Enabling the Safe Use of Employee Mobile Phones in Secure Facilities
Bastille and CIS Secure recently hosted a webinar, “Enabling the Safe Use of Employee Cell Phones in Secure Facilities.” You can watch a recording of the webinar here and we’ve summarized the highlights below.
Founded in 2014, Bastille is the leader in enterprise threat detection through software-defined radio. Bastille provides full visibility into the known and unknown mobile, wireless, and Internet of Things (IoT) devices inside an enterprise’s corporate airspace – together known as the Internet of Radios.
Through its patented software-defined radio and machine learning technology, Bastille senses, identifies and localizes threats, providing security teams the ability to accurately quantify risk and mitigate airborne threats that could pose a danger to network infrastructure.
Bastille uses physical devices, slightly larger than WiFi access points, to passively observe the entire radio space in a facility from 60 MHz to 6GHz. The system displays detailed data of all emitting devices, including real-time dots on your floorplan map. You can also roll back time to view where they have been.
Detection and Response to Ensure Compliance
Bastille’s visual representation also clearly shows which devices are authorized and which are not. To support your policies, Bastille enables detection as well as response, including automation of downstream responses via APIs. For example, you can geofence a room and be alerted if a cellular emitter enters that room. The system can then send an SMS to selected security personnel and connect to your camera system to pivot the camera to the area of interest.
Protecting the Safety of Government Workers and War Fighters
While Bastille can identify devices, CIS Secure ensures secure control of organizational mobile devices and the data on the devices.
Protecting the safety of government workers often conflicts with enabling their productive use of mobile devices. Mobile phones and other digital services generate detailed data about users. Such data can be used to uncover users’ identity and whereabouts or gain intelligence to subvert them, potentially putting them at great risk. Still, government employees require mobile access to data and apps while working in secure buildings, deployed on sensitive missions, or traveling overseas.
Governments have been faced with two choices: use Commercial Off the Shelf (COTS) mobile devices or custom-built government devices. The latter come with a high cost and long design and implementation cycles. Additionally, they often have a poor user experience and don’t provide access to popular apps, driving users to continue carrying personal devices – thus defeating the purpose of the gov device.
Which Organization is in Control?
Another solution has been COTS smartphones coupled with Mobile Device Management (MDM) systems. MDM does a good job ensuring basic hygiene, reducing risks from malware, and coping with lost or stolen devices.
Unfortunately, the organizations in control are still the OEM, the MDM, and the carrier, rather than the government entity. While an MDM can try to set things to “off,” the device will still send sensitive data out to the OEMs and ad tracking platforms, not to mention secretly turning on Wifi and Bluetooth to determine location. We’ll dive deeper into these limitations of MDM in our next blog.
With altOS Secure Mode, Off Means Off
CIS Secure’s altOS is a mobile platform for Android-based smartphones that enables the government to fully control the device, and not the other way around. altOS replaces the original unsecure operating system on the smartphone, and the altOS management server lets the customer manage those devices. The management server enables very fine-grained device controls, for example creating a secure work container with an always-on VPN and a set of pre-approved government work applications.
With altOS, users benefit from the Android experience, including the shallow learning curve, while organizations get the vital security they need.
Unlike MDM, altOS device management goes deep into all the device capabilities, including the ones the mobile phone industry doesn’t let you control. Government customers use altOS to stop involuntary data leakage back to the phone OEMs and 3rd party ad tracking networks, and puts you in control of all provisioning steps, application and device updates with its own over-the-air (OTA) update server. With altOS, “Off Means Off.”
One Device for All Missions
altOS users can have one smartphone for all missions, with a secure container for sensitive work and a personal container for their favorite apps. All containers, personal and work, are fully controlled by the government, ensuring policy adherence.
It’s occasionally fun to reflect on how much modern technology seemed like fantasy or even comedy in the past. Many of the gadgets used by James Bond, such as summoning a self-driving a car via smart watch, have been realities for years. And the two-in-one, secure government phone + personal use, extensible device is another such fascinating innovation.
Monitoring and Control of Devices in Secure Facilities
Secure facilities used to require workers and visitors to leave mobile phones in their car or lockers at the entrance. With altOS, users can check in at the guard station and verify their device is whitelisted and has the proper OS.
During check-in the guard uses the altOS Guard App to apply a facility policy to the altOS phone, such as keeping all modems, camera, and microphone off. With this secure transaction between workers’ and guards’ devices, you can ensure users aren’t able to drop out of secure mode while within the geofence. Government workers can bring these approved altOS phones into the building and use them as productivity tools without risk to sensitive information.
The combination of CIS Secure and Bastille solutions puts government facilities back at the forefront of productivity and innovation, without sacrificing security. The CIS Secure altOS mobility platform allows approved devices to enter the building, while Bastille’s sensor solution detects and locates any unapproved devices instantly.
You can watch the webinar to see a video demo of Bastille and altOS in action.
Connect with Bastille or CIS Secure to learn more.