Mobile devices roam the digital Wild West
Smart phones and wireless laptops boost mobile productivity — and management concerns. Here’s how to keep them safe and affordable.
Along with all of the buzz surrounding this or that new smart phone or the latest status-boosting handheld messaging gadget comes one stark reality: These free-range devices can push an agency's management skills to the limit.
For one thing, protecting handheld devices is becoming as demanding as securing desktop PCs. Smart-phone sales rose almost 24 percent last year according to Gartner, and as the number of devices in circulation grows, hackers are finding them an attractive way to get more bang for their bugs.
Then there are the pocketbook issues. Poorly managed data plans, exorbitant roaming charges and forgotten-but-still-active phones threaten to neutralize the productivity promises of anytime access to e-mail and co-workers.
Officials at some government agencies, including the Interior Department and General Services Administration, have decided that the solution is to formalize and centralize mobile management.
"When mobile management is siloed, organizations don't really know how money is being spent on mobile devices and smart phones," said Michele Pelino, a principal analyst at Forrester Research. "So they are centralizing the decision-making process."
That approach ensures that agency policies for buying, provisioning and securing the devices are applied consistently across the organization. Centralization also can reduce costs by consolidating services from multiple carriers into one or two large contracts for greater bargaining power.
But there's a hitch. Centralization and consolidation are sometimes easier said than done, especially at large agencies that have offices spread nationwide.
"It's tempting sitting here at headquarters to say, 'We can save all of this money by consolidating all of these plans,'" said William Corrington, Interior's chief technology officer. "But when you get into the realities of what we need out in the field — and for us, we literally mean out in the field — it's not quite that easy."
Central vs. Local Management
Interior manages about 8,000 BlackBerrys that are authorized to access agency e-mail systems and nearly 18,000 laptop PCs, many of which have wireless cards for connecting to broadband cellular networks. For now, those mobile devices handle standard chores such as e-mail and calendar tasks, but that could change. Corrington said he sees a time when field officers might use handhelds to collect information such as stream flow data and photos of invasive plant species. So getting security and cost management right is important today and for the future.
But first the agency is grappling with two important challenges. One is its geographic breadth. Because Interior's offices stretch from the continental United States to Alaska, Hawaii and distant territories such as Guam, no single service provider can offer adequate coverage.
The other issue is productivity. Many agencies bolster security and ease management headaches by instituting policies and standard configurations for computer hardware. However, those one-size-fits-all strategies must provide a minimal level of user satisfaction or employees might never reap the productivity benefits of their mobile devices.
There are no easy answers, but Interior officials are evolving a hybrid approach to balance the benefits of centralized management with enough local decision-making to keep field agents satisfied.
That approach begins with security considerations. Rather than just issue orders from headquarters, the agency convened meetings with Washington-based administrators and representatives from far-flung bureaus to hammer out a security policy handbook. One of its cornerstones is the FIPS 140-2 encryption requirements for keeping data safe when it's being transmitted or if a mobile device is lost or stolen.
The encryption mandate also helped Interior make one of its consolidation choices. Because BlackBerrys are certified for Federal Information Processing Standards compliance, Interior uses them exclusively for the smart phones it issues to employees.
The handbook's authors identified other areas in which agencywide consistency is important. For example, Interior requires passwords to unlock smart phones and mandates that those secret codes use a mix of at least a dozen letters and symbols. Users must reset passwords every 90 days, and if a log-in attempt fails a set number of tries, a program on the central BlackBerry server remotely wipes out contact lists and other data stored on the device.
Interior also takes a stand against downloading applications from the Web. "Our policy for computers in general says, 'Thou shall not install personal applications or your own applications,' and we consider BlackBerrys to be covered by that rule," Corrington said.
But there is room for flexibility. For instance, the security handbook doesn't dictate specific BlackBerry models, which allows room for personal preference. "We have to be sensitive to that," Corrington said.
Nevertheless, local offices can be sticklers for conformity if they choose, and some allow employees to use only a certain handheld model to limit the variety of trouble calls that help-desk members must handle, he added.
On costs, Interior partnered with a telecommunications expense management service to conduct a pilot project to assess the potential for savings. In the most common scenario, such contractors charge a monthly fee — often about $5 to $10 per user — to analyze an agency's wireless usage patterns, consolidate calling plans, negotiate new contracts with carriers and spot budget busters, such as roaming surcharges and phones that are unused but still active.
"We have to balance the needs of our users in local geographies, but we obviously want to save money," Corrington said. "The pilot [project] tried to balance those two tension points."
He added that finding that balance wasn't easy. Although Interior officials saw enough benefits from the project to expand the contractor relationship, cost savings fell short of original projections. "On paper, we had some numbers that we thought we could achieve," he said. "But when we went through the pilot, it wasn't clear that those savings could be achieved within our current environment."
The main problem was that although consolidating phone plans to maximize volume deals provided a large chunk of those projected savings, decentralized purchasing is sometimes still necessary to ensure proper coverage in local markets.
"People in our remote offices need to be empowered to make their own decisions on providers," Corrington said. "It doesn't do us any good to put a phone in the hands of someone who can't get coverage. That's just not going to be good for anybody."
Limiting wireless services to a single carrier might not work for all agencies, but GSA has found a way to make it pay.
Consolidation became a key ingredient in a wireless modernization effort that the agency began in 2007, which identified a range of cost-reduction opportunities, said Casey Coleman, GSA's chief information officer.
First, the agency brought almost all employees under a single contract with Verizon Wireless. Users now share minutes from one large pool. The resulting volume discounts reduced per-minute costs from a range of 18 cents to 27 cents under the former individual plans to 8 cents. Pooling also cut overage charges by $1,000 per month and qualified GSA for free, unlimited text messaging.
The modernization effort also found and eliminated more than 1,000 devices that had little or no activity, resulting in a savings of several hundred thousand dollars a year, Coleman said.
She estimated that all those changes shrank GSA's wireless costs by more than $1 million a year.
However, the single-carrier approach has its downsides. Coverage gaps at remote offices require an auxiliary provider, and because Verizon Wireless doesn't support Apple iPhones, an additional carrier is needed for an iPhone pilot project that GSA's Office of Citizen Services is conducting. But neither drawback outweighs the expected benefits of provider consolidation, Coleman said.
For some groups, one carrier poses a liability. Another factor to weigh when considering consolidation is the need for a contingency plan. City officials in Oakland, Calif., say they need the insurance policy of employees using a variety of carriers.
"We don't want all the eggs in one basket here in an earthquake region," said Ahsan Baig, division manager for the city's public safety services.