How to get mobile under control

By Alan Joch

By Alan Joch

|

Mobile device management has fast become a must-have tool for agencies joining the mobile revolution.

Mobility used to be simple when BlackBerrys were the gold standard for smart phones. The agency-requisitioned devices gave employees anywhere, anytime capabilities for calls and access to enterprise e-mail systems, calendars and basic Web surfing. To closely manage and secure the devices, agencies used Research in Motion’s BlackBerry Enterprise Server, which provided effective if rudimentary tracking and security functions.

Now new generations of smart phones and tablet PCs are streaming into agencies, and rather than running a single operating system, they use a mix of the Apple iOS, Google Android and Microsoft Windows Mobile platforms. With that diversity comes managerial complexity, which is further complicated by the fact that many newer devices come with far fewer controls than traditional BlackBerrys offered.

Third-party mobile device management (MDM) solutions promise a consolidated set of tools to help IT managers control smart phones and mobile hardware across multiple operating systems. But in the quickly changing mobile environment, agency IT managers say they will soon need even more services. Many see a bring-your-own-device (BYOD) juggernaut on the horizon, and the MDM choices they make today must provide a foundation for protecting valuable agency data if IT managers eventually have even less say over which mobile devices will be connecting to internal networks.

Why it matters

MDM promises to relieve IT managers of one of their biggest headaches: how to securely manage an increasingly mobile and diversified technology environment.

“For us to stay cutting-edge in delivering medical services to veterans, we need to take a look at all the technology out there — not only from a VA standpoint but also from the veterans’ standpoint,” said DJ Kachman, director of security assurance and mobile technologies at the Veterans Affairs Department. “That means providing a greater range of diversity.”

Traditional MDM offers the support agencies need to function securely in this environment. Features include the ability to enforce data encryption, strong passwords, and virtual private networks on smart phones and tablet PCs. Other must-haves include remote data wiping and device lockdowns, tools for updating security patches and changes to applications, and the ability to detect when mobile hardware has been compromised by hackers.

The pressure to implement those capabilities has been growing as agencies recognize the mission and economic value of mobile applications. Some guidance came in May when the White House released its digital government strategy, which gave the General Services Administration responsibility for establishing a platform for securing and managing smart phones and similar devices.

Even so, Federal CIO Steven VanRoekel acknowledged that the government is still in the early days of defining the details of that platform. “Ultimately, the acquisition strategy and vehicle will reflect the collective agency requirements, which are still in research and evaluation,” he said, adding that agencies will not be required to use a specific set of MDM products.

A number of agencies — including VA, the National Oceanic and Atmospheric Administration, and the Government Printing Office — aren’t waiting. They’re plowing ahead with internal evaluations of MDM solutions to find options that will meet their needs.

But IT managers face a number of challenges as they evaluate MDM solutions. Even with the continuing evolution of MDM in terms of features and vendors, agencies say they can’t always find everything they’re looking for in a commercial solution. For example, as a large organization with facilities throughout the United States and overseas, VA wants an MDM platform that can enforce agencywide policies while still accommodating some local control.

“Ideally, we would want a solution where I’m able to manage my devices using certain profiles and configurations, while another administrator, who may have a different mission, is able to apply different configurations,” Kachman said.

Flexibility isn’t the only concern. As the digital strategy also points out, wireless connectivity creates a host of new security vulnerabilities, including the ability for end users to bypass standard network defenses when connecting to the Internet. The result is the need for new approaches to continuously monitor and manage devices and secure the data on them. Such threats are redefining what capabilities should be included in MDM solutions.

The fundamentals

Traditionally, MDM focused on managing devices, but now IT managers want additional tools to control the applications that run on the smart phones and tablet PCs.

“The technology has split into two types of solutions: traditional MDM, which manages the devices, and application management, which manages the app,” Kachman said. “As we move down the road, we’ll need to have both — one to make sure the devices are healthy, one to make sure the apps are secure.”

Other areas of interest include support for continuous security monitoring, desktop virtualization, and the ability to quickly create “sandboxes” to keep an employee’s job and personal data separate.

