Yourthe Gateway to ManagedDoes Mobility Changing Way Government Business
EXECUTIVE SUMMARY: YOUR GATEWAY TO MANAGED MOBILITY
On July 16, 1969, Apollo 11 launched from Cape
Kennedy, making history as the first manned space mission destined to land on the moon. Guided by Commander Neil Armstrong, Command Module Pilot Michael Collins, Lunar Module Pilot Edwin “Buzz” Aldrin and countless public servants stationed nationwide, Apollo 11 embarked on a journey that would be a defining moment for a generation of Americans Throughout the mission, from preparation to re-entry, NASA scientists and engineers knew that the slightest error or improper calculation could lead to failure.
in which we explore how organizations are maximizing the latest technologies and solutions to transform their organizations. We’ve spoken with thought leaders in government and industry to pinpoint the best practices for securely adopting mobile technology. Our research particularly explores the value and benefits of centrally managing your devices. By doing so, you can support the flexibility and scalability that the government workforce demands. In this report, you’ll find:
At the time, the computers used to support the mission were hailed as breakthroughs in technology. But by today’s standards, that technology is functionally useless, and remarkably, your cell phone holds more computing power than the systems that put a man on the moon. This reminds us of how far we’ve come with mobile technology and the unique opportunity it presents to transform the way government operates. But in order to capitalize on this technological revolution, agencies must think about how to adopt mobile solutions safely and securely. The first step is to be proactive about the management and administration of mobile within the enterprise. That’s why we created this report, “Innovations That Matter: Your Gateway to Mobile Security.” This report is part of GovLoop’s “Innovations That Matter Series,”
2
INNOVATIONS THAT MATTER
• Results of our mobile survey of 169 of your government peers.
• An overview of the General Services
Administration’s Managed Mobility Program.
• Two mobile applications case studies from the U.S. Army Corps of Engineers.
• Best practices and lessons learned from
government employees to centrally manage mobile devices.
• Your Managed Mobility Cheat Sheet. Let this report serve as the gateway to help you expedite the adoption of mobile at your agency.
CONTENTS 2
Managed Mobility: Executive summary Your Gateway to Managed Mobility
5
GovLoop survey Results Mobile Use and Management in the Public Sector
Can Mobile Help Us Do More with Less?
9
Government's Changing Mobile Philosophy
11
Wireless FSSI GSA’s Managed Mobility: Not Just for Feds
Case study: U.S. Army corps of engineers
15
The Blue Roof App Mobile Information Collection Application (MICA)
Your First Steps to Capitalizing on the Mobile Revolution
17
Mobile Device Management: Best Practices
19
Managed Mobility Cheat Sheet
22
Acknowledgements
23
MANAGED MOBILITY
3
GOVLOOP SURVEY R E S U LT S : MOBILE USE AND MANAGEMENT IN THE PUBLIC SECTOR “I am never off work.” – GovLoop survey respondent
The use of mobile devices for work is
not a new phenomenon. However, through the proliferation of internet-ready devices and access to high-speed networks, mobile device management (MDM) has become more important than ever before. Mobile technology today is used for much more than e-mail. Users now require the ability to access internal networks and applications through virtualprivate networks, transfer sensitive documents over the air, and connect to colleagues around the world in real-time using messaging services. The widespread adoption of smart devices for personal use has also blurred boundaries between personal and professional activities on employeeowned devices, raising yet-unanswered questions of content and data ownership. To meet the needs of today’s public-sector professional, government networks are expected to be open at all hours and accessible from anywhere. Agencies are struggling to keep up with these requirements while maintaining appropriate levels of security and service-level agreements. According to a recent White House cybersecurity initiative, defending the network is one of the highest priorities for the federal government:
Classified networks house the Federal Government’s most sensitive information and enable crucial war-fighting, diplomatic, counterterrorism, law enforcement, intelligence, and homeland security operations… We need to exercise due diligence in ensuring the integrity of these networks and the data they contain.
