A Candid Survey of Federal Managers June 2014

Similar documents
Reaching the Edge of the Joint Information Environment

Can Federal Agencies Get More Out of Contracting to Improve Government Efficiency?

Bridging the Disconnect:

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

ABOUT MONSTER GOVERNMENT SOLUTIONS. FIND the people you need today and. HIRE the right people with speed, DEVELOP your workforce with diversity,

U.S. Department of Defense: Defense Logistics Agency (DLA) achieves unmatched agility through telework and BYOD strategy

WHO'S IN AND WHO'S OUT

Telework Eligibility Profile: Feds Fit the Bill

The Best Places to Work

OFFICE OF PERSONNEL MANAGEMENT. Excepted Service. SUMMARY: This notice identifies Schedule A, B, and C appointing authorities applicable to a

Integra. International Corporate Capabilities th Street NW, Suite 555W, Washington, DC, Tel (202)

ebook 6Six Steps to Developing a Successful Clinical Smartphone Strategy

Small Business PC Refresh Survey - Japan. CONDUCTED FOR INTEL January 2018

a GAO GAO DOD BUSINESS SYSTEMS MODERNIZATION Improvements to Enterprise Architecture Development and Implementation Efforts Needed

16 Department of the Air Force Department of Veterans Affairs Department of Homeland Security

The Best Places to Work

Information Technology

PATIENT ATTRIBUTION WHITE PAPER

COUNTRY PROFILE. Luxembourg

Department of Defense DIRECTIVE

Joint Information Environment. White Paper. 22 January 2013

Report on the Health Forum-First American Healthcare Finance Technology Investment Survey. Drivers of Healthcare Technology Investment

Digital Economy.How Are Developing Countries Performing? The Case of Egypt

Report No. D September 25, Controls Over Information Contained in BlackBerry Devices Used Within DoD

Role of ICT. in imparting the Youth with Skills, Training and Employment Opportunities to accomplish Human Development Challenges. William Tapio, UPNG

Subj: BUREAU OF NAVAL PERSONNEL POLICY FOR USING NAVY MOBILE DEVICES (SMART PHONE/TABLETS)

COUNTRY PROFILE. Hong Kong SAR

COUNTRY PROFILE. Israel

White Paper: Mobilizing Patient Care. Mobile Solutions Are a Game Changer for Hospital-Based Nurses

Deloitte Consulting LLP. Comprehensive workplace transformation How enhanced mobility can drive federal cost savings

ATTITUDES OF LATIN AMERICA BUSINESS LEADERS REGARDING THE INTERNET Internet Survey Cisco Systems

Guide to Enterprise Telework and Remote Access Security (Draft)

The NDOT Subrecipient Risk Assessment Questionnaire FFY19

GAO DEFENSE CONTRACTING. Improved Policies and Tools Could Help Increase Competition on DOD s National Security Exception Procurements

Telework for Executive Agency Employees: A Side-by-Side Comparison of Legislation Pending in the 111 th Congress

2007 CDW Telework Report: Slow and Steady Wins the Race

NATIONAL BROADBAND POLICY

Communications Usage Trend Survey in 2016 Compiled

Report No. D May 14, Selected Controls for Information Assurance at the Defense Threat Reduction Agency

DOH Policy on Healthcare Emergency & Disaster Management for the Emirate of Abu Dhabi

Defense Health Agency PROCEDURAL INSTRUCTION

Department of Defense MANUAL

Information Security Oversight Office

CYBER SECURITY PROTECTION. Section III of the DOD Cyber Strategy

Deloitte Technology Fast 50 Central Europe 2018 Application guidelines

GLOBAL FACILITIES MANAGEMENT

WHO s response, and role as the health cluster lead, in meeting the growing demands of health in humanitarian emergencies

Annual Review and Evaluation of Performance 2012/2013. Torfaen County Borough Council

Key development issues and rationale for Bank involvement

Making Telework a Federal Priority: Security Is Not the Issue. Cyber Security Industry Alliance

WARFIGHTER MODELING, SIMULATION, ANALYSIS AND INTEGRATION SUPPORT (WMSA&IS)

GAO CONTINGENCY CONTRACTING. DOD, State, and USAID Continue to Face Challenges in Tracking Contractor Personnel and Contracts in Iraq and Afghanistan

Pfizer Foundation Global Health Innovation Grants Program: How flexible funding can drive social enterprise and improved health outcomes

Secretary of the Senate Office of Public Records 232 Hart Building Washington, DC

Shay Assad assumed his position as director of defense

Government Grants Resource Guide Government Grants Resource Guide

A Guide to Telework in the Federal Government

Great Expectations: The Evolving Landscape of Technology in Meetings 1

Step one; identify your most marketable skill sets and experiences. Next, create a resume to summarize and highlight those skills.

