We humans just can’t help ourselves. When it comes to mobile security, our lack of cyber hygiene presents a huge security risk.
Government employees are confronted with the need to create passwords for the multitude of online services they need to use every day. A major study conducted by NIST in 2014 found that government employees are forced to juggle multiple passwords at work and are being overwhelmed by tasks required in the password management lifecycle. These challenges remain today, and frustration with the authentication process is negatively affecting attitudes toward cybersecurity policies and creating a poor overall mobile experience that is exacerbating the cybersecurity risk.
Results from a recent poll conducted by the Government Business Council highlight employee dissatisfaction with current policies and the poor user experience relating to federal wireless networks:
- Only 23 percent of respondents were satisfied with their agency’s BYOD policy;
- 22 percent are not allowed to use their personal devices at all, and 40 percent of those who can, report having to jump through onerous IT policy hoops;
- Over 61 percent feel that security concerns trump and interfere with workplace efficiency.
Additionally, federal employees are not passively accepting these frustrations. According to a recent report put out by the mobile security firm Lookout, 72 percent of federal employees admit to connecting their personal devices to federal wireless networks, and 74.5 percent have downloaded unapproved applications over federal networks to get work done. Clearly the status quo is not working from a productivity or cybersecurity standpoint, for agency IT teams or federal end users.
Fortunately there is a better and easier way to improve mobile security. Agencies can use digital certificates for secure wired and wireless access for any user on any device, including employee BYOD. Making this move improves the user experience for both users and the IT team, while greatly enhancing the agency’s cybersecurity posture.
Newer SaaS platforms make certificates easier to implement as front ends to existing Network Access Control (NAC) solutions, providing new customization abilities that reduce administrative overhead and complexity. These new certificate solutions are agnostic and can integrate into any network, and can be deployed via the cloud or on-premises. Users register their device one time, and from then connectivity is seamless. Certificates are fully customizable to the specific workflow of the agency, and the IT team retains granular policy control over data access.
Certificate-based solutions leverage a public key infrastructure (PKI), a well-established method for the secure transfer of electronic information. Email clients, servers and smartphones have PKI support built in, and multiple certificate sources can be accommodated. Wireless network connections are protected with WPA-2 Enterprise, while also mitigating WPA-2’s KRACK vulnerability. And many of the new solutions are much less expensive because they are priced per user not per device, which is the current prevailing pricing model to government for NAC solutions.
Directly across the river from our nation’s capital, the Fairfax County Public School (FCPS) system has made the move to more secure and flexible management of wireless networks. FCPS is the second largest school system in the northeast United States, and desperately needed to address its growing BYOD challenge in an affordable and secure fashion.
In evaluating options to make BYOD easier, FCPS sought a solution that would onboard devices in a light-handed, self-service manner. They needed a solution that could provide simplified network access without requiring heavyweight management such as Microsoft Group Policy (GPO) and Mobile Device Management (MDM) software.
FCPS embraced a certificate-powered, automated and self-serve model that ensures every device is properly configured and connected to the secure network – all without IT involvement. This management solution serves 180,000 students and 23,000 staff members, with, on average, 120,000 concurrent Wi-Fi users every day.
Moving to such next generation wireless management tools improves the user experience and strengthens security for the following processes:
- Easier and more secure email access, including guest networks – only authorized devices can reach your email servers, and if desired users can self-provision without requiring IT assistance
- Email encryption – if a more secure email channel is required, employees can encrypt and sign email from devices, ensuring security of information and protecting against phishing attacks
- Secure Wi-Fi – increasingly the mobile access method of choice, digital certificates secure Wi-Fi by restricting which devices can gain access to the network
- VPN access – only approved devices can connect, replacing weak passwords with the power of software automation without adding extra end user steps (e.g. tokens)
Wireless is the new network onramp. Moving to next generation management solutions utilizing certificates will deliver stronger cybersecurity, a better user experience and less administrative load on IT resources. This move is a critical part of using the right technology to further the mission, and to giving government employees the tools they need to be successful.
This content is made possible by our sponsor. The editorial staff of Government Executive was not involved in its preparation.