6 priorities for building enterprise mobility in government
Four years ago, then-U.S. Chief Information Officer Steven VanRoekel announced a new federal strategy focused on incorporating mobile technology into federal government activities.
The strategy later became a central part of the Obama administration’s Digital Management Strategy, which had two over arching goals related to mobility:
- Enable the American people and an increasingly mobile workforce to access government information and services anywhere, anytime, on any device.
- Ensure government procures and manages devices, applications, and data in smart, secure and affordable ways — and use them to spur innovation.
Since then, the widespread adoption of smartphones by consumers and the growth of 4G LTE and Wi-Fi capacity across the nation have made mobile technology and applications a ubiquitous part of the workplace. Debates over bring your own device policies and mobile device management systems that once dominated agency IT discussions have gradually receded into the background of the government’s digital strategy.
Yet enterprise mobility issues continue to play a crucial role for agency CIOs and their IT investment strategies.
Last month, FedScoop convened two dozen senior government and private sector IT leaders for a “Mobility Leadership Roundtable” at FedScoop’s headquarters to take a fresh look at the state of enterprise mobility, what challenges remain and where agency IT leaders should focus their attention looking ahead. The roundtable included federal agency CIOs, chief technology officers and mobile technology executives.
One of the central challenges federal and private sector IT leaders voiced during the discussion was how to adapt to an environment where products are becoming “software-itized.” Another is how to keep up with new services and features being released more rapidly than ever.
The not-for-attribution discussion took many turns. There was a general consensus that “mobility is simply how you get IT done;” that “mobility needs to support the mission and be infused in the way agencies do business;” and that when it comes to security, enterprises need to “assume every device is hostile.”
But by the end of the discussion, there were six major strategies the IT leaders recommended agencies should consider for building a stronger, more mobile enterprise IT environment:
1. Deliver data to any device, anywhere, anytime
Mobile devices are now central to the way people manage their lives. “Enterprise mobility needs to reflect the way we live — that’s how people want to work,” said one federal IT leader. People are used to accomplishing all kinds of things using their smartphones. Consequently, government agencies need to meet those expectations with a mindset of delivering “public service without boundaries,” as one IT leader put it.
When it comes to supporting federal workers, agencies must also develop plans for operating off the network, when Wi-Fi and wireless aren’t available to federal workers and military personnel in the field.
More also needs to be done to make data readily available and useable over the air to empower federal workers.
“Mobility’s potential is still more promise than reality,” observed one federal IT leader, who contended that mobility is still “used 95 percent of the time for voice, emailing and checking your calendar.” Agencies must overcome the obstacles that prevent workers from accessing, using and updating relevant work data via mobile devices.
2. Push for a responsive procurement system
Mobile technology procurement continues to reflect the greater need for enterprise transformation, despite strong headwinds of consumerism and younger generation preferences for bring your own device, choose your own device and multi-persona capabilities in mobile computing. But agencies have to maintain a certain discipline.
“Fragmented acquisitions do not allow the enterprise to change the security architecture from boundary to data, nor does fragmented purchasing enable the consistent application of security policy and governance,” said a federal executive.
However, while agencies pursue a mobile anytime, anywhere, any device vision as a means of focusing on a data-centric strategy — one that is responsive to a more adaptive and responsive workforce — federal mobile procurement must take a more agile approach.
The old models of procurement — serially identifying needs, defining requirements, developing acquisition strategies and solicitations, evaluating bids, and awarding contracts — generally take three times longer than the life cycle of most devices. Agile development practices must be extended to procurement systems and Federal Acquisition Regulation rules.
An agile approach would allow for “a more robust mobile and digital environment that incorporates future technologies and avoids lock-in while also keeping costs down and capturing savings,” said a federal executive familiar with IT acquisition.
That would also help agencies take advantage of pricing competition in the market.
“As we have seen with the mobility space the past three years, price compression is a function of establishing real competition at the point of sale,” said that same executive. He cited how “the pricing for competed national carrier services has dropped [for government] due to a more competitive acquisition that consolidates volumes” and as “smarter customer agencies communicate their needs to the marketplace.”
“Competition in cloud, mobile security and other mobility components continue to drive down pricing while also enhancing capabilities,” he added, making it easier to introduce new technologies into the federal mobile environment.
3. Develop a secure environment, from boundary to data
“We need to change the mindset from ‘static’ or ‘one-to-one’ IT system connections to more complex simultaneous device and data conversations,” said a senior federal IT official. That means “interactions are becoming increasingly like webs, allowing data to flow in several directions seemingly simultaneously.”
Across the board, there was a strong consensus for IT departments to stop focusing on the device. “Assume every device is hostile and focus on secure data ecosystem and applications,” as one leader put it.
