Management

Agency IT should focus on apps, not devices

Sanjay Castelino

Want to scare an agency IT professional? Ask if you can put your unlocked iPhone on the internal agency network, and chuckle as your victim ages before your eyes. Federal IT leaders are tearing their hair out trying to determine how to best manage the growing demand for personal devices on secure networks, also known as bring your own device or BYOD.

The collective freaking out over BYOD, while justified, misses the larger point: The fight between agency IT departments and end users isn't over devices. It's over the applications on those devices.

Federal workers rely on a variety of applications, from calendars to task tracking to productivity suites, to do their jobs, but those applications might not be available on their government-issued devices.

It's not just agency business workers either. Even government IT professionals are trying to get access to mobile apps to help them do their jobs more effectively.

Love the app, hate the device

It's called "bring your own application," or BYOA. By addressing it, agency IT teams can avoid the security snarl posed by BYOD. More than just giving end users what they want in the form of a wider choice of mobile apps, delivering on the promise of BYOA can also offer IT departments far more security and stability in their operations, especially in the face of BYOD chaos.

From a purely functional standpoint, BYOA is the same as BYOD, except for the fact that application management is far easier to implement than device management, especially on an ever-growing scale that includes multiple versions of Windows Mobile, iOS and every flavor of Android imaginable. Keep in mind that BYOA doesn't mean every application will be given a green light. Instead, only those that have a measurable business use and can meet agency IT security criteria will be allowed.

BYOA, however, is easier said than done. How does an agency embrace customized mobile business apps while keeping rogue devices at bay? Some federal entities are already using one emerging strategy of an app store coupled with simultaneous control of the server-side applications to which the users' apps connect.

DIY enterprise applications

Agency app stores, similar to the General Services Administration's apps.USA.gov or the Defense Department's pending storefront, would feature agency-approved applications that are either created internally or, more likely, delivered by third-party providers for agency use. That allows for end-user customization while making agency IT professionals' lives that much easier, at least in theory.

With almost every BYOA client application on a mobile device, there will be a server-based, agency-monitored app that controls authentication and access to the data. That client/server relationship makes it easy to add layers of access control to specific apps, which are managed on the agency side via secure authentication and authorization technologies.

Go Web, young man

For agencies that are too concerned about security to readily engage bring your own anything, an alternative (maybe BYOA-Lite) could be the adoption of another emerging trend: mobile-friendly Web applications. Rather than focusing on client/server applications, agency IT professionals could begin directing users to secure, mobile-friendly portals for standardized apps, much like they already do for tasks such as email.

Personal devices would be treated like any non-standard device, and additional security layers could be added via a secure token or fob. That would eliminate a potential "app of the week" scenario while still giving agency IT teams continuous control over their app ecosystem.

Even in the private sector, BYOA adoption is very much in its infancy. But given the struggles that BYOD has brought about, agencies need to stop fighting over devices and start embracing a wider swath of mobile applications, and perhaps even solve a few additional IT headaches along the way.

Featured

Reader comments

Wed, Sep 11, 2013 Tom Ruff Reston , vs

Agree 100%. Most smart devices have adequate security at the device level. CXO 's need to be more concerned about security at the enterprise application level . Agencies need to look towards Cloud based solutions that allow mobile users to access applications behind the firewall ( Mobile authentication to enterprise application behind the firewall ( Mobile authentication as a service ) .

Mon, Sep 9, 2013 OccupyIT

Sometimes you just have to shake your head and cry. First, well said. Second, its sad how distracted our supposed IT leaders get chasing fads and fame that you have to remind them its the work that gets done that is what matters not the device or the technology on which it is enabled. What a cycle of sugar-induced mania we'll hopefully come down from. Mission-first?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above