These steps can help agency IT departments gain the upper hand on the smartphones and tablets invading the enterprise.
Cloud computing might be dramatically reshaping how agencies provide IT services to their employees, but it’s a sea change that most government workers will never notice taking place.
That’s not true for the other big trend playing out right now: the consumerization of enterprise IT. In this case, it’s the end users who are driving the change — literally from the palms of their hands — and it is the IT department that needs to get clued in.
The consumerization of IT refers to people wanting to use their Apple iPad tablets, Android smart phones and other wireless handheld devices at work just like they do at home. It is as simple as people wanting to access information, exchange messages and take care of business wherever they can get a wireless signal, which these days means just about anywhere.
But the small devices raise big issues for IT departments that must ensure that government business is handled effectively and securely. Some agency IT officials want to keep consumer devices at bay. Others view them and all they represent not as a threat but as a great opportunity to boost workplace productivity and maybe even save some money.
“There is the consumer application, but that doesn’t negate the serious business relevance of these tools,” said Casey Coleman, CIO at the General Services Administration.
In some ways, smart phones and tablet PCs are turning the traditional rules of enterprise IT upside down, but that is hardly a bad thing. Here are five ways the IT department can get into the driver’s seat when it comes to consumer mobile technology in the workplace.
1. Deal with it!
Two influential constituencies will make an IT department’s resistance to using consumer technology in the workplace a losing proposition: end users and the big bosses.
Government employees, especially younger ones, increasingly expect to use the same kinds of mobile devices — if not the exact same ones — at work as they do at home.
“They expect you to provide reasonably modern technology tools,” said Gene Zapfel, a managing partner at Unisys Federal Systems.
The reason is simple: Employees know how productive they can be when they can communicate and access information from anywhere. Deny employees workplace use of mobile devices and many will use them anyway without the IT department’s blessing or support, often placing agency data at risk because the devices are inadequately secured.
The rank and file are not the only ones hooked on handheld devices because of the easy-to-use interfaces, affordable price tags and batteries that last an entire workday. Many senior executives own and love them for the same reasons.
Yet officials are acutely aware of the gap between the device capabilities a few hundred dollars buys and the enterprise IT systems that might have cost millions of dollars to develop, said J. Travis Howerton, chief technology officer at the National Nuclear Security Administration (NNSA) and CIO at the agency’s Y-12 Site Office. That gap puts agency IT departments in a tough spot.
“You can’t be higher cost but lower capability,” Howerton said. “You’ll have a major perception and credibility problem.”
2. Standardize, but not where you think
A year ago, the typical advice for managing mobility from an enterprise perspective was to standardize on a small number of portable devices because it would make procurement and management more cost-effective and efficient. That’s not the case anymore because of the new administrative and infrastructure tools available, several agency IT executives said.
Now the recommended place to standardize is in the data center, where data, applications and security settings can be doled out centrally to a variety of endpoint devices using a virtual desktop infrastructure (VDI). That is the plan at NNSA, GSA, the Census Bureau and many other agencies.
“I can leverage my cloud on the back end to deliver a virtual desktop to the user’s device,” Howerton said. “No data ever leaves the data center. All you’re getting is the screen shots coming in on the virtual desktop.”
With that approach, NNSA can be device-agnostic and allow employees to use the wireless gadgets they prefer, Howerton said. Of course, that means the agency must choose a VDI solution that supports as many device types as possible.
3. Let users break out the plastic
Being device-agnostic also opens the door to a radical new idea: letting end users be responsible for buying the mobile devices they use at work, with either their own money or an agency stipend.
“The current budgetary restraints, along with the purchase of the iPhone and Android devices by consumers, presents a perfect storm for an individual-liable device trend to truly gather momentum in government,” said Adelaide O'Brien, a research director at IDC Government Insights.
Former Federal CIO Vivek Kundra took a lot of heat several months ago for suggesting this very idea. He said agencies could give certain employees $2,000 to buy a mobile device they could use at work and home. Now, less than a year later, several agencies are figuring out just how to make a bring-your-own-device program work.
NNSA has a pilot program that allows selected employees to use their personal smart phones at work, subject to certain security conditions. Howerton said he would also like to get a “replacement” policy going: “I want to be able to support your personal iPhone but then take back your [agency] BlackBerry,” he said.
That could be a win-win arrangement, he added. Employees get to use the device of their choice, provided they agree to run agency-controlled software that creates a work-only partition on the device. In exchange, NNSA could get out of the costly business of buying, managing and tracking every device its employees use.
“In most cases, that trade is positive in my direction,” Howerton said.
Right now, NNSA employees participating in the pilot program pay for their devices themselves, but Howerton said the agency might provide stipends to workers who have specialized business needs.
As part of its pilot program, GSA allows employee-owned devices at work under certain conditions, but officials are interested in providing allowances for some employees.
4. Cover all the security bases
Security needs to be the top priority in any mobile device plan, Coleman said. Moreover, there are several elements that a security strategy must have. For example, GSA will only support devices that can encrypt data and offer strong password protection.
An agency should also have a system that lets the IT department track the whereabouts of devices in case they are lost or stolen, ensure that they are up-to-date on software patches and verify that required security settings are turned on, Coleman said. That system should also have a feature that lets administrators remotely wipe the data off a device if it is compromised — a required agreement for employees who want permission to use personal devices at work.
That kind of user agreement is fast becoming the norm among agencies developing mobile programs, Zapfel said.
One part of the security puzzle that is still developing is the integration of handheld devices with agencies’ personal identity verification smart cards. GSA requires that all its laptop computers have card readers so that logging in involves two-factor authentication via a PIV and a password. Coleman wants to have two-factor authentication for smart phones and tablet PCs as well, but those features are not yet commonly available on commercial devices.
5. Deliver the apps
If handheld devices are going to become serious business tools, they must be able to run serious business applications. Developing a handheld apps strategy is Coleman’s second priority, after security. “You need access to your critical business tools and information,” she said.
The question becomes how best to provide that access, especially when most agency applications were designed for end users sitting at a desk, Coleman said.
Howerton cautions against trying to pick winners among the mobile operating systems. “I think trying to convert your internal apps into native mobile apps is a waste of time because the [handheld operating system] market is fractured,” he said.
Instead, the better bet is to Web-enable those older apps now, which would allow you to easily convert them to the forthcoming HTML5 standard when it is ready in a couple years. “That will allow you to run them as native apps across every OS,” Howerton said.
Agencies might be playing catch-up when it comes to consumer technology in the enterprise, but what they should really be doing is thinking ahead.
NEXT STORY: CBO estimates cost of DATA Act