Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

BYOD, cloud security conerns make military and intelligence agencies hesitate

US national security doesn't like the word "BYOD" and are mostly BlackBerry users still

Article comments

If the shift to cloud computing and the adoption of BYOD policies seem like an inevitability in the corporate world, they are anything but in the military and intelligence communities.

In a panel discussion Tuesday at a government IT conference, Debora Plunkett, information assurance director at the National Security Agency, joked that she would break out into hives at the mere mention of the term "BYOD."

But just as private-sector employees have been clamoring for authorisation to bring their iPhones, Androids and other devices into the workplace, federal workers - including those who deal with classified information - have been voicing similar requests.

"We have a - not unexpected at all - a large client set who are just craving for the ability to do the things at work that they do at home. It's not rocket science," Plunkett said. "It's really happening across the corporate landscape. That's where it originated and there is a groundswell of interest and actual implementation in corporate America and the corporate world. And, not surprisingly, what has been proven successful in a corporate environment drives our requirements for the same capabilities in government."

BYOD productivity brings NSA concerns

And she acknowledged that opening the doors to a new crop of ever-more sophisticated devices could translate into a more productive and efficient workforce, just as many private-sector CIOs have concluded.

"But what comes with those opportunities are some significant challenges, and I live in that space on a daily basis," Plunkett said. "It really starts with an understanding that there really are adversaries out there who have every intent to gain access to the secrets that we try to protect. And who have every intent of disrupting our ability to conduct the business of government. And who have every intent of reducing our confidence in the information that resides in the information systems that we trust. So our responsibility then is to raise that bar from a security perspective while still enabling the business of government to go on, and to go on in a way that allows us to use state-of-the-art technologies and tools and techniques, but being every mindful to the right of the adversary who is out there."

IT officials at the Pentagon are experiencing a similar friction.

"It's very simple: 'I want one device.' I don't think it's any more complicated than that," Robert Carey, principal deputy CIO at the Department of Defense, said of the growing demand for BYOD policies. "Balancing ease of use and security is always the dynamic. Security is the antithesis of convenience."

By its sheer scale, the DoD is a uniquely challenging IT environment. Carey has been leading recent efforts to consolidate and standardize the DoD's far-flung computing environment while also working to bolster the security of its enterprise architecture. At present, the department runs about 10,000 distinct systems, maintains 1,500 data centers and upwards of 65,000 servers.

But in the mobile arena, the DoD is a fairly homogenous environment.

"We have very few devices at the DoD. We are pretty much a BlackBerry house," Carey said.

Blackberry scores in government work

Carey noted that the Pentagon is currently running multiple pilot programs to test various devices from other manufacturers, and working with vendors to harden mobile operating systems to meet DoD security requirements. But he held RIM, the maker of the BlackBerry, apart from other device makers for its focus on enterprise-grade security from the outset, while Apple, Android and other operating systems began with a consumer-centric approach, and have only been beefing up security in response to concerns from corporate and government customers.

"We have to manage this very carefully as we move into the future and make sure that these are not additional attack surfaces," Carey said. "I don't know that we'll quite get to a pure BYOD environment."

Plunkett also posed a practical challenge that agencies like the NSA have to deal with concerning what's known as "spillage," when a set of information from one level of clearance is made available at a lower classification domain. The normal response at the NSA is to remove the device involved from the network, which sometimes means destroying it.

In a BYOD environment, would that mean confiscating and potentially destroying an employee's personal phone? "That's a whole new scenario, isn't it?" Plunkett said.

IT managers in the military and intelligence communities are similarly cautious in their approach to cloud computing. While the Obama administration has issued directives calling for agencies across the government to put the cloud at the forefront of their technology agenda, the issue is complicated when sensitive or classified information is in play.

Plunkett and Carey were both dismissive of public-cloud deployments for all but that information which is publicly available without restriction. The DoD is currently focused on private, internal clouds that it builds in-house, applying stringent security standards and skirting the thorny issues that arise in the drafting of contracts with private vendors.

"You've got to make some pretty big decisions up front," Carey said. "You have to understand, A: your information, and B: is it suitable and germane to go into a public or private cloud."

In any case when an agency is working with an outside vendor to aid with a cloud deployment, federal personnel must ensure that their private-sector partners have a "crisp understanding of the security requirements," Plunkett said, emphasizing the importance of including the specific security stipulations spelled out in the government's FedRAMP program in the contract.

"To the extent that we can get industry understanding and comfortable with the requirements that we have, and then get them committed to making changes in their products, that really not only raises the bar from our requirements, but raises the bar really for the world, because these are now commercial commodity products," she said. "They're going to become available for everyone."


Share:

More from Techworld

More relevant IT news

Comments

jennabell said: I think that non-blackberry devices will slowly make there way into government and military operation as they become more and more popular but also as more and better MDM and apps become avaliable I think the military should watch healthcare apps since they have to deal with strick HIPAA confidential patient info requirements and compliance There are several great HIPAA apps like Tigertext which offers HIPAA compliant secure text messaging in which the messages auto-delete after a period of time These kinds of apps will be come more prolific and offer military organizations more options to Blackberry




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *