Mobile security: Innovation is in the works
Four agencies hope to spur the development of new technology and strategies that could improve the security of the enterprise and the productivity of employees
Federal agencies are going on the offensive when it comes to mobile security.
Officials might be ready to embrace the so-called consumerization of the enterprise and leverage popular commercial mobile technology for government applications. But they are not willing to accept the cross-your-fingers-and-hope-for-the-best approach to security adopted by many consumers.
So with mobile devices proliferating across government, a number of agencies are in the market for innovative solutions. Here is an overview of four recent efforts to spur innovative solutions for making those devices enterprise-ready.
USDA: Isolation plus integration
As part of its Next Generation Mobility Solution, the Agriculture Department is seeking a container solution that makes it possible to protect government applications and data being accessed through an employee’s personal mobile device.
Such a concept, also known as a walled garden, is not new, but the department is looking for a state-of-the-art solution that integrates seamlessly with the agency’s infrastructure. For example, the data in the secure container must be automatically synchronized (through an encrypted link) with USDA file servers and vice versa, making the data available to other mobile devices or to backup and archival systems.
The container solution also must be integrated with the department’s mobile device management and mobile application management solutions, making it easier to manage the data and applications in the container.
Interior: Security for globe-trotters
Officials at the Interior Department are looking for technology to help them respond to mobile cybersecurity threats when employees are traveling abroad, according to a recent request for information.
Specifically, Interior officials would like to be alerted in real time when a device is being compromised so that the agency’s security experts can take action to mitigate the threat, whether that means updating security-related software or wiping the device clean of sensitive data and applications. Any solution also needs to provide a detailed log of any security event for use in post-event investigations.
The department has a mobile device management infrastructure in place, which helps manage security configurations. But that system does not provide enough capability when it comes to identifying and responding to threats as they happen, the RFI states.
DISA: CAC-based, user-friendly
The Defense Information Systems Agency is in the market for an approach that leverages the Defense Department’s Common Access Card to turn mobile devices into secure thin clients.
That’s the first challenge. The second challenge is to come up with a solution that does not greatly diminish the usability of commercial devices in terms of the user interface, device weight, battery life and display legibility, according to a broad agency announcement released in September.
The proposed solution is expected to work with either government-furnished or employee-owned devices. However, in either case, the solution should ensure that no government data is stored on the device.
DISA also would like a solution that works across multiple devices. However, the security requirements take precedence over device availability, the announcement states.
Marines: Military-ready, commercially viable
Marine Corps officials are hoping to work with the IT industry to develop a trusted handheld platform that meets their exacting requirements but can be parlayed into a commercial offering.
They are especially concerned about developing a security framework that enables a single device to access multiple domains, according to a statement of objectives released earlier this year. Such devices are available through contracts run by the National Security Agency, but those products include technology that cannot be sold commercially.
The goal is to develop a framework that could become a standard commercial product based on technology already used in commercial devices, reducing the cost and complexity of the devices and speeding their delivery to market, according to the statement of objectives.