Blog

How Utilities Can Lockdown Mobile Security

There are two types of people in this world: Those who segment people into two types, and those that don’t.

There are also two types of workers: Those who deliver tangible, objective results, and those who don’t.

In fact, The Atlantic recently published Ian Bogost’s article about what it means to be an engineer, called “ Programmers: Stop Calling Yourselves Engineers”. While there are a lot of interesting points in the article, one aspect which the author doesn’t directly address is the difference between these two types of workers, and why this difference is significant to Utilities in particular.

Gauging Success

Most people work in professions where there is a subjective component to their actions; where they’ll be recognized for a job that is perceived to be well done, absent of quantifiable results. These include many highly valuable jobs: Physicians, advertisers, financial advisers, professors, and retail associates, among others.

But, engineers are typically different. When they work on a project, it’s either successful or it isn’t. And, like the engineers discussed in the article, most utility professionals find that when they are tasked with either creating or fixing something, their solution either works or it doesn’t. In other words, most utility industry jobs are far from subjective; one doesn’t need a manager to judge how well you did.

This is especially true for the mobile security and IT experts who implement utilities’ security measures.

A breach of security will not result in your boss telling you “Nice try. It wasn’t really your fault. Here’s your bonus.” So utility IT professionals are under extreme pressure to identify the best technologies and perfect – and protect – their mobile strategy from day one.

Now, I haven’t examined every rugged mobile computer rollout that our company has supported for utility customers. But, of the ones that I have, ALL have made mobile security a full requirement.

Mobile Benefits

Mobile technology brings a lot of benefits: Faster outage response; higher quality, real-time information; more satisfied customers. And putting supremely rugged and extremely connected mobile tablet PCs in the hands of utility field workers has been a productivity boon.

Mobile Security with Xplore Rugged Tablets

Rugged tablets, however, have value only in the information which they deliver, and much of this data is delivered wirelessly from IT’s various databases. In every case that I’ve seen, IT has judged that securing the data and the network is essential to their mission. Those databases contain sensitive details about utilities’ infrastructure equipment, utility subscriber information, and information about the field workers themselves. It’s all critical data that can’t solely be protected on back-office servers. And it all warrants even more thorough security measures when accessible on the rugged mobile devices that utilities’ dispersed employees are using in the field, in their vehicles and even in the office.

Perhaps that’s because cybersecurity is now one of the top threats to utilities, and the prolific use of mobile devices by utilities in field means the threat is literally anywhere – and everywhere.

So how do utilities do it? How do they lock down their mobile security strategy? With tough mobile PCs that support the latest TPM 2.0 modules and Trusted Computing Group methods.

TPM 2.0 modules, such as the ones offered by Intel and frequently found on rugged tablets that use Intel processors and chipsets, protect utilities’ security tokens. They also ensure that only authorized programs can run on the mobile PC, prevent unauthorized operating system images from loading, and provide support for hard drive encryption methods.

It’s not uncommon for rogue programs to find their way onto any mobile device. The mobile PCs that utilities issue to field service technicians often use public wireless networks to connect to utilities’ workflow software and critical data. And, thanks to basic human nature, mobile workers’ tablets can find themselves accidentally left behind at a job site more often than one would hope.

Fortunately, utilities can protect these mobile tablets from malware infections with TPM-based systems that only allow secure data access via Utility-authorized programs. But you have to look for the latest version of such security features. For example some tablets that just came to market still utilize the older TPM 1.2 version, not the current TPM 2.0 version.

In fact, TPM 2.0 offers so many additional security layers – such as authorization based on an asymmetric digital signature, indirection to another authorization secret, counters and time limits – that Government agencies are no longer authorized to use TPM 1.2 mobile devices. And TPM plays such an important role in utilities’ mobile security that consumer-grade mobile computers, including many notebooks, are almost entirely absent from Utilities’ field service forces. They don’t include the TPM chipset at all and, therefore, can’t provide acceptable mobile data security like the more rugged, Intel-powered mobile PCs.

Plus, like virtually every company that’s operated over the last couple of decades, Utilities’ back-offices are equipped with Intel-based PCs and servers. Intel’s technologies have proven time and again that they not only get the job done, but boast best-in-class security measures across their entire system. That means utilities, which typically incorporate Intel-based back-office software titles in the early stages of any mobile technology deployment, automatically gain a significant, and trusted, mobile security foundation from day one as well. Perfect for utilities’ IT experts who have a “make or break” job, right?

Mobile Cloud Security

(Yes, one could argue that alternative architectures may have some mobile security advantages. But, honestly, only Intel-based systems have it all. That is why utilities don’t bother with any mobile computer lacking Intel-based systems.)

Two-Factor Authentication

But mobile security efforts can’t be exclusive to Intel-provided protection. Two-factor authentication measures are a must and mobile VPN suites should be commonly loaded onto any mobile device that utility technicians bring into the field. Users need strong passwords to access such systems, and they use advanced encryption techniques to securely send data over public networks.

Still not enough? Encrypt the data as well. The right rugged tablet will support security tools that make this easy. A common disk encryption tool, BitLocker, actually uses TPM to hold security keys.

After all, just like there are two groups of people and two groups of jobs, there are two groups of mobile security deployments: Those that are secure and those that aren’t. There is no middle ground, no gray area.

Mobile security expectations must be clearly defined before any successful utility expert can make a definitive move towards any mobile technology. But once the criteria is established, don’t pick a mobile device that MAY work. Pick one that will, without a doubt, support any security measure you may have to implement now or two years from now.

Concerned about using an Android-powered tablet as your primary mobile workforce solution? Read this:
Mobility Doesn’t Mean Insecurity: Locking Down Your Data with Android

Wondering what other mobile computing capabilities or features you should consider before making a device purchase for a field-based workforce?
Go here for more resources with expert recommendations. 

More Utilities Resources

Blog Author: Bob Ashenbrenner
President of Durable Mobility Technologies, LLC.