Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Deadline For Agencies To Secure Remote Data Comes -- And Goes

The deadline for agencies to properly secure remote data according to a mandate from the Office of Management and Budget has come and gone, but recent events indicate there's plenty of work to be done before systems are actually locked down. For solution providers who see beyond the technology to also implement policy safeguards, the upcoming months could prove lucrative.

Aug. 7 marked the day that federal agencies were mandated to implement a security checklist to protect remote information. They were also recommended to encrypt all sensitive data on mobile devices, allow remote access only with two-factor authentication, use a time-out function for remote access and mobile devices that would require user reauthentication after 30 minutes inactivity, and log all computer-readable sensitive extracts from databases and verify each extract has been erased within 90 days.

The OMB has not released a report tracking how agencies are doing meeting this mandate, but perhaps telling is the fact that five days before the deadline, another security breach at the Veterans Administration occured -- this time, a desktop from Unisys that contained the personal data on approximately 18,000 veterans went missing.

So what's lacking?

"The technology needs to go beyond protection of remote access of systems to policy," says Andrew Krcik, vice president of marketing for Palo Alto, Calif.-based PGP.

  • 1