Making sense of mobile data management

As more and more federal employees use their own mobile devices at work, agencies must focus on securing the data, not the device.

 

A dramatic shift has occurred in the government's approach to managing mobile data. Traditionally, agencies provided employees with mobile devices that were preloaded with approved applications. That approach restricted the way data was accessed and allowed the agency to retain maximum control over its information.

Unfortunately, the agency-issued device was not always the platform of choice from the user's perspective, and over time, employees gravitated back to their own devices. That dynamic has forced the government to evolve from focusing on mobile device management to mobile data management.

According to a recent white paper by Good Technology, the benefits of secure mobile data management are significant. For example, the company estimates that encouraging mobile data access in a police department could save officers as much as 30 minutes a day by allowing them to quickly check for outstanding warrants, use mapping applications and access translation services. A wide range of federal workers could see similar time savings.

Although the benefits are clear, moving from mobile device management, with clear restrictions and well-defined security, to mobile data management means more data becomes visible outside the organization, which increases the probability of accidental data loss and deliberate data breaches. To minimize those risks, government agencies should consider taking the following steps.

1. Choose which platforms to support. The IT department first needs to determine which platform or platforms it will support. Unfortunately, no two platforms are the same, so each one will require a unique approach and specific adjustments. Additional platforms also mean more customized work for IT departments that likely are overextended already.

2. Decide which data to allow. The next step is determining which data should be accessible over the mobile network and how users will be allowed to interact with that data. Deciding which data should be accessible and which should not might sound like a simple task, but there are numerous levels of access and each one must be fully addressed.

Once this step is complete, IT departments should continue to approach the issue from the employee's perspective: How will users interact with the mobile data, and will they have the ability to access it, edit it and/or delete it?

3. Develop a governance plan. Ideally, all policies, governance and restrictions for mobile data management should be grouped into a comprehensive, organizationwide data governance strategy. Decisions about data security typically rest with the chief security officer, who has traditionally been focused on procedural matters such as how to sign in guests or perform security checks on vehicles. But with the exponential growth of data, the CSO's role has been expanded to keep agencies from becoming swamped in a sea of data.

Because building consensus about the rules and policies required to govern mobile data is a complex challenge, large-scale change over the short term will be difficult. What is possible, however, is departmental, incremental change.

To help overcome the challenges of mobile data management, we might see the rise of a new position: a point person who is strictly responsible for data management and acts as a liaison between the CSO and the IT department. That individual would help ensure that informed decisions can be made about what information should be shared and accessed via mobile devices on government networks.

Bringing new insight to the growing challenge of mobile data management will help departments keep projects on track and secure.