by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : February 2015
FocusOn: Mobile 2 February 2015 FCW.COM “These are different devices and we need to take a fundamentally different approach to security,” Coapstick said. “Trust is fundamentally changed with mobile. It’s not just can we trust the device, but can we trust the data on the device. These are some of the questions that are becoming part of the dialogue.” Narrowing the options Many agencies have streamlined the process of approv- ing and purchasing mobile devices so that they are able to put up-to-date technology in the hands of their users. For example, the Defense Department’s Defense Information Services Agency is now publishing Security Requirement Guides for smartphones and tablets, and then letting manufacturers develop a Security Technical Implementation Guide (STIG) for their device as they develop it, submitting a self-certification back to DISA for final approval. Previously, DISA would develop its own STIG for each newly released product, which often took so long that devices were obsolete by the time they were approved for use on DOD networks. “The problem you had before was demonstrated by the Dell Streak,” Suder explained, referring to the tablet that was the first Android device approved by DISA back in 2011. “It took so long to get the Dell Streak certified that by the time it was certified, a week later Dell dis- continued the Streak.” With its new streamlined process, DISA has approved several mobile phones, including various Apple iPhones and Samsung Galaxy devices with the Knox security add- on. DISA also has approved five Apple iPad tablets and five Samsung tablets. Two operating systems have been approved by DOD’s Mobile Program Management Office: Apple iOS and Android. When DISA switched to having vendors write their own STIG, “the turnaround time went from a year to more like three months,” said Adam Salerno, manager of federal accounts with Veris Group. “It’s definitely a boon to getting more devices out there.” Salerno said the old DISA approach was a “very thor- ough but very time-consuming process. All the work was probably going to one program office that had very lim- ited resources.... They were able to offload that onto the vendor to do a lot of heavy lifting.” DISA’s goal is to have mobile devices approved for use on DOD networks at the same time that these devices are brought to the commercial marketplace. Suder said DISA’s new device approval process “is defi- nitely better over the last 18 months or so. But it is not all the way there. They still need to do a better job with mobile device management.” And it’s important for federal agencies to deploy mobile platforms rapidly and not allow themselves to get two or three generations behind. “With cybersecurity these days and zero day vulnerabili- ties...it actually behooves you to get on the newest stuff as soon as possible,” Salerno said. And because commercial providers often aren’t willing or able to provide agencies with older, already-approved devices on a large scale, “you are almost forced to make it work on the newer stuff.” The situation at DISA — which declares itself device agnostic, but has largely settled on Apple and Samsung for mobile — reflects a similar trend across government. “We are seeing strides [toward standardization], and we see many more Samsung deployments than any other Android because of that,” Salerno explained. “But even then, those devices ship with different versions and apps depending on the carrier.” The FBI, for example, is standardizing on Samsung Gal- axy devices with its Knox security add-on. In July 2014, the FBI purchased 26,500 licenses for Samsung’s Knox 2.0 software, which allows users to seamlessly switch from work to personal modes on their smartphones. Samsung is replacing aging BlackBerry smartphones at the law enforcement agency. David Rubin, the mobility lead for the Justice Depart- ment, said in January that the FBI has nearly 30,000 of Samsung’s Android-based devices deployed at 56 field offices. He told the crowd at an AFCEA event that the FBI used the Knox containerization technology to pro- file applications and to encrypt agency communications. The FBI uses the Samsung devices for unclassified com- munications only, but would like to eventually connect to classified networks using these devices, Rubin said. One reason that the FBI replaced its BlackBerry devices with Samsung is that it wanted a more commonly used device in the hands of its employees to provide anonym- ity on the job. “Walking around with a BlackBerry almost pigeon- holes you as working for the U.S. government,” Suder said. “Overseas, it’s a telling sign. It’s almost a physical security issue.” Management platforms proliferate Device selection alone does not guarantee security, of course. The applications loaded onto the device are also a critical concern. (One recent study of mobile devices that connected to the networks of a major federal agency found that 29 percent of the devices had encountered mobile malware.) More agencies are therefore deploy- 0215fcw_010a-010c.indd 2 1/28/15 2:42 PM
March 15, 2015