Security issues that concern DoD include the large memory capacities of some of the new mobile devices and users' lack of knowledge about how smartphones and tablets work and how they can be compromised.
"Because of the pervasiveness of the [mobile computing] market, everyone has one, everyone wants one, but we often don't look at how the device works – we take it home and start loading pictures on it. We do want this innovation in the Department of Defense so we don't want to say no, but we want to do it safely and securely", said Robert E. Young, division chief of outreach and communications for the Defense-wide Information Assurance Program.
The department is evaluating how personnel are using the devices, whether they are using smartphones to check email or tablets to read memorandums or policies. As part of this effort, DoD is taking a cohesive approach to adopting mobile technology, he related.
"We have a Commercial Mobile Device Working Group and we take best practices from DARPA [Defense Advanced Research Projects Agency], IARPA [Intelligence Advanced Research Projects Activity] and from our intelligence community partners" and share information, Young said. The working group includes representatives from the Army, Navy, Air Force, Coast Guard, FBI, and CIA.
The department is also working with DARPA and the Army on pilot programs for using mobile computing devices while also protecting information.
"Is the data at risk; is it encrypted while it's being worked on? If you lose a device physically what are you going to do? The issue is that we have to make sure the apps are safe and secure. We can't just throw them on and then try to figure out what they do after the fact", Young noted.
It's important for a mobile device manager to have insight into all the devices on the enterprise. Such a manager must be "device agnostic" and be able to keep track of devices made by any commercial producer that is touching DOD's information network, Young concluded.