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Department of Defense MANUAL

NAVY CONTINUITY OF OPERATIONS PROGRAM AND POLICY

Methodology The assessment portion of the Index of U.S.

Castles in the Clouds: Do we have the right battlement? (Cyber Situational Awareness)

CRITICAL LEADERSHIP VACANCIES IMPEDE U.S. DEPT. OF HOMELAND SECURITY. Index. Executive Summary. 1 Background 2 Findings.. 3 Reference Attachments.

Roanoke Regional Chamber of Commerce 2012 Legislative Policies

Instructions for completing Telecommute Worksheet

DoD Annex for Protection Profile for Application Software v1.0 Version 1, Release October 2014

NATIONAL RESPONSE PLAN

IS-700.a National Incident Management System (NIMS) An Introduction Final Exam

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 7 R-1 Line #73

16 Department of the Air Force Department of Veterans Affairs Department of Homeland Security

UNCLASSIFIED FY 2017 OCO. FY 2017 Base

Program of Instruction Course Syllabus

Department of the Army *USAFCOEFS Regulation Headquarters, USAFCOEFS 455 McNair Avenue, Suite 100 Fort Sill, Oklahoma June 2015

UNITED STATES PATENT AND TRADEMARK OFFICE The Patent Hoteling Program Is Succeeding as a Business Strategy

SAAG-ZA 12 July 2018

PG snapshot Nursing Special Report. The Role of Workplace Safety and Surveillance Capacity in Driving Nurse and Patient Outcomes

Innovation and Science

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 7 R-1 Line #198

APT Ministerial Conference on Broadband and ICT Development 1-2 July 2004, Bangkok, Thailand

One Size Doesn t Fit All

Shaping the future CQC s strategy for 2016 to 2021

Testimony on Environmental Education and Climate Change Education at NOAA, NSF and NASA and the Need to Enact Comprehensive Climate Change Legislation

Single Audit Entrance Conference Uniform Guidance Refresher

CHIEF NATIONAL GUARD BUREAU INSTRUCTION

Information System Security

Five ways to be more productive at work

First Announcement/Call For Papers

Research Grant Resources & Information for New Investigators

EXECUTIVE ORDER

Campus Wellness Strategic Initiatives Report

DEPARTMENT OF DEFENSE AGENCY-WIDE FINANCIAL STATEMENTS AUDIT OPINION

Social Media & Mobile Health

2016 State of the SOX/Internal Controls Market Survey

Rebuilding America... With American Steel

Pharmaceutical company sales and marketing operations. Global Outsourcing for Pharmaceutical Sales and Marketing: More Innovation for Less Cost

Development of Nuclear Security Culture. Shunsuke KONDO Chairman Japan Atomic Energy Commission

Shifting Public Perceptions of Doctors and Health Care

Change organizational designation from HAF/IM to SAF/AAI. DOD Administrative Instruction 117, Telework Program, March 31, 2015.

Transcription:

Striking a Balance in Mobile Security A Candid Survey of Federal Managers June 2014

Purpose The 2012 Digital Government Strategy laid an ambitious foundation for initiatives to expand federal use of mobile devices, both to deliver information and services to the American public more efficiently, as well as to enhance flexibility and encourage innovative problem-solving among federal employees. Yet, some have raised concerns that mobile devices may lack the security features of legacy systems and that the expansion of mobile technology could pose a threat to the integrity of government data. To fully realize the benefits of mobile technology, federal agencies require mobile security solutions that are both flexible and scalable enough to meet the diverse needs of the federal workforce and tough enough to safeguard government communications against a wide array of modern threats. Noting these pressures, Government Business Council (GBC) and Samsung undertook a study to explore the current state of mobile security in the federal workplace. Methodology To assess the perceptions, attitudes, and experiences of federal executives regarding mobile security in their agencies, GBC deployed a survey to a sample of Government Executive, Nextgov, and Defense One online and print subscribers in April-May 2014. The pool of 318 respondents includes employees at the GS-11 through Senior Executive Service grade levels representing at least 26 different departments and agencies. 2

