5 mobile security lessons from the Department of Defense

Several years ago, the National Security Agency wasted millions on a circuit-switched approach to mobile security strategy. With help from the Department of Defense, the NSA is doing things differently now. Enterprise CIOs can learn a few things from the effort, too.

By Jason Bloomberg, CIO |  Mobile & Wireless, Mobile Security

The DoD may like an unlikely source for strategic innovation, but there are some important lessons for any organization looking to balance security concerns with the power of mobile communications. Here are five highlights.

1. Focus on software, not hardware. Even though the DoD's long-standing policy was to leverage hardware-based encryption technologies, the DoD Mobility Strategy centers entirely on software-based security. As a result, the devices themselves are purely commercial off the shelf (COTS). This fulfills the desires of DoD personnel and also helps future-proof the strategy, as the DoD must allow for the frenetic pace of technology development in the mobile space.

News: New Federal Mobile IT Strategy Must Address Security

In fact, the DoD met with Apple in 2010 and, according to a conversation with an Army general, asked for a few hardware tweaks to the iPhone. Apple steadfastly declined. Why? Not because it's an arrogant market leader, but because of the economic reality-even the largest order the DoD might place would only account for a day or two of iPhone production. It's just not worth the trouble for Apple to customize its hardware for even the largest customer.

2. Encourage interoperability. The DoD Mobility Strategy calls for "composable" solutions. In other words, the agency is expecting and encouraging interoperability across mobile apps, as well as among mobile, cloud and traditional on-premise apps.

While traditional thinking is that closed technology is inherently more secure, today's approach is to embrace openness and develop secure approaches that work in open, dynamic environments. As a result, if the answer to the question "Is there an app for that?" is Yes, then there should be a way to securely use the new app within the appropriate security context.

Analysis: DoD: Open Source As Good As Proprietary Software

3. Consider all end users. The new strategy focuses on needs of different constituencies. SME-PED, on the other hand, was essentially a one-size-fits-all solution. It may have been worth the trouble for certain command-and-control communications, but it was overkill for the everyday business of the DoD. In contrast, today's mobility strategy expressly calls out the different needs of executive users (battlefield commanders), tactical users (warfighters) and enterprise users (everyone else). Clearly, someone whose job is to pay bills for the DoD has very different security concerns than a strike fighter pilot.


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question