Cloud and BYOD Security Concerns Make Military and Intelligence Agencies Hesitate

Citing security issues, IT leaders at Department of Defense and National Security Agency warn that BYOD policies and public clouds are a long way from taking hold in environments rife with classified information.

By Kenneth Corbin
Tue, October 23, 2012

CIO — WASHINGTON -- If the shift to cloud computing and the adoption of BYOD policies seem like an inevitability in the corporate world, they are anything but in the military and intelligence communities.

In a panel discussion Tuesday at a government IT conference, Debora Plunkett, information assurance director at the National Security Agency, joked that she would break out into hives at the mere mention of the term "BYOD."

classified government information
But just as private-sector employees have been clamoring for authorization to bring their iPhones, Androids and other devices into the workplace, federal workers--including those who deal with classified information--have been voicing similar requests.

"We have a--not unexpected at all--a large client set who are just craving for the ability to do the things at work that they do at home. It's not rocket science," Plunkett said. "It's really happening across the corporate landscape. That's where it originated and there is a groundswell of interest and actual implementation in corporate America and the corporate world. And, not surprisingly, what has been proven successful in a corporate environment drives our requirements for the same capabilities in government."

BYOD Productivity Brings NSA Concerns

And she acknowledged that opening the doors to a new crop of ever-more sophisticated devices could translate into a more productive and efficient workforce, just as many private-sector CIOs have concluded.

"But what comes with those opportunities are some significant challenges, and I live in that space on a daily basis," Plunkett said. "It really starts with an understanding that there really are adversaries out there who have every intent to gain access to the secrets that we try to protect. And who have every intent of disrupting our ability to conduct the business of government. And who have every intent of reducing our confidence in the information that resides in the information systems that we trust. So our responsibility then is to raise that bar from a security perspective while still enabling the business of government to go on, and to go on in a way that allows us to use state-of-the-art technologies and tools and techniques, but being every mindful to the right of the adversary who is out there."

IT officials at the Pentagon are experiencing a similar friction.

"It's very simple: 'I want one device.' I don't think it's any more complicated than that," Robert Carey, principal deputy CIO at the Department of Defense, said of the growing demand for BYOD policies. "Balancing ease of use and security is always the dynamic. Security is the antithesis of convenience."

Continue Reading

Our Commenting Policies