Forget mobile-device strategy: Here's a better way.
As federal managers struggle to get a handle on mobile devices, speakers at a FOSE panel offer another approach.
Federal agencies should not be planning for mobile device management, but rather mobile data management, advised speakers at a seminar at the FOSE government technology conference on April 3.
With new mobile devices being developed commercially every few months, a device-centric strategy is never going to keep up, said Anil Karmel, management and operations chief technology officer for the National Nuclear Security Agency.
“We’re looking at it in a different way that is completely data-centric,” Karmel said.
The three keys in planning are:
- Determining where the data is resident;
- Identifying the locations where it needs to be accessed, and;
- Deciding how it should best be transported.
The answers determine what type of mobile data architecture should be used, he said. For security, the agency is using containerization and virtualization strategies. The agency has developed a draft Bring-Your-Own Device strategy that is being reviewed for approval, Karmel said.
At the National Security Agency, personal mobile devices, including phones, are not allowed in the building, said Troy Lange, mobility mission manager.
While that policy has not changed yet, it's possible that it could. The agency realizes that people depend on their devices and that potential new employees, especially younger ones, might be discouraged if it continues to bar all personal devices, Lange said.
A possible solution, he said, is for the NSA to develop enterprise mobile devices that can be used by employees while in the building for their personal calls and email.
The NSA has been exploring various solutions for enterprise mobility and is looking to industry to help provide some solutions. Because of the agency’s unique security requirements and closed classified systems, the marketplace mobility management solutions are not feasible, Lange said.
The NSA recently posted a capabilities package on its website seeking feedback from vendors on how to develop an enterprise mobile solution with adequate security.
“Our belief is that the financial or medical industry may be able to help us get traction on this,” Lange said.
At the Veterans Affairs Department, officials decided that developing a Bring Your Own Device policy for all types of mobile devices was not feasible, said Don Kachman Jr., director of security assurance and mobile technologies for the department.
“BYOD is not a technology issue, it is a policy issue,” Kachman said. Policies would need to be developed for what happens when devices break, when there need to be investigations, and many other contingencies, he said.