5 mobile security lessons from the Department of Defense

Several years ago, the National Security Agency wasted millions on a circuit-switched approach to mobile security strategy. With help from the Department of Defense, the NSA is doing things differently now. Enterprise CIOs can learn a few things from the effort, too.

By Jason Bloomberg, CIO |  Mobile & Wireless, Mobile Security

4. Think globally, act locally. The new mobility strategy handles governance and management differently as well. Taking a page out of Service Oriented Architecture governance best practice, the DoD Mobility Strategy calls for centralized management of secure devices and distributed enforcement of security policies.

On the one hand, the DoD requires the ability to remotely wipe and disable lost devices, an example of a key centralized management capability. On the other hand, it's also counting on its extensive user base to understand and implement mobile security policies in the field. As a result, training and human management are central elements of the new strategy.

5. Don't treat everyone the same. The DoD now requires "just enough" security. There's no sense providing top secret-level security to users who only have secret clearances. DoD personnel without clearances at all still require a measure of security, but there's no sense spending the same kind of money to secure routine, unclassified communications as the agency must spend securing classified communications.

Mobile Security Calls on People to Pitch In

Perhaps the most interesting aspect of the DoD Mobility Strategy is that it emphasizes both technology and people. Gone are the days when security depended on a single set of hardened technology solutions, with people simply expected to use the technology properly.

Today's mobile environment is too diverse and dynamic to support such a black-and-white approach to security. Instead, it falls to the users of mobile technology to understand the role their gear plays in achieving the broad-based goals of the organization. As a result, the new mobility strategy represents a dramatic cultural shift for an organization used to relying on military precision and rigid technologies.

Tutorial: Steps for Achieving Proper Mobile Security Governance

For private sector organizations struggling with their own mobility strategies, there are important lessons here. A militaristic approach to mobile security is impractical at best-and dangerously ineffective at worst. Instead, the only way to take advantage of increasingly flexible and dynamic technologies is to put in place equally flexible and dynamic security policies and infrastructure.

Security won't be perfect. Then again, it never is. The DoD Mobility Strategy illustrates how even the most security-conscious organization can balance security concerns with the agility requirements of an increasingly empowered workforce.

Originally published on CIO |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question