Inspector General Questions Army’s Readiness to Securely Deploy Mobile Devices

BYOD in the Army

In the private and public sectors, enterprise IT managers have had various degrees of success in managing the security risks of off-the-shelf mobile devices on their networks. For the CIO of the United States Army, the problem of maintaining network security in an environment that includes commercial mobile devices (CMDs) is of special importance.

After testing Apple iOs and Android-powered CMDs in the field and administrative offices, the Army Vice-Chief of Staff directed the Army CIO to begin to procure them in 2009 to replace some more costly dedicated hardware and software devices. Recently, the Inspector General’s Office examined how well the Army has been doing at tracking, configuring and maintaining the security of mobile devices on its networks.

The auditors limited themselves to devices running Apple iOs, Android and Windows Mobile OS and visited sites at United States Military Academy, Army Corps of Engineers and the Army Engineer Research and Development Center.

They found that the Army’s CIO “did not implement an effective cybersecurity program for CMDs” and that the CIO did not “appropriately track CMDs and was unaware of more than 14,000 CMDs used throughout the Army.”

Army Mobile Device Management Audits

The auditors concluded that the sites they visited were not using mobile device management to consistently configure devices to protect stored information and that none of them had the capacity to wipe data stores on CMDs that were lost or stolen. Further the auditors concluded that CIOs at USMA and the Army Corps of Engineers Research Center were “allowed to store sensitive data on CMDs that acted as removable storage devices.” The CIOs at these facilities did not offer any training on securing the devices or have users sign any agreements.

The auditors concluded that the deficiencies occurred because the Army CIO “did not develop a clear and comprehensive policy for mobile device management” and “inappropriately concluded that CMDs were not connecting to Army networks and storing sensitive information.” Read the Inspector General’s full report here.

In other words, no integrated system was in place to help CIOs of the various commands to discover, audit and proactively, consistently manage and secure mobile devices. A tool like Kaseya’s Mobile Device Management is a great place to start.

Digital Security Lock

5 More Ways to Improve the Security of Your Business

October 17th, 2019

Small and midsize businesses (SMBs) have become a common target of cybercriminals, mainly because of their lack of resources andRead More

Top 5 terrifying cybersecurity trends to watch out for in 2020

Top 5 Terrifying Cybersecurity Trends to Watch Out for Going Into 2020

October 10th, 2019

Small and midsize businesses (SMBs) are constantly under cyber threats in this dark and scary digital world. Cybersecurity is aRead More

Digital lock security software suite

Leverage Two-Factor Authentication for Maximized Security

October 1st, 2019

Did you know that 81 percent of data breaches are due to weak or stolen passwords? Managing passwords is a struggle forRead More

Laptop with Backup on screen

Secure Your Backup with Multi-Factor Authentication

September 25th, 2019

Data is the heart of business for companies in today’s economy. Losing critical data can cause serious financial setbacks whichRead More

Connect IT Asia-Pacific - Don't Miss the Premier IT Management Event of the Year - Join Us in Sydney 1-3 October 2019 - Register Now

Posts

Archives

Categories

Tags

Automation Best Practices business success cybersecurity IT Automation IT Management IT systems management kaseya managed service providers managed services MSP msp 2.0 msp best practices MSP success MSP Tips patch management Security Systems Management Tips and Tricks VSA