This security posture becomes increasingly difficult as more mobile devices interface with agency networks and also the external internet. In light of these developments, GovLoop conducted a survey of 169 public-sector professionals nationwide to investigate the relationship between mobile device use and the management of those devices at government agencies. Managers who are reading this guide have already passed the most significant hurdle: having the motivation to adopt a new approach. In this guide, mobile device managers will learn how to best employ an MDM architecture that matches their needs. But first, we must explore the current landscape.
A Ubiquity of Mobile Devices, a Scarcity of Controls The survey revealed that an overwhelming majority of respondents actively use a mobile device to perform work-related activities. Specifically, 88 percent of survey respondents use a smartphone to access e-mail or other internal agency networks. This represents a slight increase from a 2013 GovLoop survey in which 86 percent of users responded that they use a mobile device to perform their primary work duties. This indicates that, for the foreseeable future, mobile device use has stabilized at a near universal level of adoption. However, as Figure 1 reveals, this widespread use has been accompanied by a lack of controls, which is especially alarming given that government agencies are collecting, storing and analyzing more data than ever before. A majority of survey MANAGED MOBILITY
5
respondents said they did not receive security training before using their mobile device for work. Less than half reported that they have a way to wipe their devices in the event of loss or theft. A bright spot in the data is that 73 percent of respondents reported that they are required to either use a password or download security software before using a smartphone or tablet for work.
Multiple Platforms Require Flexibility & Scalability The data also revealed the heterogeneous nature of mobile devices accessing agency networks. (See Figure 2). In some instances, the data reflected platform heterogeneity within a single organization, which, absent MDM measures, is a nightmare scenario for mobile device managers in terms of establishing configuration, security and help-desk protocols. VPN access, for example, requires a more hands-on configuration on an Apple iOS device than BlackBerry devices. Also, as data sensitivity levels increase, manually enforcing security measures becomes much more difficult across platforms, which can lead to employee dissatisfaction because of platformspecific restrictions. Accompanying the assortment of platforms and devices accessing agency networks is the diverse ownership pool of employees’ mobile devices. Figure 3 provides a snapshot of the current landscape. Perhaps most challenging for mobile device managers is the even split between agency-owned and personally owned devices. The fact that one in five employees uses both an agency-owned and personal device to perform a work activity poses its own set of problems for managers. Without a
6
INNOVATIONS THAT MATTER
Figure 1.
mobile management platform, it’s often more difficult to differentiate between an employee’s devices when accessing internal networks since roles are often mapped out on the network side, rather than by individual devices. A National Institute of Standards and Technology report last year, “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” notes that personally owned devices often lack trusted features, such as trusted platform modules (TPMs), which are built into laptops or other agency-owned devices. The key takeaway from this data? Mobile device managers need to use governance policies and technology solutions that are flexible and scalable. We’ll discuss this in greater detail in later sections of this guide, but the idea is that changes in use habits and technology cycles are happening in months, not years. To avoid expensive technical overhauls or establishing policies that are either too restrictive or overly permissive, a good MDM structure should be able to nimbly adapt to changing circumstances.
Mobile Device Management Today: Security Reigns, but not Supreme The survey data also revealed interesting insights into the priorities of mobile device managers and agency executives. When limited to selecting just one area of MDM, 68 percent of managers cited security as their top priority. However, when we asked managers to list all the areas in which they experienced challenges, the setting changes significantly. (See Figure 4.) The high number of managers who selected configuration, tracking and help desk – in addition to security
– is an appropriate complement to the diversity-of-use data in Figures 2 and 3. It is much harder to establish policies and implement technical solutions when managers are dealing with a diverse user environment. Many governing bodies recommend using an MDM platform to address many of these problems. On the federal side, the General Services Administration and NIST have produced guidelines on adopting and selecting an appropriate solution. The survey data supports this trend: Sixty-three percent of managers surveyed use an MDM solution and half the respondents said their MDM solution has made improvements. But there is room for improvement, they said, such as scaling up to include bring-yourown-device users or extending the same level of control over central staff as field operators.
Mobile Device Management before Mobile Device Restriction
Figure 1, cont'd.
