The U.S. Department of Veterans Affairs (VA), National Security Agency (NSA) and U.S. Army recently provided further insight into how their agencies plan to embrace mobile device use in the office and in the field. As the public sector continues to wonder if secure mobile device management is a real possibility or an illusory goal, government officials are sure to be monitoring the success or failure of these blueprints with great intent.
The VA began its exploration of smartphone and tablet deployment in earnest last October with a limited pilot program for iOS devices. At the time, just a few hundred iPads were purchased and deployed in operations, but officials were already looking ahead to the possibility of welcoming employee-owned devices within 12 months. In an official request for information submitted on FedBizOpps, VA leaders called for the establishment of a national mobile device management (MDM) solution.
"With this new acquisition, the VA will procure a nationwide MDM solution to allow up to 100,000 users to securely connect tablet devices, including iOS, Android and Windows phones, to the enterprise network," the document stated. "The MDM will allow the tablet devices to be remotely managed, provide strong enterprise security and provide reporting capabilities to VA leadership. The MDM will also allow iOS devices to connect to a VA enterprise application store for the safe and manageable downloading of enterprise applications."
Fewer than 1,000 iOS devices are currently active on the VA network, according to FierceGovernmentIT, and chief information officer Roger Baker has suggested that the agency will stay under that self-imposed cap until a reliable MDM solution is firmly in place. To scale out to 100,000 devices, Baker also suggested that a bring-your-own-device framework inclusive of non-iOS devices will likely be implemented.
"Our app development group realizes we're going to try to be as agnostic as possible, but there are things that may be in one device type that aren't in another device type. And it may well be that you've got an enhanced app in one area that your wouldn't have in another," Baker noted.
For example, VA developers have been working on a new iOS-based application called Clinic in Hand. The program enables doctors to both view and add information to electronic health records on the go without storing any patient data directly on the device. Much of its current success, however, relies on the enhanced encryption native to Apple platform.
As the agency targets a late second-quarter rollout of its request MDM solution, NSA leaders are plotting their own innovative approach to mobile data security.
"Today, strict security requirement mean most employees at the National Security Agency have to leave their mobile device in their cars in the parking lot rather than bringing them in to work," explained InformationWeek contributor J. Nicholas Hoover in a recent column. "Someday soon, however, that will change, as the agency is working on a plan to introduce secure, commercially available mobile devices and approve an architecture that will enable agencies to use mobile devices with classified data."
The NSA will begin its outreach to mobile device manufacturers in the coming months, according to Hoover, to develop workarounds for current issues such as access latency brought on by uniquely high encryption standards. Other planned initiatives include the establishment of a mobile enterprise app store for NSA employees and the development of an operating system that would flexibly calibrate its security features to adjust to both classified and unclassified networks.
Ensuring mobile data security – and doing so in a cost-effective manner – continues to present a steep challenge, however. As Hoover noted, most of the smartphones and tablets currently deployed in NSA operations were built from the ground up to stand up to the agency's strict data protection standards. Two of the most popular devices cost in excess of $3,000 in their current state, with accessory kits costing an additional $845. In an effort to build a more sustainable strategy, NSA officials have had to shift their focus to the potential held in commercially available technology.
"This is about bringing efficiencies and capabilities that people are used to in their everyday lives and extending that to our national security mission," NSA project coordinator Troy Lange told InformationWeek.
The most promising possibility seems to be SE Android, a more-secure version of Google's mobile operating system developed by the NSA's in-house experts and recently released for open source testing. According to InformationWeek, the project aims to close Android's data security loopholes by isolating apps from one other, resolving problems within malicious apps and implementing permission checks at all levels. And although developers acknowledge that it may not yet be the comprehensive solution the agency needs, SE Android has already drawn the interest of military technology leaders.
According to CNN, the U.S. Army has been testing the modified Android devices in the field since late last year and could authorize an additional deployment in March. Officials realize that embracing Android gives them a better chance ensuring both modernity and affordability in mobile device use among troops, but each and every app is being vetted for potential data security loopholes.
In an interview with CNN, George Mason University information security director and government contractor Angelos Stavrou explained that diligent application testing has revealed that many programs gather and send "far more personal information" than is necessary. For example, a weather app sending GPS coordinates over the Internet could compromise a soldier's location.
As developers continue to refine SE Android for public sector implementations, yet another battlefront has emerged between Google and Apple. Although the VA has shown a preference for iOS architecture, the NSA and its broader band of collaborators have praised the flexibility of Android's open architecture. According to CNN, some are already speculating that Google's continued success in the space could force Apple's hand and lead company officials to draw back the curtain on their own mobile operating system.
Data Security News from SimplySecurity.com by Trend Micro