The U.S. Department of Agriculture and the Federal CIO Council hosted a conference on the state of mobility in the federal government earlier this week that brought together top-tier industry mobility professionals across the U.S. federal mobile ecosystem to discuss the rapidly evolving adoption of mobile technologies.
For those of us who have been in this industry for many years like myself, the tone of remarks at the two-day conference, held Aug. 23-24, was a welcome return to reality and affirmation that security and data integrity should not be lost in all the recent hype over a new breed of powerful smartphones and tablet computing devices.
In particular were comments by DoD Deputy CIO Robert Carey, who set the stage for the audience, highlighting the many benefits of mobile technology while explicitly identifying the associated trade-offs in security.
The so-called “consumerization of IT” that has turned centralized IT on its head and put IT administrators across the government (and private enterprise) in “react mode” comes at a cost. Mr. Carey pointed out multiple risk factors of allowing government workers to bring their own devices into the work place and handle government communications and data.
Although most of his talk was pertinent to the non-classified space, it was reassuring that the DoD is thinking very deeply about issues such as data at rest, data in transit, mobile device management, authentication, verification of identification and auditing (among other topics).
That thinking included some discussion about FOUO/SBU (for official use only/sensitive but unclassified) and classified arenas, including NSA’s SME PED project, (a project that I had some experience with in conjunction with my former job at Microsoft). The SME PED is essentially a specially-designed smartphone, but more accurately, a Type 1/Type IV dual-bootable device capable of top secret voice and secret data and was developed and funded by NSA and manufactured by General Dynamics and L3. The central software kernel was based on Microsoft Windows CE.)
Dr. Mark Althouse, Technical Director, NSA similarly gave a very well-constructed and well-explained talk on the need to protect data and to take steps to treat devices as first class citizens on the network in a similar vein as PC’s.
It’s clear that there needs to be more standardization across operating system builds and/or the type of “container” or “sandbox” approach such as that taken by Good Technology. Virtualization remains a viable way to quarantine data by presenting it in a way that doesn’t leave breadcrumbs and mitigates security holes.
My personal take is that the DoD and the intelligence community are taking the lead in thoughtfully evaluating tradeoffs between very legitimate security threats and feature-functionality/ease of use issues for end users. For some of us “grey hairs” in the audience, this level-set is well over due.
The “glittery objects” represented by all the new consumer electronics devices, while very powerful and wonderful in theory, need to be harnessed in a manner consistent with best practices in information assurance.
Kudos certainly need to go to the USDA and CIO Council for organizing an event that had such broad representation of key mobility heavyweights. The event represented a virtual “who’s-who” of the federal mobile ecosystem, from Microsoft’s Rick Engle, to RIM’s Larry Silver, Air-Watch’s Mark Williams, SAP’s Mark Zentz, Deloitte’s Blair Nicodemus, Good Technology’s Eugene Liderman and Jeff Miller, to Steel Clouds’ Brian Hajost, to Unisys’ Mark Cohn to Sprint’s Phil Gallagher, to Apple, IBM.
The net–net conclusion: It’s wonderful to see mobility take off across the enterprise and particularly Line of Business (LOB) applications rather than simply email. Now, the challenge of securing and managing the devices begins in earnest.
Randy Siegel is director, business development, mobile computing for Motorola Solutions’ Federal Government Division. Siegel also spent 12 years with Microsoft Corp. where he oversaw Microsoft’s mobility strategy and worked with U.S. Federal Government C-level decision makers to improve operations via mobile development and deployment.