On the user side, 50 percent of the employees surveyed use their personal devices for some kind of work activity. Yet with tight restrictions on use, agency leaders may be missing out on an important channel for improving employee productivity. (That or they are unaware that employees have circumvented control mechanisms.) To provide more evidence:
• 60% of mobile users
who use their device for work-related activities cite productivity on the go or away from work as their highest priority.
Figure 2.
• 89% of survey
respondents who said they are unable to use a mobile device for work expressed a desire to do so.
Figure 3.
The data suggests that many managers have decided to place blanket restrictions on use instead of using an intricate accessmapping architecture for each variable user. The survey revealed:
The demand for use is there, which presents agencies with both an untapped potential for greater employee productivity and connectivity and a significant hazard in the form of unsecured or unregulated use. The appropriate response is better management of these devices, not blanket restrictions. The following sections present a series of case studies, common challenges and best practices to help you better manage mobile devices on your networks.
• 63% of agency managers do not allow personal devices to access internal networks.
Figure 4.
• 33% of agency managers allow personal devices to access e-mail.
• 46% of mobile managers
treat agency-owned mobile devices no differently than laptop or desktop computers.
MANAGED MOBILITY
7
Can Mobile Help Us Do More with Less? Wilbur Smith, Brocade solutions engineer in the company’s federal business, recently sat down with GovLoop to talk about how mobile is transforming government, and the opportunities it presents.
Mobile is a trend that is here to stay – what opportunities does it present for government? The federal government’s adoption of mobility as a broad concept seems to be targeted at a few different drivers: One? Easier, more flexible access to information and communications for federal workers. Although cliché, federal agencies are trying to “do more with less.” The government workforce has decreased over the last decade, but the scope of their responsibility has increased. In parallel to this trend, federal IT budgets have also decreased. As a result, every year a smaller pool of people are being pushed to accomplish a larger pool of tasks, but with less money. Mobility initiatives can increase a worker’s productivity and quality of life and can be very cost effective to implement. Giving a federal worker the choice to access business data across any device increases productivity. This isn’t about making someone work 24/7—it’s about helping them do more during normal office hours and helping them get home at a decent hour! The push for mobility compliments the BYOD movement. When employees can exercise their preference for a specific smartphone, they tend to be more productive with it. This familiarity means they have fewer problems, so less demand is placed on IT support and user training; it saves IT resources.
Brocade is helping our customers by playing a critical role. We work hard to support different platforms and approaches and promote the use of open standards. We’ve also embraced Software-Defined Networking (SDN). With a simple code upgrade, every Brocade MLX router that has ever shipped can support OpenFlow. There is no special software licensing or module upgrades needed. This is important because SDN will be key to the next generation of mobile and BYOD initiatives. Additionally, many opportunities to leverage mobility haven’t even arrived yet. For a good preview of what is coming, look at the explosion of mobile apps since the iPhone launched. By leveraging powerful mobile computers with well-understood programming structures (a.k.a. the modern smartphone), the “App Economy” disrupted how mobile services are deployed to users. Look at SMS text as an example: SMS relies on low-level signaling underlying the cellular network, so it was costly to use. This all changed with the saturation of smartphones. Cheap data plans and new applications that don’t need SMS (such as Microsoft Lync Mobile and Apple iMessage) changed how people message on mobile devices. This move also greatly reduced the cost of sending messages. These same market dynamics can be applied to the US Government. US Census workers are already using iPads instead of laptops when canvasing, but imagine what this could bring to other agencies like the EPA. Instead of custom hardware, could air quality sampling be done with a smartphone, a custom app, and an attached sensor? Innovative concepts like this could really change how the government collects data in the field.