How can agencies find the right MDM solutions?

First, look beyond the standard feature comparisons vendors use to promote their products and focus instead on which enterprise-oriented capabilities are offered.

“The list gets pretty short pretty quick when it comes to enterprise-class options,” said Tim Hoechst, chief technology officer at systems integrator Agilex.

Key enterprise features include the ease with which MDM integrates with agency network directory services and support for enterprise software licenses, which will help agencies manage volume purchases of mobile apps. The MDM solution should also communicate with the agency’s mobile applications to verify user privileges and manage encryption certificates, Hoechst said.

Next, decide on the right MDM delivery model. Today, on-premises solutions dominate MDM sales, representing nearly 85 percent of all MDM licenses, according to Gartner. But the federal government is ripe for cloud-based alternatives, agency IT managers say.

“We’re still feeling our way as to what’s best, but with the federal mandate for cloud first, we’re certainly looking there to see what’s available,” Kachman said.

Cloud-based MDM is attractive for reasons beyond federal mandates. For example, when agencies run mobile applications, operating systems and data in a cloud, it means vital information doesn’t reside on individual smart phones. “This will limit the potential impact to an agency in the event a device is lost, stolen or compromised,” the digital government strategy notes.

Some agencies are investigating whether cloud or hosted MDM systems will be less costly than on-premises solutions. NOAA is transitioning to agency-provisioned Apple iPhones in part because of the internal management expenses associated with the BlackBerry.

“We spend a significant amount of money on an annual basis to run the BlackBerry Enterprise Server,” said Zachary Goldstein, NOAA’s deputy CIO.

The agency is now exploring various MDM alternatives, including cloud-based services. “Our gut feeling is that [a cloud solution] will have a positive ROI,” Goldstein said. A multiplatform MDM solution that provides a secure foundation for BYOD could contribute to additional financial benefits in higher productivity and reductions in agency-owned smart phones, he added.

The hurdles

Among the top MDM challenges for agencies is the possibility that a shake-out of products and vendors is coming. “There are a lot of MDM solutions out there, and I think we’ll see that number shrink over the next one to two years,” Kachman said.

Therefore, agencies that bet on the wrong solution could find themselves buying a new one before they see a full return on their original investment. For that reason, agencies should gauge the ability of any potential solution provider to offer a continuous stream of new features that keep pace with evolving technologies and MDM solutions.

GPO, which is conducting a pilot program to test BYOD and MDM solutions, sees that flexibility as one of its biggest mobile challenges. “Whomever we choose for MDM, we want to make sure it’s an entity that’s well suited to handle whatever is coming next,” said Chuck Riddle, GPO’s CIO. “We can’t just make the solution choice based on today’s environment. We’ve got to look ahead.”

Cost is another roadblock. Indeed, IT organizations that face tight budgets might bristle at the idea of funding a new set of software or service licenses. Fortunately, most agencies won’t need to upgrade their existing IT infrastructure to support an MDM solution.

By contrast, neglecting MDM in an increasing mobile environment might not be an option. “The surest way to make sure that mobile deployment doesn’t happen is a Washington Post cover story that says, ‘Federal agency loses data on mobile device,’” Hoechst said. “Whereas it’s a very different situation if the headline says, ‘Federal agency finds device within 45 seconds of it being stolen.’ I’d say the value far exceeds the costs.”

Next steps: What to look for in an MDM solution

When evaluating mobile device management solutions, IT managers should pay close attention to their current needs and how mobile technology might evolve in the next few years. Key criteria include:

  • The vendor’s track record for keeping pace with mobile and MDM innovations.
  • Support for multiple mobile platforms, including Apple iOS, BlackBerry, Google Android and Microsoft Windows Mobile.
  • Strength in MDM basics, such as enforcing data encryption, strong passwords, virtual private networks, remote data wiping and device lockdowns.
  • Advanced features, including application management, continuous security monitoring, desktop virtualization and sandboxing.
  • A range of delivery model choices, including cloud and on-premises options.
  • Support for federal security requirements.

NEXT STORY: 4 crucial steps to manage data

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.