New architecture underlies OMB's 'anytime, anywhere, any device' strategy
The administration released its digital strategy for government May 23, outlining a concept for a governmentwide architecture that can leverage innovative technology to make more government information and services available to citizens.
The strategy, which is intended to be disruptive and is driven by a need for government to operate more efficiently as well by public demand for expanded access, contains a series of objectives and milestones to be completed over the next 12 months.
“New expectations require the federal government to be ready to deliver and receive digital information and services anytime, anywhere and on any device,” the strategy states. “It must do so safely, securely, and with fewer resources.”
Ceding data ownership for 'any-device' access is a risky trade
To do this, agencies are expected to embrace rapidly evolving technologies to enable content management, presentation and access to make the information available in a variety of formats for an increasing array of devices, many of them mobile.
The document acknowledges that government is not starting from scratch in this initiative. “Early mobile adopters in government — like the early Web adopters — are beginning to experiment in pursuit of innovation,” it states. “Absent coordination, however, the work is being done in isolated, programmatic silos within agencies.”
The strategy envisions expanding beyond agency-specific, programmatic lines to a governmentwide platform.
The strategy is built on four principles. It will be information-centric, managing discrete pieces of open data, rather than documents, that can be tagged, shared and secured. Shared platforms within and across agencies will reduce costs, streamline development and enable use of common standards. A customer-centric approach will allow customers to shape and use information when and how they want it through a variety of endpoint devices. And it will ensure security and privacy of the data and the users.
The strategy does not specify technologies to be used, but it outlines a three-layered concept that, it says, “represents a fundamental shift from the way our government provides digital services today”:
- The Information Layer at the base contains will include structured information such as census and employment data, plus unstructured information such as fact sheets, press releases and compliance guidance.
- The Platform Layer will include the broad array of systems and processes used to manage this information, such as content management, Web Application Programming Interfaces and application development, IT support functions such as human resources and financial management, as well as endpoint hardware used to access information such as mobile devices.
- The Presentation Layer defines the way the information is organized and provided to customers, whether through websites, mobile applications or other modes of delivery.
To make information searchable and available across organizations and endpoints, the Office of Management and Budget will publish an open-data, content and Web API policy. Newly developed IT systems will have to be architected to expose high-value data as Web APIs.
To spur development of a shared government platform for delivering information, a Digital Services Innovation Center and advisory group will be established by the General Services Administration to help ensure that solutions are not developed and implemented in a vacuum. Its initial goals will be to identify shared and open content management systems, help agencies develop Web APIs to make data available, and launch a mobile application development program.
A move to information-centric and mobility-enabled services will put a premium on information security and privacy. The new digital environment will build on existing cybersecurity initiatives, including Trusted Internet Connections, continuous monitoring, and strong authentication within the National Strategy for Trusted Identities in Cyberspace and Federal Identity Credential and Access Management requirements.
“Mobile devices have unique security challenges,” the strategy states. Devices themselves can be lost or stolen and wireless connections can bypass Trusted Internet Connections. “These problems are not new, as the introduction of laptops into the workforce led to security and data breaches as employees took their electronic devices mobile. However, the new class of smaller, lighter smart phones and media tablets has elevated exposure to this risk.”
Addressing these elevated risks, both in the government workforce and with citizens accessing services and data, will require an ongoing program to assess and ensure the security of new technologies as they enter the marketplace. The Homeland Security and Defense departments will work with the National Institute of Standards and Technology to develop a security baseline within 12 months.
The baseline will include standardized security requirements for mobile and wireless adoption in government, including the development of mobile and wireless security reference architectures. “A governmentwide mobile and wireless security baseline will enable adoption of the ‘do once, use many times’ approach to mobile and wireless security assessment, authorization, and continuous monitoring,” the strategy states.