More specifically, the IT leaders suggested three courses of action:
- Understand your data flow. The application eco-system (mobile or otherwise) is how your data moves throughout your infrastructure and beyond. Understanding your data flow is the first step in securing it.
- Gather the holistic view. Understand how your protections can or should interact at every layer. When you understand your data flow — and the protective measures that do or don’t exist as your data moves through the infrastructure to and from the endpoint — you can gather an aggregated sense of your security posture.
- Invest in the foundation. Concepts such as secure data practices, secure coding, and adaptive and responsive infrastructure enable security technologies and processes to focus on advanced threats vice being hampered by inadequate monitoring practices.
4. Focus on a data-centric strategy
In addition to securing their IT environment, agencies need to expand their security solution to the data layer. Specifically, IT leaders suggested:
- Leveraging data encryption, data tagging and granular access management disciplines to control access to data. This requires some foundational “data work” to understand what data needs to be tagged and how. This also requires a solid identity and access management solution, coupled with a deep understanding of roles and rights in applications.
- Increasing the use of auditing and monitoring in real time. Real-time access monitoring and auditing help ensure policy compliance, but they also reduce the time associated with data leakage and breach. This too requires a solid foundation of understanding of the nature of your data, who should have access to it, and how it is to be used, in order to audit against it.
- Increasing the use of analytics on how, who and when data is accessed to understand how often data is used, and to classify it accordingly. Move less accessed data to an offline state to prevent leakage. As the volume of data at rest and in transit continues to grow exponentially, analytics will become crucial to keeping up with data classification and management.
5. Establish clear, simple governance and policy
Governance can be a challenge with mobility. Mobile projects often begin organically, driven by the desire for a specific mobile device for specific office or person. Despite its obvious importance, the leaders at our roundtable agreed more work needs to be done on governance structure, especially when governing a mobile device and application management program.
As with all major IT initiatives, it’s important to consider mobility from the enterprise perspective so that all users within a department or agency follow a standard set of mobility guidelines.
But here are some specific elements, proposed by one executive, responsible for mobile device management at a leading federal department, which agencies should consider when developing governance policies for mobile devices:
- Require all agency/department-connected devices to be managed by the MDM solution;
- Determine how users connect to the agency network, email or data stores (i.e., 4G, private or public Wi-Fi);
- Identify approved mobile devices;
- Determine BYOD policy;
- Identify whitelisted apps;
- Define security procedures related to lost or stolen devices, and provisioning of secure devices for international travel;
- Establish rules of behavior and user acceptance;
- Define and apply system and device configuration standards including general device configuration, ActiveSync configuration and configurations for specific device platforms;
- Define standard operating procedures for intake and certification of new devices and mobile apps;
- Establish a certification process for new devices and apps;
- Define security, functional and accessibility standards for devices and software; and
- Establish roles and responsibilities in all processes.
“The key to a successful mobility program is stakeholder collaboration and communication throughout development and implementation of governance,” he added. “Standardizing the governance and its inherent policies will drive users to the solution of choice and create a duplicable certification process that can be followed as a mobility program matures.”
6. Create an agile, learning, adaptive culture and workforce
Finally, to move to a more mobile and next generation IT shop, here was the advice of one federal CIO:
Empower the edge of your organization, he said. “If you’re trying to operate in a top-down fashion, issuing writs and commands, you’ll just always be out of date — you won’t be able to keep up with the speed of business.”
Encourage a diversity of views. “You want to encourage debate on a variety of ideas; but also have individuals support those views with data. That allows you to stay nimble with the evolving technology landscape as opposed to getting used to certain a technology platform and finding out that platform is no longer the best platform for your agency,” the CIO added.
Ensure that you put the user in the driver’s seat. “It used to be that because technology was so complicated, you’d have build every permutation of user interface for your stakeholders,” the CIO said. “Now, with the shift to cloud services, we can have the IT department define the lanes of the road, and give stakeholders the car or truck, as it were, to drive on the road as they need. So IT becomes more of a brokerage model working in partnership with their stakeholders, as opposed to ‘we build everything for you.’”
How do you get there? “First, you make the change by being the change,” he said. “As an IT leader, you visibly reward risk takers and the skeptics, giving recognition and praise to those creative problem solvers. And you coach those people who sitting more on the sidelines. And if you have to persuade upper management — or provide cover for your team — IT leaders need to show evidence: quick wins within the organization or case studies elsewhere that model what you need to have done.”
There’s an added benefit for agencies and agency IT leaders, said another agency executive: “When we create enterprises that are more adaptable, we don’t have to be as predictive,” meaning agencies can begin to escape getting locked into legacy technologies and begin to reap the benefits of new technologies faster.
Contact the writer on this story via email at wyatt.kash@fedscoop.com, or follow him on Twitter at @WyattKash. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.