I often preach to public sector folks about the pitfalls of moving too slowly with mobile IT. Nowhere is the risk to government organizations more predominantly highlighted than in our new Mobile Security & Risk Review. The report is based on aggregated, anonymous usage data shared by customers and highlights an emerging set of threats and risks, including enterprise compliance failures, compromised devices, and data loss risks. For the first time, the report also identifies enterprise security trends for the government vertical.
Moving slowly is the kiss of death for mobile
The report found that, globally, Government organizations are less prepared to deal with security incidents than the global average.
- 61% of Government organizations have at least one non-compliant device, compared with the global average of 53%.
- 48% of Government organizations have missing devices, compared to the global average of 40%.
- 34% of Government organizations had devices operating under outdated policies, compared to the global average of 27%.
While these numbers are a little scary, they are not surprising based on my experience working with some of the most security-conscious agencies. In every category, the public sector is falling behind in keeping up with the security demands of the new mobile “stack.”
Slow and outdated processes are the biggest reasons for these numbers. While many organizations understand this and are making progress on streamlined processes, getting these new procedures in place has taken too long. Similarly, app adoption has been slow due to ill-defined process for the testing and vetting of new apps. Monthly or annual updates for apps? Forget about it. Apps are updating in weeks. Moving slowly is the kiss of death for mobile.
Inadequate tools hamstring potential
Other reasons for this public sector lag is that agencies have inadequate tools or are not using the tools they have to their full potential. For example, some folks still aren’t using enterprise mobility management (EMM) platform to manage their mobile devices. Sometimes those agencies that do use EMM aren’t keeping up with updates that are designed to help, not hurt, security. The ironic thing is that we in the EMM community can make it easier to apply these policies, quickly and correctly.
Finding the right partner is key to success
There is a silver lining. Public agencies are starting to understand the implications of moving too slowly and not involving end users in planning and process. The other good news is that companies like MobileIron are here to help.
At MobileIron we are laser focused on mobile, and spend 100% of our time thinking about how to help enterprises securely transform business through mobility. We understand public sector security requirements better than most. For example, we were the first to receive Common Criteria certification for MDMPP V2, we support the DoD through DISA, and we are in process for FedRamp certification.
Mobility is a team sport and we’re all part of the same team. Together, we can get these numbers more in line with the global average. I for one will do my part to get out there and help the public sector kick the global average’s butt! Go Team!