Securing federal networks in a perimeter-less world

Before the world went into lockdown, only a small portion of federal workers and contractors worked remotely. For most federal agencies, at most only 20% of their employees were permitted to telework, even under adverse weather-related closures. Since then, federal agencies have encouraged employees who can work from home to do so – with 80% or more of their employees connecting to government networks from home.

Traditional government office environments have quickly transitioned into modern ‘Everywhere Enterprise’ environments – in which employees work from any location, on any device to maximize their productivity. However, for many federal employees, there have been no provisions made to enable them to officially telework. They have neither government furnished equipment (GFE) or appropriate training on how to connect to, sign-on to and access federal networks, applications and resources. Instead, federal agencies are deploying Bring-Your-Own-Device (BYOD) strategies and encouraging employees to use their own personal devices. Workers are using their own loosely secured mobile devices, such as smartphones and tablets, as well as older, less well-maintained laptops and desktops with potentially out-of-date operating systems and virus protections (or no virus protection at all).

This tsunami of remote workers and network connections has significantly increased the cybersecurity attack surface, and federal agencies and employees are at more risk of data breaches now than ever before. A BYOD device may lack appropriate authentication capabilities, and many employees may not be using multi-factor credentials or approved derived credentials. At MobileIron, we recently surveyed 1,200 workers from around the world and discovered that one-third of employees find cybersecurity to be a low priority and leave the responsibility to the IT department. This attitude leaves federal networks susceptible to malicious attacks as securing the Everywhere Enterprise is not nearly as simple as when all devices are adhering to the same set of protections that are consistently enforced, such as when all of the devices are under the same “roof”.

The Everywhere Enterprise model of working is here to stay. In fact, our study found that 80% of employees don’t want to return to the office full-time. This means federal agencies will need to accommodate employees’ different working requirements. Additionally, BYOD is becoming increasingly popular, so agencies urgently need to prioritize the security of all endpoint devices.

Federal agencies can protect their networks and endpoint devices by adopting a mobile-centric zero trust approach to security. By doing so, agencies can ensure that only trusted devices, applications and users can access sensitive federal resources. Zero trust security protects data on the device and as it travels and validating a comprehensive set of attributes before granting access. Only then can agencies rest assured that their employees and resources are safe in this new perimeter-less world.

If you would like more information, please click here to be contacted by a MobileIron representative.

Bill Harrod

Bill Harrod

Federal CTO, MobileIron

About the author

Bill Harrod is the Federal CTO at MobileIron. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an expert on Federal Identity, Credential and Access Management Architecture (FICAM). Previously, he served as a senior manager at Deloitte and senior principal consultant at CA Technologies.