As it has in organizations in the private sector, mobile computing is becoming one of the most pervasive technologies in the military and in other branches of government. However, with the rise of smartphones and tablets comes a number of data protection challenges that must be addressed before widespread adoption is an option.
With this in mind, the U.S. Department of Defense recently revealed that it is actively exploring ways to raise awareness about mobile data security to ensure that employees do not put sensitive data in harm's way.
In an interview with the Pentagon Channel and American Forces Press Service, the DoD's division chief of outreach and communications Robert Young stated that the agency isn't looking to get in the way of innovation by restricting department personnel from using mobile technology. However, there are a number of persistent issues that raise flags for the department.
"Because of the pervasiveness of the [mobile computing] market, everyone has one, everyone wants one, but we often don’t look at how the device works – we take it home and start loading pictures on it," Young said.
"We do want this innovation in the Department of Defense, so we don’t want to say no, but we want to do it safely and securely," he added.
One of the main concerns in the DoD, as well as other organizations, is the number of operating systems that must be covered by a mobile security policy. This was less of a concern when Research In Motion's Blackberry OS was the dominant mobile OS on the market, but several more competitors, including Google's Android and Apple's iOS, have emerged as favorite platforms among mobile users in recent years, necessitating that amendments be made to mobile policies.
"With all the different operating systems out there, every patch, every update changes each device and the vulnerabilities within [and users] are going to have to weigh that risk," Young said.
A recent study from digital security firm ViaForensics revealed that many Android and iOS applications are lacking when it comes to security. According to the report, out of 19 evaluated apps for the two mobile operating systems, none received a passing grade. In fact, 14 of the apps were marked with failing ratings, while the remaining five were given warnings.
This is an issue the DoD is working to address. According to Young, his agency is drawing from several branches of the military as well as the FBI, the CIA and the Defense Advanced Research Projects Agency to develop best practices for mobile security.
"The issue is that we have to make sure the apps are safe and secure," Young said. "We can’t just throw them on and then try to figure out what they do after the fact."
Additionally, the agency is working to educate military personnel and DoD employees to ensure they are aware of the security implications of advanced mobile devices.
Education is often one of the key steps to improve data security practices, not only for mobile devices but for all aspects of business. However, it is often an aspect that many organizations neglect as well. This notion was echoed in a recent Government Computer News report, which advised companies to focus on employee training and teach them how to look for signs of malware and other threats.
This is sound advice, as cybersecurity threats have only increased in recent years. Without training, an organization may be treading dangerous waters, putting itself at risk of cyber attacks, viruses and other threats that may prove detrimental.