Exposed U.S. voter database poses 'extreme' danger, researcher says
June 28, 2016
The database contained personal data on more than 150 million people — including voters’ addresses, full names and political stances.
Tim Williams, director of product management at Absolute Software, is a FedScoop contributor.
2013 was the year of mobility acronyms -- MDM, MAM, BYOD, COPE, etc. -- all of which highlighted the changing landscape and challenges of managing the new devices entering organizations -- iPads, iPhones, tablets and Android devices. And those challenges have been especially acute for government organizations, where devices are more likely to contain highly confidential, highly regulated or highly classified data.
In the case of employee-owned devices, almost everyone agreed a BYOD policy was imperative. And for government organizations that don’t permit the use of employee-owned devices, an overall mobility policy defining the rules for mobile device use was equally important. But policies are really just the first step, not the last.
That’s because policies govern organizations, but users control devices, and different levels of personnel within a government organization will require different levels of access, different sets of apps and different sets of data to do their jobs. When you think about it, supporting mobility is really about the user -- not the device.
Pushing past the IT acronyms to meet the needs of the user
Increasingly, users work on multiple devices, and they expect to have access to the same networks and data on each of them. Indeed, their productivity depends on it. Similarly, the government agency must be assured that data is appropriately restricted for each user, regardless of the device used to access it. The only constant is the user.
That’s why policies and solutions based on device type or platform are not effective. Instead, IT should focus on the user, regardless of device. At the end of the day, IT and government organizations want to support employee productivity; but never at the expense of security.
By first considering the employee’s role, team and organizational unit, as well as any security clearances, you’ll be able to define what they need to access to be productive -- regardless of whether they are using an Android or an iPad.
By focusing on the needs, rights and permissions of the user, IT should be able to build a template for each group of users that will support their productivity and provide them with the flexibility to use a device of their choosing.
Make sure your i’s are dotted and t’s are crossed – BYOD policy
The organization must legally observe the privacy requirements of the employee -- especially when the employee owns the device. Many government organizations use a formal agreement between the organization and the employee.
The agreement should spell out exactly what IT can do if:
- The device is lost or stolen
- The employee leaves the organization
- If a suspected security risk is underway
Of course, the employee’s acceptance of the terms of the agreement must be in writing and memorialized within their employee file.
Providing government employees with access to the information they need, regardless if they are in the office or on the go, is essential to productivity in 2014. But government organizations must also ensure good stewardship over the sensitive information with which they are entrusted.
By focusing on the user first, government IT can design policies and workflows that both support employee productivity and ensure government data is secure.