Let Device Freedom Ring: Securing BYOD in Federal Agencies
There are many valid reasons federal agencies have been reluctant to adopt bring your own device (BYOD) policies, despite having a large remote and contract workforce.
The risk of not being in compliance, ransomware, hacks, PUS (potentially unwanted software), malware, phishing, shadow devices and information leaks on compromised devices combined with a lack of clear policy guidelines can appear to outweigh the rewards. Yet, asking government workers not to use their personal devices in 2019 is increasingly inefficient, expensive and archaic (plus, they’ll find a way to use them regardless).
So the White House released the BYOD toolkit and the National Institute of Standards and Technology (NIST) continues to update their mobile device security hub with guidelines to help federal and government agencies modernize their IT while securing their network from mobile device threats. NIST 800-63-3 updates the Digital Identity Guidelines to overcome the shortcomings of personal identity verification (PIV) cards and common access cards (CAC) credentials by allowing public agencies to choose accredited commercially available multi-factor authentication (MFA) technology as compensating security controls, meaning agencies are closer than ever to being able to embrace BYOD without the perceived security pitfalls.
Today, technological advancements in cloud security have turned the tables, and the pros for permitting BYOD devices (laptops, smart devices, phones, tablets, device screens and more) in federal agencies can outweigh the cons. In the past, the only solution to enabling secure BYOD to install an agent or a client like mobile device management (MDM). That gave visibility, but at the cost of personal privacy and invasive scanning. Now, there are low cost software agnostic alternatives that do not require a rip and replacement of legacy systems and complement and expand older technology.
MFA + Unified Endpoint Visibility = Freedom for Federal BYOD with Device Visibility
The obvious benefit of MFA is its ease of use and two-factor authentication that protects and verifies user identities before allowing access corporate applications. MFA protects public agencies from unauthorized access and attacks. MFA is as easy as uploading an app from the app store and even easier to implement with user self-enrollment.
Unified Endpoint Visibility strengthens a government agency’s control over each user’s device hygiene. It allows them to monitor and identify risky devices in real time while blocking device access until users perform critical updates that patch potential threats with easy-to-use self-remediation and Endpoint Remediation tools. Public agencies can rest assured they are always in compliance by setting up policies that automatically enforce many security hygiene requirements such as passcode, biometrics and encryption to maintain preset security standards.
See Everything Now. Shine Light on Shadow Devices
Securing BYOD by enforcing device access policies for corporate and personal devices helps agencies identify all devices logging on to the network, even unknown devices. Government agencies can set and enforce policies with contextual controls based on granular details like user groups, geolocation, device type, network and more. Finally, federal agencies can get a clear view of all the devices attempting to access or that are on their network through a single control panel. Agencies have the power to identify, control and block potential threats before they happen.
BYOD is good for government. It can keep the costs of equipment down. BYOD can eliminate new hardware and infrastructure costs. BYOD keeps staff accessible and appeals to a new mobile workforce while increasing productivity.
Duo Security is currently FedRAMP “In Process” on the FedRAMP Marketplace. Freedom for federal BYOD with clear device visibility is possible now.