Report notes worrying lack of mobile security in US Army
A report from the Inspector General of the United States Department of Defense has revealed a worrying lack of knowledge regarding personal device policy in the US Army.
The report, released at the end of last month, uncovered alarming practice in the military – the most damning statistic being that the Army CIO was unaware of more than 14,000 mobiles used throughout the army.
Other trends noted in the report included the revelation that the US Department of Defence were not able to wipe devices that had been lost or stolen, that they didn’t ensure users signed agreements and were trained properly before using personal devices, and that mobiles were not secured to protect particular information.
The result, of course, was a heightened risk of being attacked and sensitive data leaked. “The Army chief information officer did not implement an effective cybersecurity program,” the report notes.
Perhaps unsurprisingly, the recommendations from the Inspector General to the Army CIO were to, well, be a bit safer – or as they put it, “develop clear and comprehensive policy to include requirements for reporting and tracking all commercial mobile devices”.
Despite this, how can this report be beneficial in a wider enterprise sense? Beth Jones, writing for the Sophos Naked Security blog, cited data loss as the most evident takeaway, and the biggest disaster for CIOs.
“What crook wouldn’t have loved to have gotten a hold of two databases full of juicy personal information of agency employees, contractors and possibly informants?” Jones wrote.
Last month the Cloud Security Alliance released ‘the notorious nine’ cloud security threats, with data breaches and data loss comprising the top two fears.
Consequently, Sophos came up with seven steps to sorting out a BYOD security plan:
- Identify the risk elements that BYOD introduces
- Form a committee to embrace BYOD and understand the risks – including business and IT stakeholders
- Decide how to enforce policies for any and all devices – a policy needs to be all-pervasive and factor laptops, smartphones and tablets
- Build a project plan to include these capabilities – these include remote device management, application control, policy compliance, wiping devices when retired and augmenting cloud storage security among others
- Evaluate solutions
- Implement solutions
- Periodically reassess solutions
Symantec looked at exactly the same question back in February via an infographic, and came up with other aspects, such as analysing existing policies and regulatory frameworks, and determining educational policies.
Enterprise AppsTech has examined mobilising the armed forces in the past; Kevin Deal, VP Aerospace and Defence at IFS North America, examined the role apps can play in defence strategy.
The full army report can be read here.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.