June 25, 2012 By Brian Heaton
But Jones stressed the importance of planning ahead and being flexible and involved throughout the actual implementation process. Because as instinctive as some smartphones are from a user perspective, there will inevitably be employees who need a bit more support.
“Do the math ahead of time, treat it like it is an IT system, communicate and collaborate internally with all your folks,” Jones said. “And once the decision is made, then also provide the training to get [users] over the hump.”
Security Still Paramount
Despite the growing popularity of both the iPhone and Android devices, BlackBerry’s trump card remains security. Because the BlackBerry system comes complete with its own server and security package built into the back-end software, it remains a popular mobile platform for government users.
The iPhone and Android devices are more popular among consumers, but they also come with higher security risks.
Enderle said the Android platform generally has been found to be unsecure, primarily because it allows for sideloading, where individuals can transfer data between two devices using a USB port, Bluetooth connection or memory card. That helps spread “hostile” applications and malware that report information on the device to third parties and could be a serious problem for government agencies.
“At a recent enterprise event, about one-third of the companies were actively blocking Android for that reason — because it wasn’t compliant with security policies,” Enderle recalled. “With the proper back end, iPhone can generally be used and does now meet security [standards]. But you also have to wrap it with the appropriate applications so the device is properly secured.”
While NOAA ultimately went with iPhone in place of BlackBerry as its device of choice, the agency determined that the combination of putting additional security controls on the iOS platform, along with some tweaking of mobile settings in Google Apps for Government — which NOAA also moved to — were sufficient actions to secure the devices.
Enderle, however, thinks it’s prudent for government agencies to spend a lot more time educating users on employee-generated problems. He said a good starting point is having discussions about the kinds of applications that can be loaded on a device. Placing restrictions on how the smartphone is used is another option.
In addition, Enderle said an agency’s IT support staff should be highly trained to look for problems and to identify and report issues that violate security.
“Some kind of remediation has to be in place to recapture the information or to identify the criminal activity and prosecute the behavior,” Enderle said. “So there’s quite a bit of training that needs to go into it because Android and iPhone are not BlackBerry.”
You may use or reference this story with attribution and a link to