Mobile has become the foundation of any successful business, but it also poses several challenges, especially in government. With sensitive data at risk, federal agencies must address mobile security early and often to deliver public service for the future.
Much of the focus until now has been on securing mobile applications, leaving business and mission-critical mobile devices and data open to malicious attacks. The challenge now is for government agencies to look beyond only bringing government-grade security to applications. Agencies must bring government-grade security to the entire software stack on mobile devices—protecting the data and the device itself.
In this report, we explore a number of security solutions for enterprise mobility for federal agencies
Many federal agencies have turned to mobile device management (MDM), mobile application management (MAM) and secure application container solutions to protect federal data and devices, but these solutions only go so far. MDMs, MAMs and application containers present substantial residual risk for malware and device integrity attacks, as well as denial of service due to resource starvation.
How are CIOs Thinking About Mobile Security?
Federal agencies have a number of options when considering security solutions for enterprise mobility:
Mobile virtualization. The threat blending enterprise and personal data poses can be vastly eliminated by virtualization. With mobile virtualization, mobile phones can support several operating systems on the same hardware. Virtualization can be applied in three ways:
Application-level virtualization. The advantage of this approach lies in simple deployment through an application store while enabling isolation of personal and enterprise data.
System-level virtualization. This type of virtualization protects the platform by providing greater protection from malicious and root attacks.
Hybrid approach. The combination of a type-1 and type-2 hypervisor enables reloading of modules in kernals and offers shorter deployment paths compared to system-level approaches.
Trusted Platform Module Mobiles are security components that meet the Trusted Computing Group specifications for use in mobile devices. One example of such a module is:
GlobalPlatform™ Trusted Execution Environment, which defines a standards-based isolation environment for a mobile device’s processor chip, and enables processing of sensitive data outside of the main operating environment and isolated system memory.