(1) Are you properly authenticating a person, if you aren't, how do you know that the right person was given access/entitlements to the digital assets,
(2) Are you in control of the digital asset? If data goes outside of the organization's firewall, how do you ensure its integrity, and further, if you open up windows for the data to move outside of the firewall, are you creating additional vulnerabilities to your "fortress" for viruses/malware/other cyber attacks?
There must be a paradigm shift in the philosophy and methodology in which we approach cybersecurity; the Armed Forces and other branches of government must focus its cybersecurity efforts on Identity Management, Authentication and Data Entitlement.
In the interest of full disclosure, the company of which I am CEO, Route1, delivers a solution that adheres to this philosophy, and is currently deployed within the U.S. Navy, Department of Homeland Security, Department of the Interior, as well as the Department of Energy.
Route1’s solution is founded on assuring the identity of an individual, not a PC, tablet, smartphone or other device. True, multi-factor authentication provides an easy-to-use security methodology to authorize users. The MobiKEY device is the “something you have” and the user’s existing PIV, CAC or FRAC smartcard in the case of the MobiKEY Fusion device or the smartcard embedded with the MobiKEY device are also “something you have”. The password or pin, which is verified against both the smartcard and the MobiNET platform, is the “something you know”.
With a growing percentage of our workforce now "teleworking," as evidenced in the recent DoD efforts to comply with the Telework Enhancement Act of 2010, in addition to the growing trend of employees using personal devices at work, we cannot afford to turn a blind eye to this issue and its inherent risks. Today’s workforce is increasingly embracing mobile computing, and for the most part, this shift is a good thing.
However, when employees work from home or on the road, they most often use personal devices such as PC, laptop, tablet or smartphone over a public Internet connection, which means that sensitive data and information is not safe inside a firewall, but instead is quite vulnerable to a never-ending range of security breaches.
To truly ensure security, there can be no risk of cache, file transfer, middleware or footprint on a guest PC. Confidential data and information stored on personal devices, such as smartphones, tablets, laptops, and USB drives, is a liability waiting to happen and an open door for hackers, viruses or other external threats.
Our philosophy on data security is simple: “Protect the Fortress.” We are steadfast in our commitment to ensuring that all data and internal files remain within an organization’s confines, and are not exposed to unauthorized access or unnecessary risk.
Major General Stephen Smith should be applauded for his insight and efforts in protecting the U.S. Army’s digital assets.
Busseri is CEO of Route1, a security and identity management company that has current deployments with both the U.S. Navy and Department of Homeland Security.