building scalable networks based on open standards. In the data center, we treat all storage technology equal. We’re still pushing the envelope with 16 Gigabit per second (Gbps) Gen 5 Fibre Channel, but we’ve also built fabric technology that makes iSCSI, NAS, and objectbased storage networks fast and scalable. Federal agencies are required by law to protect their data, and OpenFlow is a powerful protocol to help secure the network’s path between the data center and the mobile device. It’s like having a firewall on every port in the network, and should be highly considered when building a specialized mobility solution. New Network Functions Virtualization (NFV) platforms, such as the Brocade Vyatta product family, can also be embedded into mobile devices to build a secure overlay network across cellular networks. When building any new mobile solution, it will be critical to assess the risk any proprietary technology or standards may bring over the life of the solution. Take a step back and consider similar technology shifts. The transition to VoIP taught the federal government an important lesson: standardizing on a vendor’s solution that is built on proprietary hardware and standards may seem to simplify things, but it drives up the total cost. When you choose technology that locks out competition, you give up your ability to use competition to control cost. Smith’s insights show that mobile is changing the business of government. What’s preventing your agency from adopting smart, secure, and resilient mobile solutions?
How is Brocade helping government agencies adopt safe and secure mobile solutions? Brocade’s position is unique when compared to other vendors. We focus our engineering resources on
MANAGED MOBILITY
9
GOVERNMENT’S CHANGING MOBILE PHILOSOPHY The public sector has no other choice than to
embrace the mobile revolution (See Figure 5). And as it adjusts, agencies must navigate the complex world of security.
“The federal government is going from a closed system to an open system,” said Jon M. Johnson, Managed Mobility Program Manager at the General Services Administration. “It is inevitable that agencies will have to go mobile. We are moving away from devices that are simply calendar, e-mail and phone systems” Johnson explained. “Government employees are using devices that are readily available on the commercial marketplace that offer a much greater functionality and potential for agencies, contingent on the ability to secure it – or at least monitor the security of that device.” To help agencies manage the proliferation of devices used within their agency, the Office of Management and Budget tasked GSA to create the Managed Mobility Program, a direct result of Federal Chief Information Officer Steven VonRoekel’s Digital Government Strategy. Item No. 5.5 of the strategy requires GSA to develop a governmentwide device management program that supports the acquisition of managed mobility solutions. “What we did was assess the market against robust federal requirements to identify potential sources of supply,” Johnson said. “What that did was capture where the market is and identify where the market needs to evolve, highlighting the functional capability that [vendors] may be lacking in their commercial solutions.” The Managed Mobility Program allows federal managers to properly assess and procure MDM solutions. Additionally, the program adheres to other government programs:
• The White House Digital Government Strategy, released May 23, 2012.
• Executive Order 13576: “Delivering an Efficient, Effective and Accountable Government.”
• The Federal Information Security Management Act of 2002, as implemented through NIST Special Publication 800-53 and Defense Department Directive 8500.1M.
• The Federal Information Processing Standard
140-2 to protect, control and manage data in transit between the MDM and the device using FIPS 140-certified cryptographic modules.
Figure 5.
* The Pew Research Center’s Internet and American Life Project has been collecting data on mobility for more than a decade, and the message is clear: Mobility is here to stay. See the full study HERE.
Mini-Glossary Mobile Device Management (MDM): refers to device management and other mobile management functions, including operations, policy, security, configuration, mobile network performance, data management, application support (application performance, version control, distribution, etc.) Mobile Application Management (MAM): covers mobile application management, and mobile application store (MAS) management to perform application monitoring, reporting, security, and deployment. MDM Integration (MDM): activities relate to integration, transition, deployment, and operations of an MDM/MAM solution within an agency’s infrastructure. Mobile Lifecycle & Expense Management (ML&EM): activities relating to integration, transition, deployment, and monitoring of wireless plan, wireless devices, and MDM solutions within an agency’s infrastructure.
MANAGED MOBILITY
11
GSA’s mobility program has two essential components: managed mobility and the Wireless Federal Strategic Sourcing Initiative (FSSI). The managed mobility component is designed to:
• Identify solutions to
securely manage devices and the enterprise data on them.
Looking for more insights on Managed Mobility? We’ve highlighted the key points of the program: • Provides a complete set of requirements and a Statement of Work that adhere to existing federal policies and administrative priorities.
• Fully manage and secure
• Identifies potential sources of supply that satisfy the greatest government need as measured against the baseline requirements.
• Safely integrate wireless
• Creates an acquisition pathway through existing government-wide procurement vehicles.
mobile applications.
tools into the existing information technology infrastructure.
