While secure voice and text are a must-have for any mobile user, the bar rests much higher for government users. Entrusted with a range of sensitive materials that go to the very heart of civic welfare, government employees with access to classified, and even unclassified, information must be certain that there’s high level security in their mobile communications.
Government regulations enforce mandatory certifications to ensure that U.S. civil government workers use encryption. FISMA and HIPPA requirements, for example, force agencies to implement strong security protections, including mobile device management solutions. At the same time, government mobility managers find themselves subject to many of the same perils as their corporate counterparts, such as a lack of centralized control and inadequate security training. News reports have made much of lost devices as well. The laptop left on the train or smartphone taken from the car are not trivial incidents by any means. Government mobility planners have actively searched for simple yet effective safeguards.
In an effort to secure mobile networks in the face of these threats, encryption has proven a vital component, according to Garrett Bekker, senior analyst of enterprise security at 451 Research. While many enterprises have implemented security solutions, “the threat of mobile communication exploits and concerns about government surveillance suggest the need to encrypt potentially sensitive voice and SMS traffic as well,” Bekker said in a press release.
Merging Diverse Tools
To understand encryption’s role for secure voice and text in the context of government regulation, it’s worth looking at some of the particular vulnerabilities facing mobility today. In the mobile realm, attacks can come from a number of vectors. In addition to the risk of a lost device, some of the highest threat levels come from apps downloaded from insecure sources. Denial-of-service attacks are a persistent threat, as are assaults that aim to shut down devices entirely. A range of remedies have emerged, including encryption, as a way to combat these risks.
Some software solutions operate through hardware isolation mechanisms that separate voice and message processing from the standard, general-purpose operating system. This segregation ensures security through all-important encryption, as well as through hardware-anchored authentication and key management. It provides peer-to-peer authentication to protect against man-in-the-middle attacks. One such example is KoolSpan’s TrustCall, which partnered with Samsung to create multilayered security across hardware and applications. Specifically, the solution incorporates Samsung KNOX, a tool that securely separates personal and professional activities on a device using containerizationsmartph. This solution has drawn federal support: The FBI has deployed tens of thousands of KNOX-enabled devices, while the Defense Information Systems Agency has also begun implementing the tool.
Tight Encryption
Similar approaches have yielded positive results. An example is the introduction of a dedicated SMS gateway capable of dual-channel — data/Wi-Fi® and a patent-pending failover — communication. In this scenario, too, encryption plays a role. CellTrust COMMAND, for instance, brings military grade 256-bit AES encryption to its systems, generating a level of security far higher than one would find in commercial devices. This falls right in line with the government’s own high-level recommendations on mobility.
“Since smartphones and tablets are primarily consumer devices, additional tools are required to support corporate/government use,” according to a 2013 CIO Council report.
In addition to encryption and similar safeguards, government planners also must find solutions that meet the stringent regulatory framework for mobile security. Their fixes must be FISMA/FIPS 140-2 certifiable to provide government with a high level of security, redundancy and traceability. This is especially important for mission critical, sensitive and private mobile communication associated with covert, interagency and emergency operations. Even as they work to meet that mark, mobility planners in government also find themselves in need of high-level administrative tools, or controls that allow them to set rules and limits on use and even manage devices remotely when needed. Here again one can see the potential power of expert partnerships; alongside Samsung, CellTrust created user-friendly web-based interactive portals to give administrators the ability to manage remote wiping, inactivity timeouts and life-span control for messages residing on Samsung devices.
Government mobility managers are finding themselves under constant pressure to secure voice and text communications for regulatory purposes. The smarter our phones get, the more that sensitive data becomes potentially vulnerable. At the same time, a range of emerging new tools, driven by strategic partnerships among expert vendors, is making security more achievable every day.
Visit our solutions page to learn more about Samsung’s highly secure mobile solutions for government.
