U.S. government IT organizations have taken on the challenge of determining the safest, most appropriate way to deploy modern smartphones to information workers, warfighters and others while maintaining information security.
While federal government workers would like to take advantage of the consumer-oriented smart gadgets they have for private use, there are substantial information assurance concerns regarding Bring Your Own Device initiatives, especially authentication, authorization, accounting and auditing (the "4As").
Central to the question is the perceived security threat that devices on the edge represent. For this reason and others, the Assured Mobile Environment (AME) by Motorola Solutions takes a "security from the start" approach that relies on a combination of hardware and software to lock down devices before the operating system boot-up process.
AME aids in the "4A" challenge by providing a tamper-resistant repository of information that resides on each device, which can be audited and managed quite easily using a variety of widely available configuration, directory, and device management tools. The holistic solution takes an OEM- and air-interface-agnostic approach that provides federal government end users with the highest degree of security available under the non-Controlled Cryptographic Item (CCI) classification. AME devices are dual-bootable to either "Black" (secured) or "Red" (unsecured) using on-board client software.
Central to the AME solution is the Motorola Solutions CRYPTR micro encryption module, which combines hardware-based encryption and key management in a microSD™ form factor that supports both Federal Information Processing Standard (FIPS) 140-2 Level 3 and Full NSA Suite B Cipher Suites.
Devices are pre-provisioned with the CRYPTR micro, which supports encryption and key management. It also provides a secure credential store and hardware-based random number generation (RNG) and key management Facility (KMF), similar to those used in keyed/encrypted radio systems today.
As AME is not considered CCI and is available on Commercial Off-the-Shelf (COTS) platforms, it is reasonable to assume distribution and widespread adoption might be more readily accomplished across interested U.S. government agencies. Although any device with the AME solution will be "locked down" and secure by design, there is a role for Mobile Device Management (MDM) software that enables IT departments to perform over the air (OTA) updates and management. MDM also can remotely disable a device’s camera and IR ports, "wipe" it to factory state, or render it inoperable.
The AME solution can work with best of breed device management solutions that IT departments might already use to manage their heterogeneous enterprise device deployments.
As the BYOD trend gathers steam, governments will continue to seek new ways to keep communications moving swiftly and securely across a growing array of devices and platforms. With this ongoing "consumerization" of IT, we can expect to see a continuing evolution of software and hardware options to let the expansion continue, safely.
Randy Siegel is the director of Business Development, Mobile Computing, for Motorola Solutions' Federal Government Division. Siegel is also chairman of the Tactical and Wearable Mobile Steering Committee of AFCEA-DC under the Defense and National Security Mobile Working Group.
Thank you for useful article.
I believe that now more than ever the mobile technology needs the cloud encryption technology, as the matter of fact I believe that this form of encryption would solve the security problem for so many enterprises. I am now soo curious to see what the future has to bring.
An article was very useful. Thank you.
Very useful information. I was very pleased. Thanks