Table of Contents 1 Executive Summary 4 2 Respondent Profile 6 3 Research Findings 12 i. The Promise of Mobile Technology in the Federal Workplace 13 ii. Security Concerns Challenge Mobile Expansion 18 iii. Achieving Balance Between Flexibility and Security 26 4 Final Considerations 31 3

1 Executive Summary 4

Executive Summary Federal managers see flexibility as the key benefit of mobile technology When asked to rank the potential benefits of mobile technology, respondents indicate that flexibility to telework and enhanced responsiveness to communications are the most important benefits of mobile technology, while benefits of like cost reduction and job satisfaction are largely seen as secondary benefits. Nevertheless, expanding the use of mobile technology is not necessarily seen as a top priority. Security concerns are a major factor determining how federal leaders use mobile technology The survey responses suggest that federal managers believe there is an implicit trade-off between flexibility and security, potentially limiting efforts to expand the use of mobile devices for work functions. Respondents express significant concerns about the security of mobile hardware, mobile applications, and external networks, as well as vulnerabilities to both malicious software and human error. Less than half of respondents believe they are adequately trained in mobile security, while almost two-thirds believe they should use separate mobile devices for work and personal functions. Respondents using an agency-owned device (COPE model) are more confident in the reliability of their agency s current mobile security solution than those using a personal device for work functions (BYOD model). Confidence in mobile security could open the door for mobility s use as tool for innovation In general, respondents favor a government-wide approach to mobile security reflecting one proposed under the 2013 Federal Mobile Security Baseline. However, these standards leave federal agencies and employees with few mobile options that meet their flexibility and security needs. 5

2 Respondent Profile 6

The majority of survey respondents are senior federal executives Job Grade Reports/Oversees SES 1% Over 200 2% GS/GM-15 GS/GM-14 19% 23% 74% of respondents are GS/GM-13 or above 51-200 21-50 4% 6% 53% of respondents oversee at least one report GS/GM-13 31% GS/GM-12 18% 6-20 23% GS/GM-11 5% 1-5 18% Other 3% None 47% Percentage of respondents, n=318 7

Program and project management is the most common job function Job Function Program/project management Acquisition/procurement Finance Agency leadership Human capital Technical/scientific 12% 11% 9% 8% 7% 23% Almost one quarter of respondents work in program or project management. Respondents who select other work in auditing, investigation/ law enforcement, and logistics fields, among others. Administrative 7% Communications Facilities management Legal Policy research/analysis Information technology 4% 3% 3% 2% 1% Other 12% Percentage of respondents, n=318 8

Agencies represented Department of the Treasury Department of Defense Department of Health and Human Services Department of Homeland Security Department of Agriculture Department of Veterans Affairs Department of the Air Force Department of the Army General Services Administration Department of Transportation Environmental Protection Agency Department of the Interior Department of Justice Department of the Navy National Aeronautics and Space Administration Department of Commerce Social Security Administration Department of Education Department of Energy Department of Labor Department of Housing and Urban Development Department of State Office of Personnel Management Small Business Administration Nuclear Regulatory Commission Other Independent Agencies Listed in order of frequency 9

Most respondents use mobile devices for work and most devices are provided by their agency Types of Mobile Users Department/agency-owned device used for work functions 58% Unregistered personal device used for work functions Registered personal device used for work functions 4% 17% 72% of respondents use a mobile device for work-related functions Other 2% Don't know 2% Do not use mobile device for work functions 26% Percentage of respondents, n=318, respondents were asked to select all that apply 10

Defense agencies have been slower in adopting mobile technology Overall Sample DoD Sample 58% 48% 42% 26% Department/agency-owned device used for work functions Does not use mobile device for work functions Percentage of respondents, n=318 (overall) n=69 (DoD), respondents were asked to select all that apply 11

3 Research Findings 12

i. The Promise of Mobility in the Federal Workplace 13

Flexibility is the most important benefit of expanded mobility When asked to rank benefits in order of importance to executing their agency s mission, federal leaders most often ranked the ability to telework and enhanced responsiveness as the most important, emphasizing the value of flexibility in the workplace. 1 st Ability to telework (Mean: 2.76) 2 nd Enhanced responsiveness (Mean: 2.87) 2 nd 3 rd Remote data entry and access (Mean: 3.26) 4 th Efficiency gains from mobile applications (Mean: 3.42) 5 th Cost reduction (Mean: 3.47) 6 th Job satisfaction/morale (Mean: 3.48) Ranked by mean, respondents did not have to rank every choice, n=306 14

