DHS to unveil mobile security reference architecture
The agency is looking to address BYOD and mobile security in upcoming framework.
As federal agencies get more comfortable in their transition to a more mobile landscape, discussions will revolve around more about securing actual data rather than devices and how the concept of “bring your own device” fits into the architecture.
“BYOD is the epitome of securing the data and not the device,” said Rick Holgate, CIO at the Bureau of Alcohol, Tobacco and Firearms. “It’s inherently a model which in which I’m not worrying about what’s going on with the device because it’s someone else’s device and I’m not going to take control of the whole device but I am going to try deliver enterprise data securely on that platform.”
Holgate spoke at a June 4 panel at the Management of Change conference, along with Will Randolph, chief of the acquisition office at the Immigration and Customs Enforcement at the Homeland Security Department, and Greg Shipley, vice president of architecture and engineering at InQTel.
One of the challenges ATF now has is to look at different mobility and BYOD pilots and create close to a holistic approach, “something that looks like a reference model for use across federal agencies,” Holgate said.
DHS’ cybersecurity staff has been working on multiple reference architectures and is close to releasing a mobile security reference architecture that will address questions on how to secure mobile devices and other issues around BYOD architecture. That effort somewhat mirrors what the newly announced digital strategy is trying to do around mobility for civilian agencies, Holgate said
“Civilian agencies generally do things slightly differently, and DHS kind of has that cybersecurity role for civilian agencies so the DHS reference architecture is really aimed at civilian agencies,” Holgate said. “I know DOD is also looking at the same kinds of considerations but I’m not sure quite how in line they are with some of the work DHS is doing.”
MOC is organized by the American Council for Technology /Industry Advisory Council and is held in Cambridge, Md., June 3 to 5.