2015 mobility mantra: manage data, not devices
- By Patrick Marshall
- Jan 08, 2015
Managers of agency mobile devices have their hands full, trying to equip the latest technologies with security features that the devices themselves don't deliver.
That’s why 2015 will be a time for agencies to strengthen their mobility management practices with new enterprise approaches that focus on managing data and applications rather than devices themselves, mobile experts say.
"It's harder than people thought it would be," said Bryan Taylor, research director for mobile and wireless at the Gartner consulting group. "Mobility evolves much quicker than your typical enterprise area of technology."
While mobile device management (MDM) platforms have been widely adopted in the private sector, their uptake in the federal space has been slower. In fact, many agencies are just beginning to set up MDM, even as commercial organizations are moving into more robust solutions like enterprise mobility management (EMM).
Pillars of a new MDM
MDM platforms typically allow administrators to remotely configure security and applications on mobile devices, to "kill" devices when they are lost or stolen and to manage operating system updates and applications. MDM platforms are also designed to support mobile devices from multiple manufacturers, enabling employees to use their own devices, or BYOD.
NASA is one agency plotting to enhance its mobility strategies in the coming year. The space agency – one of the federal government’s most tech savvy – has until now been relying on Microsoft Exchange ActiveSync to manage its fleet of 30,000 laptops and 10,000 cellphones.
Exchange ActiveSync was originally designed to synchronize data on mobile devices, including email and calendaring data. In recent years it has added MDM features, such as the ability to set policies on device and applications usage. However, the solution lacks some more sophisticated capabilities such as application containerization and app wrapping that protect and isolate applications on devices, which is especially important when employees are using their own devices.
"We are looking at a mobile device management solution to implement right now," said John Sprague, NASA's enterprise applications service executive. "We've got lots of scientists, engineers, researchers, employees and university partners, all wanting to use their personal mobile devices, because they are so familiar with them and comfortable with them."
While many federal agencies and departments are just moving to adopt MDM, however, Gartner's Taylor said the shortcomings of the technology as a security solution are already apparent.
"It used to be good enough to put some security controls on the device itself, which is what mobile device management focuses on," said Taylor. "But as applications and content increasingly become important for organizations deploying mobile, they need more. They need mobile application management and mobile content management. If you take those three pillars you end up with EMM – enterprise mobility management."
In addition to managing the configuration of mobile devices, as MDM does, EMM focuses on managing applications and data on devices across the enterprise.
Securing apps, not just devices
App containerization is a primary tool in that effort, according to government security experts. Isolating and protecting sensitive applications so their data is not accessible from other applications on the device means that administrators don't have to be as concerned about other applications on an employee's device or just how that device is configured.
"Most organizations these days, both public and private, have gotten away from trying to blacklist or whitelist what you can put on the device," said Taylor. "That's largely because containerization has led them to feel that they can allow more latitude for personally enabling a device while still keeping the apps and content that they are interested in secure."
Fairfax County, Va., which has been using an MDM platform to manage its fleet of mobile devices for some time, is now taking its first steps toward an EMM approach to BYOD.
Starting this month, the county will allow employees to bring their own devices into the system. Initially, said Jeffrey Porter, director of the county's Platform Technology Division, support will be limited to iOS and Android, to be followed in a few months by support for Windows Phones.
"Now that we're starting to let people touch applications," said Porter, "it presents a problem for us about who we allow to touch what information. We want to make sure we are restrictive." Porter plans to use containerization to help ensure the security of those applications.
Legacy apps management
For many IT managers, however, deploying apps to mobile devices carries special challenges, since many agencies are still running older legacy apps designed to run on mainframes. These in-place applications are too resource intensive to simply run on mobile devices.
That, said Michael Valivullah, chief technology officer at the National Agricultural Statistics Service, is the case with some of the applications at the Department of Agriculture. "Based on user needs, we are rewriting those applications," he said, in part to make the applications more appropriate for mobile use.
Data center consolidation is also driving demand for an application-focused approach to device management, according to Valivullah. "We have decreased our data centers from 46 to two, and with the data center consolidation, we have longer distances to go between client devices and the data center," he explained. The result is delays and, eventually, user complaints.
"So we are having to optimize those applications to decrease the I/O," he said. "We're implementing caching so apps don't have to go all the way to the database for every operation."
Focus on the data
Moving forward, said Valivullah, his team will focus more on the data than anything else. "Our mobile strategy is based on the data instead of focusing on devices," said Valivullah. "Our concept is to access anything, anywhere from any technology at any time."
And to protect the data, apps on USDA's mobile devices are configured so that the data is never stored on the device.
"We rolled out a virtual desktop interface that can run on pretty much any device," Valivullah said. All the apps run through the interface and all the data is stored on USDA's servers or in its cloud storage. "Nothing is resident on the computer," said Valivullah. "We just give them bare-bones devices and they can't save data on it. Even for the couple of minutes that data might be there it is encrypted. We don't see a lot of risk there."
Gartner’s Taylor confirms that more government agencies are turning to the cloud for securing mobile data as part of their mobile device repertoire.
"We are seeing a lot more interest in cloud deployments, letting the ISP do the work in maintenance and updates," he said. "And lot of organizations that first went with purchase of on-premise [apps and data] have switched to cloud."