Other potential benefits of mobile technology in the federal workplace include Could revolutionize field work make inspections more efficient, for example. Mobile technologies are an advantage in the event of a national emergency or during contingency operations (COOP). It is forcing the unity and completeness of information offered to both employees and those benefiting from the services. Sampling of open-ended responses 15

Expanding mobile technology is not a top priority for federal leaders To what extent is you department/agency prioritizing the expansion of mobile technology (e.g., smartphones, tablets) for work-related functions over the next 12 months? Essential 5% Don't know 19% High priority 13% Not a priority 19% Medium priority 22% Low priority 23% Percentage of respondents, n=318 16

Agencies are reluctant to encourage mobile innovation My department/agency encourages employees to use mobile technology to develop innovative ways of performing workrelated functions. 55% of respondents disagree or strongly disagree 7% 29% 31% 24% 9% Strongly agree Agree Disagree Strongly disagree Don't know Percentage of respondents, n=318 17

ii. Security Concerns Challenge Mobile Expansion 18

Security is the greatest challenge to expanding the use of mobile technology Respondents select security concerns as three of the top four leading challenges limiting the use of mobile technology. A related concern, privacy, is the fifth leading challenge. Top Challenges Security of mobile device hardware/software Budget constraints Security of mobile applications Security of external networks Privacy concerns Lack of leadership buy-in Cultural resistance to change Incompatibility with legacy IT/telecom infrastructure Increased risk of human error Expected low ROI Other Don't know None of the above 2% 8% 8% 12% 19% 29% 32% 32% 39% 47% 50% 49% 55% Percentage of respondents, n=318, respondents were asked to select all that apply 19

Federal managers believe they have to sacrifice flexibility for the sake of security 59% of respondents agree or strongly agree There is an implicit trade-off between flexibility and security when it comes to mobile technology. 17% 42% 20% 8% 13% Strongly agree Agree Disagree Strongly disagree Don't know Percentage of respondents, n=314 20

Federal managers believe both malicious attacks and human factors to be threats Respondents consider the loss or theft of a mobile device or an employee error to be equally as threatening as malicious attacks or technical failures. Which of the following security threats are major concerns for your department/agency? Viruses/malware Loss/theft of mobile device 66% 66% Vulnerable/compromised mobile applications Employee error 55% 54% Eavesdropping/interception of mobile communications 42% Other None of the above Don't know 4% 3% 9% Percentage of respondents, n=318, respondents were asked to select all that apply 21

Only half of federal managers believe they receive adequate training in mobile security Employees in my department/agency receive adequate training in mobile security. 48% of respondents disagree or strongly disagree 11% 36% 32% 16% 6% Strongly agree Agree Disagree Strongly disagree Don't know Percentage of respondents, n=318 22

Federal managers believe they need separate mobile devices for work and personal use To safeguard government data, federal employees should not use the same mobile devices for department/ agency functions and personal use. 63% of respondents agree or strongly agree 6% 11% 20% 31% 32% Don't know Strongly disagree Disagree Agree Strongly agree Percentage of respondents, n=318 23

Federal managers using an agency-owned mobile device are more confident in its security Respondents are more likely to agree that they have confidence in the reliability in their agency s mobile security solution if they use a corporately-owned, personally enabled (COPE) device (62 percent), as compared to those who use a personal device for work functions (BYOD) (36 percent). I have confidence in the reliability of my department/agency s current mobile security solution. Percentage of respondents, COPE users, n=187 9% 53% 16% 10% 12% Percentage of respondents, BYOD users, n=64 6% 30% 28% 27% 9% Strongly agree Agree Disagree Strongly disagree Don't know 24

