SPECIAL RESEARCH REPORT
 workstations but, today, telework has come to encompass the use of mobile devices to access government networks from afar. IT managers understand that most employees expect such mobility, but they fight to balance maintaining control over mobile applications with meeting demand for greater access to IT infrastructure. Seventy-six percent
of respondents said they are actively working to improve access to agency applications and computing resources for employees wherever they are. But 66 percent said employees want to use their own technology solutions to conduct business, which could be problematic from a security standpoint. That’s why 65 percent of respondents reported that they use agency-issued devices.
The most common mobile security strategy that 62 percent
of survey respondents said they have in place is the ability to remotely wipe – or clear data and access capabilities from – lost or stolen devices. But 30 percent of respondents said they need more information before implementing that capability, and only 14 percent said they were satisfied with their current solution.
At 51 percent, auto-lock procedures for lost devices are the second- most common strategy, but only a quarter of respondents said they are satisfied with what they have. Other approaches are gaining attention, too. For example, 32 percent are planning to have policies defining which applications employees can and cannot access from mobile
Figure 4: Identity and access management solutions done in house
Authentication and access management are an important part of security. Many government agencies choose to keep much of that oversight in house, as shown below.
currently have currently have and plan to have
Stronger password and account-management policies
Two-factor authentication
Identity and access management tools to protect mobile access
Logging/auditing of use of privileged access
User behavior monitoring
More granular controls of user access (principle of least privilege)
devices, and 27 percent are planning to have automated mobile device provisioning and deprovisioning.
Multifactor authentication has been widely touted – and implemented – as a security tool. Almost 60 percent of respondents said they have two-factor authentication in place, and another 17 percent said they plan to have it. Almost half said their agency has strong password and account management policies, and 47 percent have identity and access management tools specifically to protect mobile devices.
Perhaps this is why identity and access management are of less concern to respondents than the specific tools. About half said the
need for multifactor user authentication is challenging, and 43 percent find the need for more robust authentication and authorization capabilities challenging.
Looking ahead, 29 percent of respondents said they are investigating or considering stronger password and account management policies, and 24 percent are turning an eye to more granular user access controls. Lower on the list of interests is two-factor authentication (18 percent) and identity and access management tools for mobile devices (21 percent).
Internet of Things
IoT is an emerging but burgeoning technology area in which things that heretofore weren’t connected to the internet and networks now are. For example, cities use IoT for smart city initiatives such as timing streetlights, while federal entities use it adjust the lights or air conditioning in a given building to save money – and the environment. In fact, 76 percent
of respondents said they use IoT, with the greatest number
Figure 5: Internet of Things (IoT) challenges
IoT has been part of the evolution of IT modernization for some time. Now agencies are adding planning and strategy for interconnected solutions. Managing the complexity of IoT and securing data are the areas they find most challenging.
very challenging
somewhat challenging
Managing complexity
Data security
   20%
 34%
 11%
 35%
   19%
 26%
 Aligning IoT and mission goals
Classified data access management
Privacy
Change management/impact on work culture
Interoperability between legacy and IoT systems
of applications managed or under consideration in the infrastructure realm: energy, utilities and water. Other areas in which IoT holds promise are transportation (43 percent), smart buildings (42 percent), surveillance (39 percent) and smart cities (36 percent).
Because IoT has the potential to exponentially increase the number of devices connecting to agency networks, its growth brings security implications. Fifty-four percent of respondents said they find managing IoT challenging, with 20 percent of that number calling it very challenging. Data security is less of a struggle, however. Although 46 percent say it’s challenging, only 11 percent find it very challenging. Respondents are the least concerned about interoperability between IoT and existing
 49%
 28%
 18%
 27%
 59%
 17%
 18%
 23%
 47%
 21%
 18%
 19%
 43%
 23%
 15%
 20%
 39%
 22%
 28%
 24%
      PRODUCED BY: SPONSORED BY: