in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Apple BYOD Protection: Pentagon Clears Apple Devices for Use In DOD Network

Many media outlets are reporting that the US Department of Defense (DOD) has finally approved the use of Apple devices on its network.  I see plenty of comments like, "Great, prepare for malware to spread in our country's military networks because some government worker decided to download the wrong game" or some nonsense.

Yeah, BYOD, or Bring Your Own Device, introduces risks.  That's why you need to have the appropriate infrastructure to support BYOD, including the use of MDM (mobile device management) solutions for smartphones and tablets like AlertBoot Mobile Security.

It also helps if your BYOD project is not actually a BYOD project.

Apple Devices are STIG-tastic

Defense.gov reports that:
The release of the Apple iOS 6 STIG is a major stride in building a multivendor environment, supporting a diverse selection of devices and operating systems, DISA officials said. This STIG and the recently approved STIGs for the BlackBerry and Samsung Knox operating systems demonstrate DISA's commitment to validate a range of devices that meet DOD security standards so the best technology is available to achieve mission requirements, they added.
The STIG, or Security Technical Implementation Guide, is documentation designed to standardize security in the installation and maintenance of computer hardware and software, according to Wikipedia.

It Ain't BYOD If You Don't Bring It

What this all means is that Apple can now sell their devices to the military.  This does not mean that people can bring their own iPhones and connect them to the government network.  Also from defense.gov (my emphasis):
government-issued iOS6 mobile devices are approved for use when connecting to Defense Department networks within current mobility pilots or the future mobile device management framework
See how it says government-issued?  A further explanation by the same site (my emphasis):
Officials said the STIG does not allow personally acquired mobile devices to connect to DOD networks.
In other words, they'll give employees an iPhone. Or an Android phone (as long as it's a Samsung, I guess, or running KNOX).  Or perhaps even a Blackberry.  Basically, the DOD, which is already leveraging Blackberry devices for better productivity and communications, is now widening their options in terms of hardware (and possibly software).  

No BYOD here.  More like CYOD, Choose Your Own Device.

Fool Me Twice, Shame on Me

The capriciousness of the "here come the data breaches" comments are a little annoying.  Granted, the military once had a huge problem in their hands due to USB memory sticks, and ended banning all removable media devices on DOD machines.  However, I like to think that much has changed since 2008.  It seems quite obvious to me that the DOD would have learned something from the experience; they're most probably not approving Apple and Samsung devices without a good idea of what they're doing.

Getting Philosophical

Now, you might say, "hey, it's a matter of when, not if.  That's the nature of data breaches.  You can't really escape it; you can only be lucky enough not to be there anymore when it happens."  In other words, MDM, passwords, encryption, location tracking, etc. are all for naught; attempting to provide security is useless when you know it's going to eventually happen.

Well, that's also true when it comes to death.  The probability of you meeting your maker is 100% (in a manner of speaking), but mass suicides are severely lacking among the logical crowd.  Often times, engaging in the "impossible" is still worth doing regardless of the odds.

Related Articles and Sites:
http://www.bloomberg.com/news/2013-05-17/apple-mobile-devices-cleared-for-use-on-u-s-military-networks.html
http://www.defense.gov/news/newsarticle.aspx?id=120073

 

 
<Previous Next>

UK BYOD Security: 82% Of Biz Unaware Of Existing Data Protection Expenditures

Lawyers And Disk Encryption: ABA Model Rule 1.6 Confidentiality of Information And Recommendations

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.