Confidence in mobile security could translate into confidence in mobile innovation Respondents are more likely to agree that their agency encourages them to innovate with mobile technology if they have confidence in the reliability in their agency s mobile security solution (50 percent), as compared to those respondents lacking confidence in its reliability (20 percent). My department/agency encourages employees to use mobile technology to develop innovative ways of performing work-related functions. Percentage of respondents confident in the reliability of their agency s mobile security solution, n=161 11% 39% 27% 13% 10% Percentage of respondents not confident in the reliability of their agency s mobile security solution, n=109 2% 18% 39% 38% 3% Strongly agree Agree Disagree Strongly disagree Don't know 25

iii. Achieving Balance Between Flexibility and Security 26

Federal managers want common standards governing mobile flexibility and security A government-wide standard exists in the form of the 2013 Federal Mobile Security Baseline, on top of which agencies may add supplementary protocols. The federal government should set common standards governing flexibility and security, rather than allowing each department/agency to set its own. 67% of respondents agree or strongly agree 6% 6% 21% 30% 37% Don't know Strongly disagree Disagree Agree Strongly agree Percentage of respondents, n=318 27

Current security standards limit mobile choice for both employees and agencies Employees in my department/agency have sufficient options when it comes to selecting a mobile device that meets security standards. My department/agency has sufficient options when it comes to selecting a mobile solution that meets its standards for flexibility and security. 20% of respondents agree or strongly agree 2% 18% Strongly agree Agree 4% 20% 24% of respondents agree or strongly agree 33% Disagree 28% 25% Strongly disagree Don't know 18% 22% 30% Percentage of respondents, n=318 28

One respondent told us My agency is so security nervous that applications that other agencies use are forbidden to me. We also have little to no choice in mobile devices if not on the approved list, forget it. 29

One respondent told us I think we need a comprehensive, but flexible, policy for mobile technologies within the DoD. Mobile technologies should be fully integrated with existing software and based upon commercially available hardware. 30

4 Final Considerations 31

When considering how to expand mobility securely Evaluate the potential value that mobile technology could add to your agency s operations Mobile technology is of most value in situations where operations are often decentralized from your agency s headquarters (for instance, field inspections) and where continuity of operations (COOP) may be crucial, especially in light of potential time constraints or work stoppages. Assess your agency s requirements regarding data sensitivity and set security standards accordingly Agencies should conduct a full audit of their mobile and legacy IT and telecommunications infrastructures to assess their data s vulnerability to a wide range of security threats including viruses, malware, compromised applications, loss or theft of mobile devices, and other forms of human error. Agencies should then configure their mobile security solutions in accordance with their degree of data sensitivity. For instance, although some agencies use only public domain data and require a minimum security solution, others operating in the defense and security space may rely on almost entirely sensitive or classified data and require more stringent mobile device management (MDM) and mobile application management (MAM) policies. Align security requirements with budgetary resources Providing end-users with a secure mobile device as part of a COPE plan may offer the greatest level of protection, but doing so on a large scale may be cost-prohibitive in today s fiscal climate. While in the past it might not have been advisable to allow end-users to bring their own device in sensitive data environments, advances in mobile security can allow users to insulate government applications in a secure container, ensuring a greater degree of confidence in the integrity of mobile data. Greater confidence in secure BYOD capabilities could provide federal agencies a scalable and budget-conscious alternative to a COPE plan. 32

Samsung Knox SEPARATION OF COMPANY AND PERSONAL APPS AND DATA SECURE WORKSPACE MANAGEMENT OF APPS VIRUS PROTECTION MDM MANAGEMENT REQUIRED 33

Samsung Security Certifications Common Criteria Certification awarded for Mobile Device Fundamental Protection Profile (MDFPP) Mobile OS Security Requirements Guidelines (SRG) U.S. Dept. of Defense Knox STIG U.S. NIST FIPS 140-2

Underwritten by About Samsung Samsung Telecommunications America LLC (Samsung Mobile), a Dallas-based subsidiary of Samsung Electronics Co. Ltd. Researches, develops, and markets wireless handsets, wireless infrastructure and other telecommunications products throughout North America. For more information, please visit samsung.com 35

About GBC Contact Our Mission Zoe Grotophorst Manager, Research & Strategic Insights Tel. 202.266.7335 zgrotophorst@govexec.com Government Business Council (GBC), the research arm of Government Executive Media Group, is dedicated to advancing the business of government through analysis and insight. GBC partners with industry to share best practices with top government decisionmakers, understanding the deep value inherent in industry s experience engaging and supporting federal agencies. govexec.com/gbc @GovBizCouncil 36

Striking a Balance in Mobile Security A Candid Survey of Federal Managers June 2014

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback