Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mobile security lessons from Treasury

Hamish Barwick | May 28, 2014
Managing a fleet of iPhones that used containerisation to separate The Treasury data from employees' personal information has been a journey of mistakes and lessons for CIO Peter Alexander.

Managing a fleet of iPhones that used containerisation to separate The Treasury data from employees' personal information has been a journey of mistakes and lessons for CIO Peter Alexander.

Speaking at Gartner's IT infrastructure operations and data centre summit in Sydney recently, Alexander told delegates that the government organisation moved from an ageing fleet of BlackBerries after the Australian Signals Directorate (ASD) approved the iOS operating system for use by government departments, which use protected networks in March 2013.

"We, like every other government agency, were on BlackBerries. BlackBerry had a really nice solution that was awesome for its time — unfortunately its time ended four years ago [in 2010] and we should have replaced it but we didn't," he said.

This was because in 2010 there was "nothing else at the time" and the only devices that were rated for protected content within federal government agencies were BlackBerries, Alexander said.

After the ASD approved mobile device management (MDM) vendor Good Technology to protect iPhones and iPads used by government employees, The Treasury was able to start providing government issued iPhones to staff members.

"Good run a containerisation model that separates government data. We moved them [users] into the corporate owned personally enabled [COPE] model. Rather than bring your own device [BYOD], we gave people iPhones and allowed them to have their own iTunes account and iOS apps," said Alexander.

The Treasury installed its own apps, including Good MDM, on the iPhones so that it could control sensitive data.

According to Alexander, the Good MDM was "working really well", but it started running into some issues with ASD's smartphone security requirements.

"ASD's guidance said that we had to [securely] harden the iPhone to use protective content. We were running Good without hardening the iPhone because we felt that the container was good enough," he said.

However, The Treasury ran into a smartphone security issue that Alexander referred to as the "onion theory".

The theory likens a smartphone's security to peeling back an onion. For example, if the phone's hardware is weak, anything on it such as the operating system (OS) can be compromised.

"We had to harden the iPhones and once you do that, you don't need an [MDM] container anymore," Alexander said.

The Treasury moved from Good Technology to AirWatch's MDM solution in May 2013.

According to Alexander, it chose AirWatch because the vendor could secure all of the iPhone's data without using a container.

In addition, the IT department could use Apple's native mail service to sync people's email from their iPhone to an iPad.

"Imagine the use case if your senior executive has been using their iPhone all day and then switches to their iPad to sync mail. If they had 500 emails to sync, it almost invariably crashes. It's not the end of the world as you can restart the phone. When you have intolerant executives, that doesn't work well."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.