The Veterans Affairs Department is currently planning to deploy about 100,000 tablet computers. The computer request comes from the VA in a call for technical help and is the largest deployment in government history.
The department will deploy Apple iPads and tablets that run on the Android and Windows operating system. Both the Apple and Android systems do not comply with Federal Information Processing Standard 140-2.
According to Nextgov.com, VA Chief Information Officer Roger Baker earlier this year commissioned a study to “determine if the application programming interface list released by mobile vendors will be sufficient in mitigating the lack of FIPS 140-2 encryption on the device in the VA’s network environment.”
The VA said that project concludes that mobile device management will be able to provide security for tablets on the Apple operating system. Baker echoed the same idea, saying back in July of this year he would not make it mandatory for FIPS 140-2 to be used due to Apple owing a variety of software from multiple vendors who could securely connect its products with an enterprise network through mobile device management.
The department is relying on mobile device management to design, develop and test a private application store for VA applications for Apple devices. Application security is of concern to Rick Dakin, CEO and co-founder of Coalfire Systems, a Louisville, Colo.-based information technology risk assessment and auditing firm.
He spoke to Nextgov.com and said “that when encrypted data is transmitted, a key to decode that data is in the message header, leaving the information vulnerable to attack.” He added that many mobile device management systems do not handle key management.