• Support flexibility of work
by increasing secure access to data, applications and services.
Wireless FSSI The second component of the Managed Mobility Program is an effort to improve the procurement and management of wireless services across government. Wireless FSSI aims to help agencies save time and money by consolidating wireless plans. It’s estimated that agencies can save 15 percent to 20 percent by adopting blanket purchase agreements. GSA said agencies will achieve:
• Volume discounts through consolidated acquisitions of wireless plans.
• Centralized management
of service plans, improving information management and cost savings.
• Increased collaboration and sharing of best practices to optimize wireless plans.
GSA’s program continues to be an important step to modernizing government. “The tablet and the smartphone are the intersection of mobility and cloud,” Johnson said. Although mobile is a guiding trend for government, agencies must continue to take
12
Figure 6: Managed Mobility Highlights
INNOVATIONS THAT MATTER
• Helps with acquisition strategy development and scope reviews. • Makes an adaptable, repeatable mechanism that can account for variable market conditions.
Figure 7: Managed Mobility RESOURCES GSA provides many resources in Managed Mobility; here are a few to get you started: (click to follow link)
• • • • • • • • • •
MDM-MAM Users Guide ML&EM Users Guide MDM-MAM requirements ML&EM requirements MDM-MAM Evaluation Template ML&EM Evaluation Template Managed Mobility FAQ Mobile Computing Decision Framework Federal Mobile Security Baseline Mobile Security Reference Architecture
a holistic approach to IT and adoption. This means understanding how mobile affects your cloud, big data and IT investments. The program is constantly evolving in an attempt to keep pace with the consumer market. It’s an essential resource to help agencies remain safe and secure in their quest to adopt mobile solutions.
GSA’s Managed Mobility: Not Just for Feds GSA’s Schedule 70, the largest acquisition vehicle in the federal government, lets state and local governments buy mobile management solutions from vendors. They can also access these helpful resources and potential sources of supply for additional tips on how to adopt secure mobile solutions.
Mobility is Changing the World. We are changing the way enterprises manage mobility. Transform the challenges of a new mobile economy into opportunities with CA Technologies. We’re helping enterprises manage and grow in an increasingly mobile world. CA Management Cloud for Mobility powers innovation, drives productivity and accelerates the development of new mobile applications and offerings.
Find out more at ca.com/mobility
Copyright Š 2014 CA. All rights reserved.
Resources • The Corps’ mobile computing page: http://www.erdc.usace.army.mil/Media/FactSheets/ FactSheetArticleView/tabid/9254/Article/6304/mobilecomputing-mica-and-blue-roof.aspx • USACE’s “Building Strong” publication: http://issuu.com/faircountmedia/docs/ace12/26 • USACE's 'Blue Roof' Coverage: http://www.erdc.usace.army.mil/Media/FactSheets/ FactSheetArticleView/tabid/9254/Article/6304/mobilecomputing-mica-and-blue-roof.aspx • Temporary roofing program at USACE: http://www.usace.army.mil/Media/FactSheets/ FactSheetArticleView/tabid/219/Article/82/temporaryroofing.aspx
14
INNOVATIONS THAT MATTER
Case Study: U.S. Army Corps of Engineers: Deploying MDM for Improved Services
The Blue Roof App In 2008, USACE realized it needed to leverage mobile to improve disaster relief operations. When hurricanes Ike and Gustav hit, the corps was tasked with providing temporary home roof repairs to victims through Operation Blue Roof. “The purpose of Operation Blue Roof is to provide homeowners in disaster areas with fiber-reinforced plastic sheeting to cover their damaged roofs until arrangements can be made for permanent repairs,” according to a USACE fact sheet. “Operation Blue Roof protects property, reduces temporary housing costs and allows residents to remain in their homes while recovering from the storm.”
pre-determined areas defined on the map,” according to a USACE case study. “As ROEs are assigned from the Command Center dashboard, they are automatically synchronized to smartphones carried by field personnel, who may see their daily inspection assignments by pressing ‘Sync’ to retrieve an updated assignment list.” The app also provides the ability to remotely wipe information in case a device is stolen or lost so that any confidential homeowner data will be removed from the phone. Also, the MDM solution that the corps deployed limits the kinds of apps that can run on the device. This process has drastically increased USACE’s ability to meet the mission of Operation Blue Roof.
