In the private and public sectors, enterprise IT managers have had various degrees of success in managing the security risks of off-the-shelf mobile devices on their networks. For the CIO of the United States Army, the problem of maintaining network security in an environment that includes commercial mobile devices (CMDs) is of special importance.
After testing Apple iOs and Android-powered CMDs in the field and administrative offices, the Army Vice-Chief of Staff directed the Army CIO to begin to procure them in 2009 to replace some more costly dedicated hardware and software devices. Recently, the Inspector General’s Office examined how well the Army has been doing at tracking, configuring and maintaining the security of mobile devices on its networks.
The auditors limited themselves to devices running Apple iOs, Android and Windows Mobile OS and visited sites at United States Military Academy, Army Corps of Engineers and the Army Engineer Research and Development Center.
They found that the Army’s CIO “did not implement an effective cybersecurity program for CMDs” and that the CIO did not “appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army.”
Army Mobile Device Management Audits
The auditors concluded that the sites they visited were not using mobile device management to consistently configure devices to protect stored information and that none of them had the capacity to wipe data stores on CMDs that were lost or stolen. Further the auditors concluded that CIOs at USMA and the Army Corps of Engineers Research Center were “allowed to store sensitive data on CMDs that acted as removable storage devices.” The CIOs at these facilities did not offer any training on securing the devices or have users sign any agreements.
The auditors concluded that the deficiencies occurred because the Army CIO “did not develop a clear and comprehensive policy for mobile device management” and “inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information.” Read the Inspector General’s full report here.
In other words, no integrated system was in place to help CIOs of the various commands to discover, audit and proactively, consistently manage and secure mobile devices. A tool like Kaseya’s Mobile Device Management is a great place to start.