While mobile phones offer a reasonable level of day-to-day security, they also have some notable shortcomings. User agreements, for example, allow phone producers, telecom providers, application creators, third-party marketers and others to collect, track, aggregate and sell the data users generate with their phones. This means that every user is producing an ever-growing collection of data that such firms can gather and monetize.
Another major shortcoming was recently brought to light with Apple’s announcement that it will roll out a photo scanning technology that will allow it to detect and report known child sexual abuse material being uploaded to the cloud to law enforcement in a way that will preserve user privacy.
Although it’s hard to argue with Apple’s intent to help law enforcement, its new technology should prompt government users – particularly those in the defense, intelligence, law enforcement, emergency management and finance domains – to ask whether their own employees’ photos and other sensitive information is being stored in the cloud and scanned by big tech companies.
Unfortunately, it’s not a major leap to speculate that the majority of government personnel using Android phones are having their documents, photos and other information automatically stored to Google’s cloud. Most users, in fact, probably don’t even think about this because they accepted this feature when they first got their Android phone. When you consider that the data in photos includes meta-data that identifies both time and location, it’s very likely to conclude that some information being collected in those photos would allow foreign adversaries to learn sensitive or even classified information.
Obviously, unintentional collection of government information can have huge national security implications. Given the above scenario, though, what can government IT administrators do to control such features and make sure these “digital breadcrumbs” don’t fall into the wrong hands where they can provide detailed tracking of behavior patterns and whereabouts, data usage and other observations to build an enormously detailed profile?
One common solution to this problem is for government agencies to eliminate any consumer-grade devices entirely, equipping workers instead with custom-built government devices. This approach, however, has consistently failed, due in large part to the high cost attached to designing and supplying critical government employees with custom-built, highly secure devices and the lengthy design and implementation cycles which frequently render such devices obsolete upon release. Additionally, past trials with such customized devices typically have failed to take into account the user experience and, as a result, tend to be highly ineffective.
Beyond that, eliminating consumer-grade devices usually means that users are unable to access their favorite apps. Their response? Most begin carrying personal devices along with their government-issued phone, completely defeating the security promised by the government device. Government devices also are remarkable for standing out in a sea of consumer smartphones, making it relatively easy for foreign adversaries to identify government operatives.
Given the relative failure of the custom-built government phone experiment, many experts believe government agencies have little choice but to either completely prohibit workers from using mobile phones or simply accept the fact that security risks are likely to be present.
Neither of these options is tenable, however, particularly for those government employees who work in high-security settings. The ideal approach is to take the tool and modify it as needed, while maintaining the functionality and attributes that make it great in the first place. Specifically, government agencies need to actually control the device by:
Ensuring that “leaky” apps (such as Maps, Play Store, Facebook, Twitter, etc.) don’t communicate when you don’t want them to;
Providing verifiable control over access to device interfaces and location; and
Managing and controlling workers’ devices, including all containers (not just the work container) completely.
In short, there needs to be a balance between security and usability, which typically can be achieved via a geofenced policy-controlled setting which locks down all radios, cameras and microphones in the device and prevents their use anywhere near or inside designated facilities. Rather than excluding smartphones, a device using such a secure mode can be allowed in designated sites where it can connect to the internal wired network and still function as a useful computing tool.
Beyond secure settings, government IT administrators must contend with software updates made over the air. Traditionally, updates are pushed by the original equipment manufacturers without any advance customer notice or approval. With that in mind, the original smartphone operating system must be replaced with a custom-built, secure alternative which significantly increases the difficulty for foreign adversaries to control the platform.
To that end, government admins need a management server which allows them to control most aspects of the operating system, including update management and distribution. They must also be able to control the organization’s devices via centralized policy management. Doing so will enable new devices to be provisioned quickly by using a QR code that defines both the containers and the agency’s security policies. It will also delineate and distribute policy updates and deployments for all of the employees’ devices.
Properly executed, the management server allows government agencies and their workers to keep up with changing operational requirements without recalling user devices or requiring awkward procedures in the field. Perhaps more important, the server will enable the organization to monitor and control all devices being used, providing real-time visibility on device status, location, security posture and policy compliance.
Bottom line: government users have to be ever vigilant when it comes to smartphone security threats, even when those threats may be posed by well-meaning technological advancements, such as Apple’s efforts to crack down on child sexual abuse.
Dr. Bill Anderson is President of CIS Mobile. A subsidiary of CIS Secure Computing, CIS Mobile has a mission to address government needs for a modern, convenient and secure mobility platform.