Samsung's impending deal with US Navy signals new era for mobile security

Samsung is close to inking a deal with the FBI and the U.S. Navy for mobile devices --placing a foot into the door that was previously blocked by BlackBerry (formerly Research in Motion).


Samsung is close to inking a deal with the FBI and the U.S. Navy for mobile devices --placing a foot into the door that was previously blocked by BlackBerry (formerly Research in Motion).

The news comes according to a report in The Wall Street Journal, citing sources familiar with the matter. According to the report, Samsung is negotiating a large deal with the FBI for devices, and hopes to land a smaller deal with the U.S. Navy. Terms of those deal proposals were not disclosed, but it's still a step forward. It's also evidence that Samsung wasted no time in attempting to gain some traction with the government since the Galaxy S2, S3, and S4, as well as the Galaxy Note, and Galaxy Note II were FIPS certified in April.

Samsung isn't the only vendor that's available to replace BlackBerry as a device vendor. Last October the Pentagon said that they were planning to open the doors and allow other device makers a chance to bid for business.

The announcement was a blow to BlackBerry. The Pentagon's plans hit BlackBerry after weeks of bad press, setbacks, and lackluster support for their software and devices. The Pentagon's announcement was then followed by one from the U.S. Immigration and Customs Enforcement that they were replacing their BlackBerry devices with iPhones.

Once of the reasons cited by the Pentagon's move to open its doors to other device manufacturers was the need to support and use "new and innovative applications" in the military's evolving requirements. At the time, a spokesperson for the Defense Information Systems Agency said that while BlackBerry wasn't out of the picture, the DISA's planned mobile management capability that "will support a variety of mobility devices."

During an interview with CSO Online, David Goldschlag, the CEO of MobileSpaces -- a startup that focuses on securing both private and public apps on mobile devices, said the recent news is a good indicator that Apple and Google are meeting the security bar that BlackBerry set early on with IT administrators.

In addition, he added, since Google and Apple are both working to bake government-grade security into their products, this helps IT remain comfortable "with the use of these consumer-first devices in the enterprise."

"The mobile world has shifted from being email oriented to a more app centric user experience. With that comes increasing IT requirements for data protection against leakage and loss, because richer corporate data now resides on the mobile device that is of higher value and of higher risk than just email," Goldschlag explained.

Earlier this year, a report sponsored by EMC, VMware, Cisco, and Carahsoft, singled out the fact that US government employees were using personal devices for work and play and pointed to the potential increased risk these agencies faced.

Moreover, 85 percent of the respondents admitted to downloading apps to their smartphone or tablet (the same one used for work in the Federal space), that exposed the device and the data held on it to a larger degree of risk than if there was a clear separation of usage. This separation, which clearly defines apps for work and play, and keeps the device from crossing over between the two, is part of what Samsung is offering.

Samsung is pushing a solution called KNOX when they make their bid for secure mobile devices. It sits on top of a hardened install of Android, and includes an app container that will enable administrators to split personal apps and data off from the confidential data and business apps. In addition to the separation that comes from the app container, the KNOX file system leverages AES-256 to ensure that the files stored on it are protected, and there's the ability to use the per-app VPN client.

Samsung's offering is a progressive step forward when comparing mobile security these days with what existed a decade ago. However, when it comes to mobile security overall, its level of maturity is still lacking when compared to desktops and servers. So what are administrators looking for?

CSO asked that question of Swarna Podila, the Senior Manager for the Enterprise Mobility Group at Symantec.

"From a high level, there are really two approaches to keeping business data on mobile devices secure. The first is protecting data at the device level and the second is protecting it at the app level. Protecting it at the device level -- via tools such as MDM -- is great for IT, but also results in a heavy footprint on devices, which can fly in the face of the hoped for user benefits of mobility, such as increased productivity and greater work flexibility," she said during an interview.

A key alternative to this, Podila added, is protecting data from an app level. Traditionally, this has been done with sandboxing (which is part of Samsung's KNOX, and a key provision for other solutions), and that worked out fine when mobile apps for business were limited to email.

"However, as organizations rely more and more on mobility, this approach falls short. Any corporate app that needs protection has to be built in or modified to fit into the sandbox. With the diversity of apps available, this approach is very limiting and even the earl proponents of this technology are moving on to other strategies," Podila said.

Those other strategies include mobile application management, which as Symantec's expert explained, addresses the limitations of sandboxes while still meeting corporate security needs. MAM technology allows companies to wrap their corporate apps and the data tied to them in their own security and management layers.

Another crossover displayed by Samsung, Apple, and Google's development of secure mobile enhancements is that it gives enterprises the chance to leverage government-grade security. According to some experts however, that might not be needed, if it's even possible at all.

"Actually, implementing government-level security for mobile devices in the enterprise might not be all that relevant. The key objective for most enterprises is to enable their mobile users with the right productivity tools without compromising information security. However, government agencies on the other hand must have a greater focus on security and compliance by necessity, given the level of sensitivity surrounding their data," Podila told CSO.

The point being that government-grade security may be a bit too-heavy handed for most enterprise operations.

"Recommended For You"

Government meets mobile giants to help tackle smartphone theft Round-up: Top IT deals of the week