Security, device support, and applications development are tough issues that agency CIOs must address as they hurry to put smartphones and tablets into more employees' hands.
Six weeks after federal CIO Steven VanRoekel unveiled a national mobility strategy, the challenges of making it work are becoming clearer. One goal is for agencies to support a wider range of mobile devices, but security remains the sticking point. And in many agencies, application strategies are still in their infancy.
Until recently, the approach in the halls of Washington was to issue RIM BlackBerrys to managers who need them, while making a few mobile apps available to the public, based on an agency’s most popular services or data sets. But federal IT execs now face the same "consumer effect" that's forcing private sector companies to rethink which devices they support and how they develop and deliver mobile applications.
Before VanRoekel's January announcement, some federal agencies had begun programs to test iPhone, Android, and other mobile devices. As they forge ahead with those programs, agency CIOs must come to grips with the emerging federal strategy, even though it could still be months before that strategy becomes final.
CIOs from civilian agencies and the Department of Defense discussed the opportunities and challenges last week at the MobileGov Summit in Washington. Following are five of the key issues.
Align disparate policies. Some agencies are already testing devices other than the widely used BlackBerry, and in a few cases they’re letting employees bring their own devices to work. Those agency-specific policies must be aligned with the national mobility strategy, a final version of which is due in the spring from the Office of Management and Budget.
The Pentagon has taken an important step in this direction, postponing the release of its own mobility strategy while it reviews the national strategy. "We are tweaking ours to align with it," said Rob Carey, deputy CIO of the DOD.
Equally important, OMB wants to align other, related national policies with its national mobility strategy. OMB wants to tie together an existing national initiative around government websites with the national mobility strategy, said Richard Holgate, CIO of the Bureau of Alcohol, Tobacco, Firearms, and Explosives and co-chair of the national mobility strategy task force. For example, it would make sense for federal agencies to use content management and applications development practices applied to federal websites for mobile apps as well, Holgate said.
Support many more devices. Government agencies have gone one of two routes with mobile devices: RIM’s BlackBerry or, for special needs, devices built to their own specs. Going forward, agency CIOs want the flexibility to support dozens of devices, including tablets, from different manufacturers.
At the MobileGov Summit, DOD's Carey flashed up a slide showing some of the commercial mobile devices the Pentagon is testing, including Motoroola’s Droid Pro, Fujitsu’s Q550, RIM’s PlayBook, and a modified Apple iPad. That variety doesn’t include the myriad smartphones employees will bring to the office once given the green light. Even the secretive National Security Agency plans to open up to commercial mobile devices.
Secure the data, not the device. When it comes to security, what works with PCs and laptops doesn't necessarily apply to smartphones and tablets. There are simply too many types of devices, and they’re more easily stolen or misplaced. Agency CIOs agree that new approaches are needed.
They'll start by securing the data rather than the device. CIOs plans to use a combination of thin-client architecture, where data and applications run and are stored on secure servers; virtualization on devices to separate business data from personal data; and data encryption. Mobile device management, providing the ability to wipe data from lost devices, will also be important.
At the DOD, mobile devices must meet four security requirements: FIPS 140-2; data at rest; CAD/PKI authentication; and enterprise management. Mike Krieger, the Army’s deputy CIO, said the DOD can meet those requirements using a "zero client" architecture. "My theory is this is not technically challenging. It requires a little bit of integration," Krieger said.
Application development strategies must mature. The government has made 100 mobile applications available to the public on USA.gov, including the FBI’s Ten Most Wanted list, an app for checking the status of tax refunds, and a TSA app for getting through airports. It's a start, but the feds' mobile apps plan is only half-baked.
There's no agreement, for example, on whether agencies should use their own people to develop mobile apps for the public or leave that work to contractors. In January, the National Weather Service put a halt to any further development of mobile apps for public consumption.
At the same time, few agencies have put much effort into developing mobile apps for their internal users. "We don't have mobile apps out there, nor is our website smartphone- or tablet-friendly," said Darren Ash, CIO of the Nuclear Regulatory Commission. Veterans Affairs has issued 1,000 iPads to doctors and nurses, but CIO Roger Baker said the business case for broader deployment hinges on enterprise applications becoming available.
Gwynne Kostin, director of mobile with GSA's Office of Citizen Service and Innovative Technologies, advised CIOs at the MobileGov Summit to think broadly when considering app dev and not focus on a single platform like, say, the iPhone. "Develop in a way that it can go to any device," Kostin said.
BYOD policies must become the norm. A key objective of the national mobility strategy is to equip an on-the-go workforce. The fastest and cheapest way to do that is to give government employees permission to "bring your own devices" to work. Some agencies have BYOD policies; others are moving in that direction. In general, however, BYOD is the exception, and that must change.
NRC CIO Ash sets an interesting example. His mobility strategy starts with a BYOD policy. "We issued a mandate to my staff and our cyber folks and said we need to go the way of a BYOD capability," Ash said. "One of the things I’m focused on is employee satisfaction."
The thinking is that employee satisfaction translates into higher-quality work and increased productivity.
As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.