3 minute read
computacenter
How to use mobile devices in sensitive areas – simple operation leads to higher security
(BSC/Computacenter) Nowadays, even the public administration uses mobile devices such as smartphones and tablets. This is not surprising, as these devices support the staff members in completing their daily work, thus providing significant added value. Apart from their comprehensive features, however, mobile devices also entail certain risks. Thus, it is crucial to secure official data on these devices without leaving sight of user-friendliness, though. If usability is poor, users will look for other ways to access mobile applications – including insecure private devices.
Sensitive data on mobile devices are at risk as smartphones and tablets may get lost or stolen. Moreover, data communications often take place in insecure public spaces such as airports or trains. Apart from such risks as the loss or theft of a device or a cyber attack there is another threat: In many cases, private apps like WhatsApp or Facebook access and read out other applications, e.g. the phone directory. According to a survey conducted by the Global Privacy Enforcement Network (GPEN) in 2014, 75 per cent of all apps access at least one sensitive function of the devices. It is recommendable to employ so-called security containers in order to protect sensitive data while providing staff members with the best possible usability. The German software specialist Virtual Solution AG has developed a security app called ‘SecurePIM’, which acts as a security container. It allows a strict separation of job-related data from private data.
“SecurePIM is the Swiss army knife in the field of enterprise mobility solutions. It provides the functionality of a Personal Information Manager while integrating a secure web browser and offering a secure document management solution. It is a simple all-purpose tool that combines all business functions within a single app,” says Dirk Moede, responsible Key Account Manager at Computacenter.
Official data secured in an app
The security app stores highly-sensitive official data such as government documents, job-related e-mails, appointments or business contacts in a fully impenetrable container. The app can be installed easily, providing high security without restricting the options for private use by the employees. As usability itself has evolved to become an integral security feature, this topic should not be underrated. If users are expected to use the protected mobile devices of a public authority, user acceptance must be ensured. Optimum security levels can be ensured with the help of scalable functions. Authorities may decide whether a particular staff member requires smartcard encryption or whether S/MIME with soft certificate is sufficient.
A mobile application management portal is used for administrating and configuring the app. This allows the IT department to access all mobile devices of all users. Furthermore, as the security software runs on the public authority’s own infrastructure, it can be integrated seamlessly into the existing public key infrastructure of a public administration.
Data protection ensured
Data is not routed through third-party servers (NOC – Network Operations Centre). SecurePIM runs exclusively on the servers of the respective public authority, which means that the data remain under the ownership of the public administration and adherence to German data protection regulations is ensured. In addition, the IT department may easily block access to the data in case a device is lost and reinstall the data on a new device. The app allows staff members to access all of the important official data from anywhere and at any time. This way, intranet applications and the complete document management procedure are also available in a secured manner.
Experienced in IT security
Last year, Germany’s Federal Office for Information Security (BSI) launched the project “Secure Data Synchronisation Service” in order to ensure the secure integration of iOS devices within the infrastructure of the federal administration. Computacenter won the invitation to tender together with Virtual Solution. Once implemented, the solution will soon be piloted at selected federal agencies. The BSI has granted preliminary approval for using SecurePIM in order to bridge the gap until the pilot operation has been concluded.
Computacenter has long-term experience with the development and implementation of mobile solutions within the public administration. The IT service provider has developed an application called “eAkte2Go” (“eFile2Go”), for instance, which allows users to access the contents of the central filing system using a mobile device while on the road. Teaming up with Virtual Solution, the IT service provider is developing solutions that allow mobile devices to be employed both in uncritical and high-security fields of application.