During the hurricanes, USACE generated more than 90,000 pieces of paper as part of Operation Blue Roof – all of which required manual entry into a database.
Mobile Information Collection Application (MICA)
To overcome that tedious process, it began pilot testing a new app appropriately dubbed Blue Roof. The app was installed on more than 120 tablets and smartphones, digitizing the entry process.
USACE also uses MICA. Emergency teams deployed to the Mississippi River flood of 2011 first used this app as a way to capture pictures, video and notes to send to command centers. Decision-makers could then instantly figure out where to send resources.
The app lets citizens fill out a Right of Entry (ROE) form, a document to request assistance for roof repairs. The form is then instantly added to the Operation Blue Roof Command Center dashboard and a USACE representative is assigned to conduct an inspection. “Field managers may review ROEs and manually assign ROEs to field personnel for inspection, or allow automatic assignment based on a street address falling within
Every piece of data that responders sent back to the command center was geotagged. This immediate success was a quick win for USACE, which has since successfully used it in many cities. MDM has helped Agencies improve their efficiency and effectiveness on mission-critical programs. Here are best practices to fully make use of an MDM solution and maximize your return on investment.
MANAGED MOBILITY
15
16
INNOVATIONS THAT MATTER
Your First Steps to Capitalizing on the Mobile Revolution
improve customer service and effectiveness. If you do this correctly, you are going to be able to improve communication and interaction, not only today, but also for the future.
Joe Marenin, US EliteBook Product Manager in the commercial PC division at HP, sat down with GovLoop to discuss how HP is helping agencies create a safe and secure mobile ecosystem.
How can HP help?
Can you tell us about what you’re seeing in terms of mobile trends? In this year, we will see more mobile users access the internet than users using a traditional desktop. This trend is really interesting, because people are increasingly seeking to get information they want wherever they are, and when they need it. Mobile allows agencies to get information to the public and engage the public efficiently and effectively.
How can agencies get started with mobile? Agencies are starting to take their existing information or services and repackaging them to be accessed from these new devices. In mobile form, these services are able to provide information for immediate alerts, like taxpayers receiving a message that tax returns have been received and processed. Too often what happens is that we are being overly marketed with the convergence of consumer friendly and internet ready devices – we have faster mobile connections, cloud storage and when you combine those things, they are really what’s used by agencies to enable mobility.
What differentiates our tablet from a consumer grade tablet is that it is designed for business. We do over 115,000 hours of product testing to ensure that once that product comes to you, it works. Our tablets are fully serviceable by companies and businesses. Instead of shipping back to manufacturer, where you are away from the tablet for a minimum 4-5 days, we can actually do a full service upgrade in less than 45 minutes. It's more than just buying a device from HP; it's more about how HP can help you build a mobile ecosystem. We have a group within HP called Mobile Application Services, and this is a team of 11,000 mobile application development professionals who have at least 10+ years of experience in developing mobile applications, and have worked on over 800 mobile application projects. Their goal is to build a mobile application ecosystem that allows customers to access information at anytime through a suite of end-to-end mobile solutions. We have programmers who can develop solutions for iOS, Android, Windows, HTML 5, or they can do a hybrid, they are leading mobile UI experts and test their environment. It’s more than just the device; we can help you build your entire mobile ecosystem. Marenin’s insights help us understand how to get started with mobile. What’s stopping you from building a safe, secure and reliable mobile ecosystem?
Now the question that we need to answer is, should they be building mobile apps for the newest gadgets? Or should they be optimizing their websites for mobile? And I think you need to take a step back. You really need to do some strategic analysis, and look at the agency audience. How does the audience use mobile? How does it relate to the information from services that that agency offers? You can put together a framework that allows an agency to achieve their objective, which is reduce cost, increase efficiencies and allow flexibility. At the end, if you do that that successfully, you will also
MANAGED MOBILITY
17
Mobile Device Management Best Practices 1. Identify Time Savings
5. Support All Mobile Platforms
MDM is a fantastic tool to improve efficiency within your agency. For example, the Blue Roof app eliminated manual data entry, saving countless hours for staff and improving data accuracy and quality because data was geotagged as it came in. Think about how MDM can cut costs, and factor that into your investment decision.
