Advertisement

You will be redirected to the page you want to view in  seconds.

Secure data, not the device

Apr. 22, 2014 - 06:00AM   |  
By ED HAMMERSLA   |   Comments
Ed Hammerlsa
Ed Hammerlsa ()

Earlier this year, Federal Times reported the Air Force was seeking better ways to secure smartphones and tablets without diminishing performance. It has set aside $24 million through fiscal 2018 to seek whitepapers from vendors to help determine whatís needed, indicating that commercial mobile devices with standard configurations ďare not secure enough for government use.Ē Among technologies under consideration are mobile device management (MDM) solutions.

In addition to other capabilities, MDM solutions can wipe a device of data remotely if itís compromised. Thus, the device itself is rendered harmless.

However, these solutions will fall woefully short of requirements. MDM can protect the device. It canít protect classified, sensitive data on the device. Any compromise at the operating system level will blow apart the data.

There are other issues, too: MDM is mislabeled as a security tool, but itís really about device optimization. It works fine as a baseline, but additional tiers of safeguards are needed to ensure risk reduction for critical data.

Security concerns abound: Mobile malware attacks have increased by 185 percent in a year, from 14,000 to 40,000, according to the Government Accountability Office. Employee-owned devices further complicate things, requiring ďnew approaches to continuously monitor and manage devices and secure the data itself,Ē the strategy states.

Why? Think of pure logistics. Bring-your-own-device users are constantly replacing their gadgets. Many donít want to bother with constant security updates and procedures with every purchase. So they do the bare minimum, which is what MDM will provide.

So how do we advance beyond MDM, containerization, mobile hypervisors and dual persona devices without encumbering users with time-consuming, frustrating processes? By investing in virtualized solutions.

For years, Virtual Desktop Infrastructure (VDI) software has separated the desktop environment and apps from the client used to access it. Users have access to all of their data and apps, which reside securely in the cloud as opposed to the desktop. If the userís desktop product is lost or stolen, critical or sensitive data is not compromised. VDI is quickly gaining in deployment, as Gartner estimates virtual desktops account for 40 percent of the entire PC market.

It would be logical to extend VDI technologies to whatís called Virtual Mobile Infrastructure (VMI). VMI takes advantage of virtualization and secure redisplay technology to extend access to even the most sensitive information from a commodity device without increasing risk. Users call up cloud and enterprise apps on the same device, but the data never exists on the device. This means, hypothetically speaking, that a war fighterís smartphone could be infected with a dozen viruses and it simply wonít matter. The data encounters no threat because it resides in the cloud.

So for practical, user-intended purposes, what does this mean? Envision a scenario in which an elite DoD intelligence operative is on a mission to track down a potential terrorism suspect in the Middle East.

He has an address and wants to call up a map. With VMI, he wonít have to download a map app every single time this happens because itís on the device, therefore saving time when every second counts.

If he wants to know more about the suspect and/or the specific address, say, from an analyst in Washington, Ė such as the suspectís associates, prior known history, activity at the address, etc. Ė that information will be sent to him from within the protected, virtualized environment.

Best of all, VMI doesnít replace MDM, nor does it depend on any one particular MDM solution. Instead, itís a way to add value to the federal mobility management ecosystem.

Ultimately, allocating major dollars to innovations that seek to protect a mobile device will always fall short. A device, after all, is simply a piece of hardware. Missions succeed ó or fail ó based on whatís displayed on the device. That, of course, is data. With VMI, youíll go much further in protecting this precious commodity than you ever will with MDM alone.■

Ed Hammersla is managing director of Raytheon Cyber Products.

More In Mobility