
By JP Morgenthal | Article Rating: |
|
January 20, 2012 10:30 AM EST | Reads: |
6,270 |

In recent discussions with IT leaders from both federal and Department of Defense sides of US government, representatives stated that they are having a heck of a time accommodating expansive growth in mobile computing. This is critical given that today, in most cases, agencies and departments still have control over which mobile devices can be used. In the future, these executives realize that the changing demographics of contractors and employees means they will not only need to support continually growing traffic, multiple presentations and increased asset management, but will also have to deal with a wide spectrum of mobile devices due to Bring Your Own Device (BYOD).
This idea that these executives will one day soon have to loosen their grip over endpoints is a major concern. Contrary to belief it is not about power and supremacy over their domain. Most users have no concept of the level of complexity for managing access and availability of data and applications when there is no control over the endpoint; nor should they. While network security solutions have improved dramatically over the past decade, improper use of the tools and ever increasing abilities of hackers means that “locking the front door” isn’t good enough to solve this problem by itself.
One of the keys to solving this issue in a way that doesn’t alienate users, but also ensures confidentiality and security of government data is going to be segmentation. Segmentation is the act of distributing the data across multiple tiers from unclassified to compartmentalized and providing greater levels of restrictions on access at each layer. For example, unclassified information should be hosted in the public cloud with no permanent connections back to any data center housing higher classified documents. For Official Use Only (FOUO), Confidential, and Secret data should require minimum Virtual Private Network (VPN) connections for access. This means that the mobile devices must support the VPN protocols in use in order to establish a connection. Finally, Top Secret and above information should require on-premise wireless or wired support only combined with two-factor authentication, VPN and the ability to remove any data downloaded to the mobile device when the VPN connection is broken.
However, the biggest issue for government is going to be segmenting data that is either improperly classified or comprised of various levels of classifications. I was once part of a project where the requirements documents were improperly labeled FOUO, which raised many problems sharing them with foreign counterparts even though the project was developing a collaboration portal to work with foreign government officials through what was going to be a publicly hosted application. This is just one small instance of tens of millions within the government. Moreover, it seems more recent projects have seen serious disagreement among government IT employees and contractors as to what are the appropriate classification levels for certain pieces of data. In one of these cases a very junior security professional within the government was demanding aggregated publicly available information could not exist in a publicly hosted cloud.
I don’t relish these government IT executives position with regard to the growing mobile demand. BYOD is going to amplify this problem exponentially.
Read the original blog entry...
Published January 20, 2012 Reads 6,270
Copyright © 2012 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
More Stories By JP Morgenthal
JP Morgenthal is a veteran IT solutions executive and Distinguished Engineer with CSC. He has been delivering IT services to business leaders for the past 30 years and is a recognized thought-leader in applying emerging technology for business growth and innovation. JP's strengths center around transformation and modernization leveraging next generation platforms and technologies. He has held technical executive roles in multiple businesses including: CTO, Chief Architect and Founder/CEO. Areas of expertise for JP include strategy, architecture, application development, infrastructure and operations, cloud computing, DevOps, and integration. JP is a published author with four trade publications with his most recent being “Cloud Computing: Assessing the Risks”. JP holds both a Masters and Bachelors of Science in Computer Science from Hofstra University.
![]() Sep. 6, 2019 09:00 AM EDT |
By Zakia Bouachraoui ![]() Sep. 5, 2019 07:00 PM EDT |
By Zakia Bouachraoui ![]() Sep. 4, 2019 11:15 PM EDT |
By Zakia Bouachraoui ![]() Sep. 4, 2019 11:00 PM EDT Reads: 313 |
By Elizabeth White ![]() Jul. 1, 2019 07:30 AM EDT |
By Zakia Bouachraoui Jun. 27, 2019 08:00 AM EDT |
By Pat Romanski Jun. 24, 2019 06:00 AM EDT |
By Zakia Bouachraoui Jun. 17, 2019 01:00 PM EDT |
By Pat Romanski Jun. 15, 2019 08:15 PM EDT |
By Pat Romanski Jun. 15, 2019 01:00 PM EDT |