Inspector General Questions Army’s Readiness to Securely Deploy Mobile Devices

BYOD in the Army

In the private and public sectors, enterprise IT managers have had various degrees of success in managing the security risks of off-the-shelf mobile devices on their networks. For the CIO of the United States Army, the problem of maintaining network security in an environment that includes commercial mobile devices (CMDs) is of special importance.

After testing Apple iOs and Android-powered CMDs in the field and administrative offices, the Army Vice-Chief of Staff directed the Army CIO to begin to procure them in 2009 to replace some more costly dedicated hardware and software devices. Recently, the Inspector General’s Office examined how well the Army has been doing at tracking, configuring and maintaining the security of mobile devices on its networks.

The auditors limited themselves to devices running Apple iOs, Android and Windows Mobile OS and visited sites at United States Military Academy, Army Corps of Engineers and the Army Engineer Research and Development Center.

They found that the Army’s CIO “did not implement an effective cybersecurity program for CMDs” and that the CIO did not “appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army.”

Army Mobile Device Management Audits

The auditors concluded that the sites they visited were not using mobile device management to consistently configure devices to protect stored information and that none of them had the capacity to wipe data stores on CMDs that were lost or stolen. Further the auditors concluded that CIOs at USMA and the Army Corps of Engineers Research Center were “allowed to store sensitive data on CMDs that acted as removable storage devices.” The CIOs at these facilities did not offer any training on securing the devices or have users sign any agreements.

The auditors concluded that the deficiencies occurred because the Army CIO “did not develop a clear and comprehensive policy for mobile device management” and “inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information.” Read the Inspector General’s full report here.

In other words, no integrated system was in place to help CIOs of the various commands to discover, audit and proactively, consistently manage and secure mobile devices. A tool like Kaseya’s Mobile Device Management is a great place to start.

security patch management

Reduce the Risk of Vulnerabilities by Automating Security Patch Management

Managing software updates is one of the challenging and resource-intensive tasks the IT team undertakes on a daily basis. It is alsoRead More

ROI of Omni IT

What’s the ROI of Omni IT?

According to Gartner, worldwide IT spending is projected to total $3.79 trillion in 2019, an increase of 1.1 percent fromRead More

Cloud Sourced IT Automation

Save Time with Crowd Sourced IT Automation

With ever-evolving businesses, IT professionals face several challenges such as maintaining critical system up-time along with complex system management. You constantly needRead More

Deliver Efficient IT Service

Deliver Efficient IT Service with Automation

Today’s companies depend on IT to achieve business objectives and gain a competitive advantage in the industry. Gartner’s 2018-2019 AnnualRead More

Connect IT Asia-Pacific - Don't Miss the Premier IT Management Event of the Year - Join Us in Sydney 1-3 October 2019 - Register Now

Archives

Categories