By David Goldschlag
executive vice president of corporate strategy & technology for Trust Digital
Even before President Obama was inaugurated, there was a great deal of speculation about whether our first “connected” President would be allowed to keep his BlackBerry or whether security concerns and the Presidential “bubble” would take it away.
The government’s decision allowing President Obama to continue to use his BlackBerry demonstrates that the government appreciates both the value of a smartphone to its owner and the smartphone’s security risks, and found a way to mitigate the risks. Government IT sets a good model on how IT can better serve personnel they support, and in this case it is the Commander-in-Chief.
So what are the smartphone security risks? Bloggers, such as Marc Ambinder, were quick to report that Presidential use of the BlackBerry was secured by the National Security Agency adding a “super-encryption” package to his smartphone.
Other articles suggested the President would use a specialized dual-mode unclassified/classified device in addition to his smartphone. Regardless of President Obama’s exact method for staying connected, the larger story is that smartphones introduce a broad set of risks – some that are laptop-like – including: data compromise if the smartphone is lost, malware from viruses, emails and applications, and SPAM.
New risks are associated with the very personal and always-present/always-on/always-connected nature of the smartphone: location tracking (through the wireless carrier and GPS), surreptitious recording using the camera and microphone, and malware through SMS/text messaging and Bluetooth.
While President Obama’s smartphone of choice was the BlackBerry, more and more federal workers want consumer devices such as Apple’s iPhone to leverage the Internet and other applications beyond email. In October, Jordy Yager of The Hill reported that the House of Representatives' chief administrative officer, who oversees the communication needs of the House, was investigating the use of the iPhone.
The driver behind this effort was workers' demand for the iPhone. New blockbuster devices such as the Palm Pre and Google Android will further increase the pressure for more device choice and more mobile applications.
Of course, giving users device choice creates some implementation headaches for IT. IT needs more knowledge and guidance about how to mitigate risks. To address this situation, the Defense Information Systems Agency has published Security Technical Implementation Guides (STIGs) for BlackBerry and non-BlackBerry devices.
These documents provide guidelines for the deployment, configuration and operation of smartphones and their management systems. In both DoD and civilian agencies, these STIG documents offer best security practices and help take the guesswork out of mobilizing email and other applications.
Regardless of what personnel an IT group is supporting – be it a public or private enterprise – by considering DISA STIG best practice, IT can empower workers with: smartphone device choice, allow smartphones to access current email and applications through their existing communications infrastructure, and mitigate the old and new risks associated with smartphones.
By layering DoD approved security and management software on top of commercially available smartphones, including Windows Mobile and BlackBerry, workers can use the mobile smartphone of their choice to access sensitive information and applications. Trust Digital is the only mobility management platform tested and approved to secure Microsoft Windows Mobile and Exchange solutions per the updated DISA STIG.