Endpoint Management has become an increasingly complex task for government agencies as more mobile devices, smartphones, tablets, laptops, Internet of Things (IoT) devices and smart sensors become integral components in a networked eco-system.
Consider the United States Air Force, which covers a myriad of missions and environments, including flight-lines, medical centers, building maintenance operations, and offices. Endpoints include laptops and smartphones as well as smart sensors for monitoring and controlling heating, ventilation, and air-conditioning (HVAC) systems. Managing and securing endpoint devices across 250 global locations becomes a highly complex undertaking because each endpoint comes with its own applications and cybersecurity requirements.
Connectivity is critical for Air Force service men and women to fulfill their missions. As a result, the USAF recently released a leasing opportunity for installing Long Term Evolution (LTE) networks, which provide high-speed wireless communications, at nine USAF bases in the southeast region, to have a better way of managing endpoints, according to Dr. Leslie Perkins, Deputy Chief Technology Officer with US Air Force Information Dominance & CIO.
Endpoint management for the Air Force is not just about managing devices, although that is important. “We’re looking at how we manage the applications served up on these endpoint devices,” Perkins said during a recent FedInsider webinar on New Approaches to End Point Management.
The Air Force is also exploring options, different deployment models, such as Bring Your own Device (BYOD). “If a person has a personal phone and would like to be able to connect to their own information, how do I make it such that I'm protecting not only the Air Force equities, but my airman’s equities,” Perkins said.
“Endpoint management for us has to encompass the myriad of missions, has to encompass the flexibility whether self-ordained or imposed upon us in how we conduct our mission, as well as, the security of ensuring that our Air Force can fly, fight and win through air space and cyberspace.”
Endpoint devices are being deployed to meet agency mission needs, providing critical communications and situation awareness capabilities, access to applications and information for personnel in the field, critical information for emergency response, support for real-time access to data for law enforcement and screening operations as well as back office and email and productivity support for all personnel.
Essentially, endpoint devices provide anytime, anywhere delivery of information and services to federal staff, partners and the public, per Vince Sritapan, who manages mobile security research and development projects within the Department of Homeland Security Science and Technology Directorate.
There are a variety of endpoint deployment models ranging from corporate-owned enabled, to government-furnished devices, to BYOD, Sritapan noted during the endpoint management webinar. Federal managers will have to consider what the risks are to their mission when choosing the various deployment models to determine the best fit for their agency.
Federal mobile management has matured over the past several years to address the dynamically changing technology and cyberthreat landscape, Sritapan noted. If a known malware attack targets users’ mobile phones, is an enterprise smart enough to know it has been compromised? Organizations need a mobile threat defense solution to prevent attacks on mobile devices and apps. Additionally, there is the growth of mobile application vetting systems that evaluate, and vet applications, users allow on their devices, Sritapan said. These are the types of technologies that agencies will deploy over the next few years along with continuous diagnostics and mitigation solutions.
However, “We're seeing departments and agencies mature to understand [they] need more than enterprise mobility management,” moving beyond management of smartphones -- which is still a hard task, Sritapan noted. Federal managers are now asking, “What do I do when I have somebody in the mission that’s going to be bringing different types of sensors that are in the field, that’s going to collect data, send it through a protocol through a mobile app on the phone? How am I protecting those end points?” Managers must think about issues such as data integrity, device attestation, which allows a program to authenticate itself, and remote attestation, which is a means for one system to make reliable statements about the software it is running to another system.
“There is a lot to think about with enterprise mobility, endpoint management, going forward,” Sritapan said.
IT departments in federal organizations are facing multiple challenges with the proliferation of endpoints, compliance requirements and security threats. Because cyberattacks have become more commonplace, compliance with strict government regulations such as the Federal Information Technology Acquisition Reform Act (FITARA) is critical in today’s era of digital transformation.
A proactive unified approach to endpoint security and management, like Quest’s KACE Systems Management Appliance provides could help federal agencies increase system uptime, secure network devices, patch vulnerable systems and replace unsupported software.
To hear the one hour webinar in full, go to https://www.quest.com/webcast-ondemand/whats-next-for-government-a-new-approach-to-endpoint-management8137445/.
Authored by: Rutrell Yasin, Principal Writer, FedInsider