Whether you know it or not, your employees are accessing information on their personal devices through work networks. As an IT professional, it is your duty to create a flexible and supportive work environment. This means using solutions, such as MDM, to create a mobile infrastructure supportive of your employee’s diverse needs.
2. Leverage for Improved Decision-Making
6. Secure not just the Device but the Data, Too
Through both apps USACE uses, the decision-makers had valuable data that improved situational awareness. This allowed them to make a quick assessments and accurate decisions on how to deploy limited resources. These are best practices for your agency as well, as MDM should be a tool to integrate into larger initiatives, driving increased mission value.
3. Manage Mobile Applications MDM solutions allow agencies to monitor and track mobile applications. “Another component that still is being addressed – and it also alludes to the untapped potential of mobile – is the ability to manage, monitor and securely vet applications on devices,” said Johnson.
Our data shows that securing devices is often easy – but understanding how to secure mobile data is a challenge for agencies. For many security professionals, containerization has enabled agencies to control data while within the perimeter, but once the data leaves the container, security becomes more difficult.
Figure 8.
Figure 8 shows that public-sector workers are looking for productivity on the go and outside the office. As a result, employees will continue to use mobile devices, and it is IT’s job to safely and securely provide mobile solutions within the agency. MDM helps provide the right infrastructure to support these needs.
4. Provide Consistency in Available Services MDM provides an infrastructure that allows agencies to quickly deploy apps and provide consistency in their mobile environment. “Our agency has hundreds of office sites, and consistency in infrastructure services available currently varies,” said a survey participant.
MANAGED MOBILITY
19
To overcome this obstacle, agencies must invest significant time understanding how data moves within and outside the perimeter. To help you get started, consider the following questions:
1. Who needs access to mobile solutions?
2. Where do they need access?
3. What kind of data do they need access to and why?
4. What are high-value
datasets? Is there a risk to providing access?
5. What’s our plan if there
is a breach? How do we wipe data and have data redundancy?
6. As we inventory our
devices, have we also prioritized our datasets and devices?
7. Pick the Low-Hanging Fruit. To remain secure, you must be sure that you have covered the basics. This means having the basic features of MDM set up, including the ability to conduct remote wipes, data encryption, and training on safe and secure passwords. This also means that agencies should be able to assess what devices are on the network and who is accessing information. An additional step is training employees. In many cases, your employees want to do the right thing, but they don’t know they’re putting the agency or themselves at risk. These initial practices will make it one step harder for unauthorized access to affect your network. To make sure you’re taking care of the basics, ask yourself:
1. When was the last security training held? What did it cover?
20
INNOVATIONS THAT MATTER
2. How often are users required to change passwords?
3. How do we authenticate users?
4. What kind of encryption strategies do we use?
5. Have we considered adopting role-based access?
6. What do people need to do on mobile devices?
8. Understand Pricing of MDM GSA’s report provides some great insights on costs of MDM solutions. “Typically, basic MDM licensing is low cost and can be approximately $25 per device or user depending on the company’s pricing structure,” according to the report. “But this varies when considering the FIPS-140 container elements.” Depending on the level of security required and the complexity of the containerized solution, costs will increase. GSA notes that cost of MDM can range from $50 to $150 per device or user. Understanding your needs upfront and working closely with a vendor can help you comprehend the pricing requirements.
9. Consider Inventory and Expense Management Imperative to your mobile security is tracking what and how devices are accessing your network. This information is foundational to improving your agency’s cybersecurity posture. Figure 9 shows that 52 percent of our respondents said their agency-issued smartphone is managed centrally by their IT department. Additionally, Figure 9 shows that 46 percent of respondents were required to register their smartphone and/or tablet through a centralized tracking system. Finally, it highlights that mobile tracking is often separate from other IT-tracking systems.
