You will be redirected to the page you want to view in  seconds.

Secure data, not the device

Apr. 22, 2014 - 06:00AM   |  
By ED HAMMERSLA   |   Comments
Ed Hammerlsa
Ed Hammerlsa ()

Earlier this year, Federal Times reported the Air Force was seeking better ways to secure smartphones and tablets without diminishing performance. It has set aside $24 million through fiscal 2018 to seek whitepapers from vendors to help determine what’s needed, indicating that commercial mobile devices with standard configurations “are not secure enough for government use.” Among technologies under consideration are mobile device management (MDM) solutions.

In addition to other capabilities, MDM solutions can wipe a device of data remotely if it’s compromised. Thus, the device itself is rendered harmless.

However, these solutions will fall woefully short of requirements. MDM can protect the device. It can’t protect classified, sensitive data on the device. Any compromise at the operating system level will blow apart the data.

There are other issues, too: MDM is mislabeled as a security tool, but it’s really about device optimization. It works fine as a baseline, but additional tiers of safeguards are needed to ensure risk reduction for critical data.

Security concerns abound: Mobile malware attacks have increased by 185 percent in a year, from 14,000 to 40,000, according to the Government Accountability Office. Employee-owned devices further complicate things, requiring “new approaches to continuously monitor and manage devices and secure the data itself,” the strategy states.

Why? Think of pure logistics. Bring-your-own-device users are constantly replacing their gadgets. Many don’t want to bother with constant security updates and procedures with every purchase. So they do the bare minimum, which is what MDM will provide.

So how do we advance beyond MDM, containerization, mobile hypervisors and dual persona devices without encumbering users with time-consuming, frustrating processes? By investing in virtualized solutions.

For years, Virtual Desktop Infrastructure (VDI) software has separated the desktop environment and apps from the client used to access it. Users have access to all of their data and apps, which reside securely in the cloud as opposed to the desktop. If the user’s desktop product is lost or stolen, critical or sensitive data is not compromised. VDI is quickly gaining in deployment, as Gartner estimates virtual desktops account for 40 percent of the entire PC market.

It would be logical to extend VDI technologies to what’s called Virtual Mobile Infrastructure (VMI). VMI takes advantage of virtualization and secure redisplay technology to extend access to even the most sensitive information from a commodity device without increasing risk. Users call up cloud and enterprise apps on the same device, but the data never exists on the device. This means, hypothetically speaking, that a war fighter’s smartphone could be infected with a dozen viruses and it simply won’t matter. The data encounters no threat because it resides in the cloud.

So for practical, user-intended purposes, what does this mean? Envision a scenario in which an elite DoD intelligence operative is on a mission to track down a potential terrorism suspect in the Middle East.

He has an address and wants to call up a map. With VMI, he won’t have to download a map app every single time this happens because it’s on the device, therefore saving time when every second counts.

If he wants to know more about the suspect and/or the specific address, say, from an analyst in Washington, – such as the suspect’s associates, prior known history, activity at the address, etc. – that information will be sent to him from within the protected, virtualized environment.

Best of all, VMI doesn’t replace MDM, nor does it depend on any one particular MDM solution. Instead, it’s a way to add value to the federal mobility management ecosystem.

Ultimately, allocating major dollars to innovations that seek to protect a mobile device will always fall short. A device, after all, is simply a piece of hardware. Missions succeed — or fail — based on what’s displayed on the device. That, of course, is data. With VMI, you’ll go much further in protecting this precious commodity than you ever will with MDM alone.■

Ed Hammersla is managing director of Raytheon Cyber Products.

More In Mobility