Keeping Agency Information Secure in an Era of New Computing and Risks

The cloud computing evolution is well entrenched, and has made significant changes to how organizations share, sync, edit, create and collaborate-on content. However, this computing revolution is a double-edged sword. There are benefits—increased...


Phishing Attacks
Employees routinely catch up on email and work on evenings and weekends, and when they do, they typically use personal devices. Realizing that most of these devices lack AV software and that most email and Web traffic accessed remotely bypasses avoids inspection by firewalls and gateways, attackers are now designing phishing attacks and other email exploits to be triggered during non-business hours.

The attacks are working. Malware that would have been caught by network defenses in the office on Monday afternoon is able to install itself on the mobile device of an employee working remotely on Friday night. Once installed, keyloggers and other malware can feed attackers valuable information for launching more damaging attacks against file servers, email servers, and other internal assets.

Lost Devices
On average, a cell phone is lost in the U.S. every 3.5 seconds. Even if a lost smartphone, laptop or tablet does not contain confidential data, it still might include apps or cached credentials that make it easier for criminals to infiltrate an enterprise network. As workers begin carrying more devices, the likelihood of losing devices only increases.

Risky File Sharing
A device without data is of limited use. To ensure all their devices have the files they need, employees often try out one or more file-sharing services, including free but risky file-sharing services that run on public clouds. Unfortunately, these services, though popular, are usually not secure enough to be trusted with enterprise data. For example, the popular service Dropbox accidentally disabled all password protection on all its customers’ accounts for four hours last year. IBM went so far as to ban the service for employees entirely, as the company was concerned about data leakage and the risks associated with company information being readily available to hackers.

In addition, many public cloud file-sharing services also pose legal risks to a company’s claim to own and control its data. For example, the terms of use for Google Drive, Google’s free file-sharing service, begins by stating that users retain the intellectual copyright for the ideas in the content they store. But the terms of service go on to say that by using the service, customers grant Google and its partners the right to reproduce and modify any uploaded data in order to operate, promote, or improve Google services.

Having originally been designed for consumers, these services usually lack the centralized control and monitoring features that government agencies need for security and compliance.

Best Practices for Protecting Enterprise Data on Mobile Devices
Fortunately, new security solutions are available to help organizations protect their mobile content and networks. To make the most of these solutions, it’s important for security teams to focus their attention on just what it is they are securing. Ultimately, what is more important for enterprise security: protecting an ever-changing collection of mobile devices, or protecting enterprise data itself, regardless of the device?

In order to reduce risk within government agencies, here are six best practices for protecting confidential in an era of information sharing, syncing and collaborating:

Increase Trust and Control with Private Clouds: Private cloud solutions—cloud services that enterprises run in internal data centers—can provide the scalability and cost-effectiveness of cloud computing without the security and availability risks of public clouds.

Whenever possible, organizations should deploy their software solutions on private clouds, giving their own IT organizations complete control over the location and availability of data.

All agencies have sensitive business information that they want to keep private – whether its customer data, budget plans, or HR’s personnel files. Using a private cloud to host this sensitive information provides a much higher level of control and security over this organizational information. Private cloud solutions enable IT departments to restrict access to certain files based on an employee’s role, track documents as they are shared with internal and external recipients, and can wipe a device of all information if it is exposed to a security risk such as loss or hacking.