Information is the powerful machine that propels Intelligence Community (IC). As such, the IC goes to great lengths to protect this most powerful asset. And, in the wake of the WikiLeaks scandal, clearly there is no room for human and technological error when it comes to having classified information being compromised.
At the recent AFCEA DC Conference, Debora Plunkett, head of National Security Agency’s (NSA) Information Assurance Directorate, discussed how the NSA will not be implementing any BYOD strategies on the grounds that individual components from mobile devices brought from home will have vulnerabilities.
Though the NSA is not abandoning mobility. Plunkett discussed how the agency is running a pilot program for both a classified and unclassified mobile devices. The intention is to have friendly and intuitive devices that operate much like an iPhone.
The NSA is not the only major defense- and intelligence-related organization to develop secured methods for embracing mobility. In March, the U.S. Army announced the launch of its Army Software Marketplace that will enable Army personnel to access apps on their smartphones and tablets. A key component in the Army’s effort is establishing and new submission and approval processes that are highly secured where Army members, organizations and third-party developers can release their own apps.
In addition, Plunkett also said that the NSA will not permit data to be downloaded onto devices in favor of having it live in virtualized environments. By not embracing BYOD, the agency is taking proactive steps that are necessary for the intelligence community.
But are there going to be performance issues as a result of the cloud? As highlighted in a previous post, many government agencies and branches of the military that we have met with have voiced some serious security concerns when it comes to the cloud. Simply “disconnecting” from the cloud when a device is lost is one solution, but to have a fully secure cloud is a whole different ball game.
Protecting information is critical for the IC and the challenge of avoiding the use of technologies that have vulnerabilities will always exist. By implementing the right policies, programs and technologies, the IC can continue to advance its mission though it will require an even more aggressive approach to security.