2015 mobility mantra: manage data, not devices

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By Patrick Marshall
 

Connecting state and local government leaders

By Patrick Marshall

|

Government mobility managers are racing to stay ahead of the proliferation of mobile devices with strategies that focus on data and applications rather than devices themselves.

Managers of agency mobile devices have their hands full, trying to equip the latest technologies with security features that the devices themselves don't deliver.

That’s why 2015 will be a time for agencies to strengthen their mobility management practices with new enterprise approaches that focus on managing data and applications rather than devices themselves, mobile experts say.

"It's harder than people thought it would be," said Bryan Taylor, research director for mobile and wireless at the Gartner consulting group. "Mobility evolves much quicker than your typical enterprise area of technology." 

While mobile device management (MDM) platforms have been widely adopted in the private sector, their uptake in the federal space has been slower.  In fact, many agencies are just beginning to set up MDM, even as commercial organizations are moving into more robust solutions like enterprise mobility management (EMM).

Pillars of a new MDM

MDM platforms typically allow administrators to remotely configure security and applications on mobile devices, to "kill" devices when they are lost or stolen and to manage operating system updates and applications. MDM platforms are also designed to support mobile devices from multiple manufacturers, enabling employees to use their own devices, or BYOD.

NASA is one agency plotting to enhance its mobility strategies in the coming year. The space agency – one of the federal government’s most tech savvy – has until now been relying on Microsoft Exchange ActiveSync to manage its fleet of 30,000 laptops and 10,000 cellphones. 

Exchange ActiveSync was originally designed to synchronize data on mobile devices, including email and calendaring data. In recent years it has added MDM features, such as the ability to set policies on device and applications usage. However, the solution lacks some more sophisticated capabilities such as application containerization and app wrapping that protect and isolate applications on devices, which is especially important when employees are using their own devices.

"We are looking at a mobile device management solution to implement right now," said John Sprague, NASA's enterprise applications service executive. "We've got lots of scientists, engineers, researchers, employees and university partners, all wanting to use their personal mobile devices, because they are so familiar with them and comfortable with them."

While many federal agencies and departments are just moving to adopt MDM, however, Gartner's Taylor said the shortcomings of the technology as a security solution are already apparent. 

"It used to be good enough to put some security controls on the device itself, which is what mobile device management focuses on," said Taylor.  "But as applications and content increasingly become important for organizations deploying mobile, they need more.  They need mobile application management and mobile content management. If you take those three pillars you end up with EMM –  enterprise mobility management."

In addition to managing the configuration of mobile devices, as MDM does, EMM focuses on managing applications and data on devices across the enterprise. 

Securing apps, not just devices

App containerization is a primary tool in that effort, according to government security experts.  Isolating and protecting sensitive applications so their data is not accessible from other applications on the device means that administrators don't have to be as concerned about other applications on an employee's device or just how that device is configured. 

"Most organizations these days, both public and private, have gotten away from trying to blacklist or whitelist what you can put on the device," said Taylor. "That's largely because containerization has led them to feel that they can allow more latitude for personally enabling a device while still keeping the apps and content that they are interested in secure." 

Fairfax County, Va., which has been using an MDM platform to manage its fleet of mobile devices for some time, is now taking its first steps toward an EMM approach to BYOD.

Starting this month, the county will allow employees to bring their own devices into the system.  Initially, said Jeffrey Porter, director of the county's Platform Technology Division, support will be limited to iOS and Android, to be followed in a few months by support for Windows Phones.

"Now that we're starting to let people touch applications," said Porter, "it presents a problem for us about who we allow to touch what information.  We want to make sure we are restrictive." Porter plans to use containerization to help ensure the security of those applications.

Legacy apps management

For many IT managers, however, deploying apps to mobile devices carries special challenges, since many agencies are still running older legacy apps designed to run on mainframes. These in-place applications are too resource intensive to simply run on mobile devices.

That, said Michael Valivullah, chief technology officer at the National Agricultural Statistics Service, is the case with some of the applications at the Department of Agriculture. "Based on user needs, we are rewriting those applications," he said, in part to make the applications more appropriate for mobile use. 

Data center consolidation is also driving demand for an application-focused approach to device management, according to Valivullah. "We have decreased our data centers from 46 to two, and with the data center consolidation, we have longer distances to go between client devices and the data center," he explained.  The result is delays and, eventually, user complaints.

"So we are having to optimize those applications to decrease the I/O," he said.  "We're implementing caching so apps don't have to go all the way to the database for every operation." 

Focus on the data

Moving forward, said Valivullah, his team will focus more on the data than anything else. "Our mobile strategy is based on the data instead of focusing on devices," said Valivullah.  "Our concept is to access anything, anywhere from any technology at any time."

And to protect the data, apps on USDA's mobile devices are configured so that the data is never stored on the device. 

"We rolled out a virtual desktop interface that can run on pretty much any device," Valivullah said.  All the apps run through the interface and all the data is stored on USDA's servers or in its cloud storage.  "Nothing is resident on the computer," said Valivullah. "We just give them bare-bones devices and they can't save data on it.  Even for the couple of minutes that data might be there it is encrypted. We don't  see a lot of risk there." 

Gartner’s Taylor confirms that more government agencies are turning to the cloud for securing mobile data as part of their mobile device repertoire.

"We are seeing a lot more interest in cloud deployments, letting the ISP do the work in maintenance and updates," he said.  "And lot of organizations that first went with purchase of on-premise [apps and data] have switched to cloud."

NEXT STORY: Is antivirus software still relevant?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.