Forget mobile-device strategy: Here's a better way.

Federal agencies should not be planning for mobile device management, but rather mobile data management, advised speakers at a seminar at the FOSE government technology conference on April 3.

With new mobile devices being developed commercially every few months, a device-centric strategy is never going to keep up, said Anil Karmel, management and operations chief technology officer for the National Nuclear Security Agency.

“We’re looking at it in a different way that is completely data-centric,” Karmel said.

The three keys in planning are:

  • Determining where the data is resident;
  • Identifying the locations where it needs to be accessed, and;
  • Deciding how it should best be transported.

The answers determine what type of mobile data architecture should be used, he said. For security, the agency is using containerization and virtualization strategies. The agency has developed a draft Bring-Your-Own Device strategy that is being reviewed for approval, Karmel said.

At the National Security Agency, personal mobile devices, including phones, are not allowed in the building, said Troy Lange, mobility mission manager.

While that policy has not changed yet, it's possible that it could. The agency realizes that people depend on their devices and that potential new employees, especially younger ones, might be discouraged if it continues to bar all personal devices, Lange said.

A possible solution, he said, is for the NSA to develop enterprise mobile devices that can be used by employees while in the building for their personal calls and email.

The NSA has been exploring various solutions for enterprise mobility and is looking to industry to help provide some solutions. Because of the agency’s unique security requirements and closed classified systems, the marketplace mobility management solutions are not feasible, Lange said.

The NSA recently posted a capabilities package on its website seeking feedback from vendors on how to develop an enterprise mobile solution with adequate security.

“Our belief is that the financial or medical industry may be able to help us get traction on this,” Lange said.

At the Veterans Affairs Department, officials decided that developing a Bring Your Own Device policy for all types of mobile devices was not feasible, said Don Kachman Jr., director of security assurance and mobile technologies for the department.

“BYOD is not a technology issue, it is a policy issue,” Kachman said. Policies would need to be developed for what happens when devices break, when there need to be investigations, and many other contingencies, he said.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Wed, Apr 4, 2012 Henry

Most cyber-defense groups have been pushing data-centric security for many years. But unless you control everything under the data, your senstive details are easily pwn'd. This is where the cloud comes into play - if you can keep your data in the remote network and leak only humnan-views and human-directions (gestures, clicks, etc.) then the info that even a completely pwn'd device can exfiltrate is limited.

Wed, Apr 4, 2012 Richard

Good idea! Think outside the device!!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group