Federal agencies face a unique set of challenges. Since the publication of the Executive Order on Improving the Nation’s Cybersecurity (“EO”), the Office of Management and Budget (OMB) has released several directives. Despite the directives’ interconnected nature, Federal Civilian Executive Branch (FCEB) agencies still have budgetary constraints, meaning prioritizing their investments is mission-critical. Fundamentally, FCEB agencies need to find solutions that address as many security requirements while spending as little money as possible.
According to Bloomberg, last year, attackers infiltrated the phones of US diplomats in Uganda using a kind of spyware known as Pegasus, one of the most sophisticated spyware that can access a victim’s messages, camera, and microphone without the victim clicking on a single link. The recent news has raised concerns among the House intelligence committee and is believed to be only the tip of the iceberg for federal agencies and the security of their devices.
Not only do FCEB agencies need to comply with federal initiatives, but they also must monitor the ever-evolving threat landscape to protect their corporate data. The problem is many struggle to allocate budgets effectively and efficiently.
In May 2022, FedScoop’s interviewed 177 pre-qualified federal agency IT decision-makers, noting:
Similarly, Zimperium surveyed agency technology leaders and found:
When comparing this data, the key takeaway is that agencies need solutions that solve more than one Zero Trust architecture pillar at a time not only to meet requirements but protect their devices.
Mobile device security is increasingly essential to any agency compliance initiative, especially in a remote work environment. Not only do agencies need to incorporate mobile device security as part of their Zero Trust initiatives, but they also need to understand the breadth of compliance mandates addressing this issue.
For example, the following mandates and publications all mention mobile device security, but more specifically, they include mobile threat detection (MTD) either specifically or by implication:
No matter which mandate governs a federal agency’s compliance, they all incorporate MTD as a mobile security “must-have.”
Fundamentally, modern work requires mobile devices, and as agencies improve their cybersecurity posture, they need to incorporate mobile threat defense. With MTD, agencies achieve holistic endpoint security.
Traditional mobile device security provides capabilities that ensure mobile devices have organization-defined configurations in place, like most recent operating system updates. However, a gap still exists when trying to mitigate risks associated with other threats like:
This is why agencies need to prioritize MTD as part of their endpoint detection and remediation strategies, particularly as they continue to allow users to bring their own devices.
NIST 800-124 explains that MTD’s capabilities go beyond those provided by other mobile device security tools by:
Prioritizing compliance requirements is both challenging and mission-critical. Agencies need to adopt the solutions that enable them to optimize their security stack and maximize their limited budgets. With mobile devices now the norm, prioritizing mobile device security and threat detection is fundamental to securing federal systems.
Approved to participate in the NIST “Zero Trust Cybersecurity: Implementing a Zero Trust Architecture Building Block Consortium,” Zimperium is working diligently to help the NCCoE design and build approaches to Zero Trust architectures that take mobile threats and mobile security into account.
Zimperium provides the only advanced mobile threat defense solution with on-device, machine learning-based security for Android, iOS, and Chromebooks. Zimperium MTD detects threats across the kill chain, including device, network, phishing, and app attacks.
Zimperium was the first mobile threat defense (MTD) provider to be granted an Authority to Operate (ATO) status from the Federal Risk and Authorization Management Program (FedRAMP) and is used by many government organizations including the U.S. Department of Defense (DoD).