“Managed mobility is more than the mobile device management and applications app – but managed mobility is also managing the inventory of your devices,” Johnson said. “It’s also the ability to track expenses that are associated with the wireless carrier services of the devices as well.” Understanding your inventory and tracking expenses can lead to substantial savings for your agency because you can optimize service plans and improve the quality of services provided to your stakeholders.
Figure 9.
Your Mobile Cheat Sheet Looking to get smart fast on Managed mobility? Look no furtheR
What is Mobile Device Management (MDM)? MDM is a widely used term describing device management and other mobile management functions, including operations, policy, security, configuration, mobile network performance, application support (application performance, version control and distribution), mobile data management on the device and some mobile network monitoring. The definition of MDM varies and reflects its growth (and immaturity).
What’s the difference between MDM, MAM and ML&EM? GSA provides a great list and graphic of the differences between MDM, mobile application management and mobile lifecycle and expense management. We’ve provided an example in Figure 6. Understanding these solutions is imperative to making your agency more secure.
MDM Best Practices 1. Identify time savings.
6. Secure not just the device, but the data, too.
2. Leverage for improved decision-making.
7. Pick the low-hanging fruit.
3. Manage mobile applications.
8. Provide training to stakeholders.
4. Provide consistency in available services.
9. Understand pricing of MDM.
5. Support all mobile platforms.
10. Consider inventory and expense management.
Mobile Case Studies
A One-Stop Shop for Government Apps
•
Using text messages, citizens can receive a daily health tip from the U.S. Centers for Disease Control and Prevention.
•
Using their mobile devices, citizens can check on the status of their tax refund using the Internal Revenue Service’s IRS2go app.
Mobile applications are being built and created all across government. For instance, the National Association of State CIOs (NASCIO) recently created a State Mobile Apps Catalog as a central list of all state mobile apps.
•
In the event of a disaster, survivors can use their mobile devices to access m.fema.gov to find recovery centers and let family members know they are safe.
•
At the Labor Department, workers can track and save their wage hours, reducing a burdensome paper process and creating more accurate timesheets.
•
For a list of other government apps, visit http://www.gsa.gov/portal/content/289117.
"The idea originated from one of NASCIO’s members,” said Samantha Wenger, research coordinator at NASCIO. “The USA.gov portal of apps that was created by federal agencies was the inspiration for our NASCIO member. They felt that we should develop some sort of catalog where we can collect all of the apps created by state agencies. This idea coupled with the executive support from NASCIO’s president at the time, Brenda Decker, allowed the project to take off. It started off with approximately 160 apps." Learn more here: http://www.govloop.com/profiles/blogs/ one-stop-shop-for-state-mobile-apps-take-the-tour
About GovLoop
Acknowledgements
GovLoop’s mission is to “connect government to improve government.” We aim to inspire public sector professionals by serving as the knowledge network for government. GovLoop connects more than 100,000 members, fostering crossgovernment collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington D.C. with a team of dedicated professionals who share a commitment to connect and improve government.
Thank you to Brocade, CA Technologies, and HP for their support of this valuable resource for public-sector professionals.
For more information about this report, please reach out to Pat Fiorenza, Senior Research Analyst, GovLoop, at pat@ govloop.com, or follow him on Twitter: @ pjfiorenza
Authors: Patrick Fiorenza, senior research analyst, GovLoop, and Adrian Pavia, research fellow, GovLoop Designers: Jeff Ribeira, senior interactive designer, GovLoop, and Tommy Bowen, junior designer, GovLoop Editors: Steve Ressler, president and founder, GovLoop, and Catherine Andrews, director of content, GovLoop
GovLoop 1101 15th St NW, Suite 900 Washington, DC 20005 Phone: (202) 407-7421 Fax: (202) 407-7501 www.govloop.com Twitter: @GovLoop
MANAGED MOBILITY
23
1101 15th St NW, Suite 900 Washington, DC 20005 Phone: (202) 407-7421 Fax: (202) 407-7501
MANAGED MOBILITY
24