search history android A Sustainable Approach to Security

As Philadelphia moves away from building its own applications toward customizing off-the-shelf software, security stands beside sustainability and value as a key consideration in any purchasing decision, Gardosh says.

“We make sure we have high confidence that any product we buy meets our security standards, and that we have the manpower and competence on our team to support it,” he says.

As part of that support, IT staff encrypt employee devices — all of which are issued by the city — and establish strong authentication controls to limit access to legitimate users. Small garden ideas pictures The team also relies on processes, technologies and user education to mitigate the impact of human error. Facebook marketplace Gardosh says prioritizing risks to critical systems and data represents another important aspect of Philadelphia’s mobile security strategy. Retaining wall design The city blocks mobile access to applications that either process extremely critical data or need to operate behind perimeter firewalls.

Although that level of caution is important, Gardosh warns against taking a reactive approach to mobile security: “Solve the biggest problems, and solve them thoroughly,” he says. Football games today college “It’s better to do a few critical security steps well than try to cover all the bases at once.”

For Justin Dietrich, CISO of Santa Clara County, Calif., thinking strategically about security starts with devising new safeguards for networks and data centers.

“With mobile devices, the concept of having a perimeter defended by firewalls and other technologies is gone,” he says. Fences play “You have to bring protection to the endpoints and to data. Realtime landscaping We have to understand where every bit and byte is going and why it’s going there.”

Especially for employees working at sensitive sites, such as hospitals and the courts, Dietrich’s team couples user education with technology to support county policies and mitigate user mistakes. Pitch dark mgsv One application scans emails and recognizes strings of digits that could be patient identification numbers; the application then alerts the user that the information may not be appropriate to send. Baseball diamond diagram Identifying critical data and systems — and understanding the protections they require — is the most fundamental and sometimes overlooked facet of security, Dietrich says. Lattice method multiplication worksheet Much of the county’s information store is open to the public, but databases also house health and welfare records, data from the district attorney’s and sheriff’s offices and personal information for the county’s 18,000 employees.

“You can’t make a security plan and later ask where the data is that you need to protect, especially if it’s going over a telecommunications provider’s network to an employee’s smartphone,” he says. Rawlings custom glove builder “You have to understand your critical assets and know how regulations govern the data from the start.”

Five years ago, officials in Mecklenburg County, N.C., rejected a proposed BYOD program. Landscaper Clifford DuPuy, the county’s technical services director, says that even today, that decision helps keep security tight across all 3,000 mobile devices issued by the county.

“We use Office 365, which allows us to block employees from getting work emails on personal devices, giving us more control over our data and how we protect it,” DuPuy says.

Although Hurricane Matthew and a controversial police shooting in Charlotte (Mecklenburg’s county seat) have intensified the focus on security in recent months, DuPuy says the county long ago began bolstering mobile device protections with support from senior leadership.

The county uses an AirWatch EMM solution to customize credentials and permissions to each user as mobile devices are issued. Pitch definition science Officials monitor applications and data on the mobile hardware, and encrypt or wipe data on lost or stolen machines. Small garden design ideas on a budget DuPuy says EMM is crucial to Mecklenburg County’s mobile security strategy, but only in conjunction with practices such as hardening devices, sticking to white lists of apps for individual users, and keeping up with emerging security threats and the technologies that can block them. Landscape photography definition User education also has its place.

Beyond offering basic security and compliance training, the county holds brief microburst sessions to target specific issues and provides short video tutorials and reference guides to employees.