The government's new digital strategy has ambitious plans for managing the rollout of mobile technology -- some say too ambitious.
The newly launched federal digital strategy contains the seeds of an ambitious undertaking: managing the mobile technology revolution confronting agency IT managers.
The Office of Management and Budget’s digital strategy, published in May under the title “Digital Government: Building a 21st Century Platform to Better Serve the American People,” isn’t strictly a mobile technology policy document. Among other things, it addresses open standards for managing data and interoperability, improving digital services for citizens, and enhancing IT security. But it also represents the first crack at a governmentwide approach to using mobile technology.
The strategy calls for a shared mobile application development program that will promote code sharing among agencies to provide assistance with developing applications. Furthermore, OMB must create a Digital Services Advisory Group, which will push for accelerated adoption of mobile workforce technology and create bring-your-own-device (BYOD) guidance.
The General Services Administration is responsible for establishing a governmentwide contract for mobile devices and wireless service and establishing a governmentwide mobile device management (MDM) platform.
“Government needs to meet people where they are,” said Gwynne Kostin, director of the new Digital Services Innovation Center, which was created as part of the plan. “Four out of five Americans own cell phones. Almost half of all Americans now own smart phones, and about a quarter of U.S. Internet users only go online using their phones. People have adopted mobile technology faster than any technology before it. So government needs to be responsive and make government content — information, data and services — available anytime, anywhere, on any device in a secure manner.”
The plan aims to tackle the onrush of mobile technologies before their adoption becomes a fait accompli. With past waves of technology, the government often found itself in catch-up mode. For instance, another OMB directive put the Federal Desktop Core Configuration security settings into motion in 2007, well after the saturation of desktop and laptop PCs in government offices and numerous costly security breaches.
“We want to seize the opportunity to do mobile ‘right’ from the beginning,” said Federal CIO Steven VanRoekel. “Learning from the previous transition of moving information and services online, we now have an opportunity to break free from the fragmented practices of the past.”
The strategy still has time to make a difference, said Keith Rhodes, chief technology officer for QinetiQ North America’s Services and Solutions sector. “Up until this policy, individual departments and agencies had to figure it out on their own,” he said. “The government realized the need for the policy due to the velocity of change.”
The question now becomes whether the government’s strategy provides the best way to go about managing the mobile revolution. Government and industry executives offer mixed views on that subject. In general, they see the strategy as a timely and substantive document but have concerns about some of the details. What follows is a point-by-point breakdown of the strategy and some of the related challenges.
Standards, security and shared services
The plan calls for OMB to issue a policy in the next six months for governmentwide open data, content and Web application programming interfaces (APIs). That push is a continuation of the Obama administration’s previous efforts to promote open-data standards, which started with OMB’s Open Government Directive in 2009. That directive required agencies to register high-value datasets on the Data.gov website. The new digital strategy seeks to extend the benefits of the open-data approach to how agencies deliver and secure government data on mobile platforms.
Besides the efficiency benefits of an information-centric (develop-once, use-many) approach, the goal is to focus on building security controls linked to data through standard metadata tags, for example, and tie up fewer resources to secure the device that will receive the data, as has been the focus in the past.
“Focusing on the metadata as part of the data-centric security design makes sense and is a correct approach,” Rhodes said, but he noted that cooperating security mechanisms are equally important. “Any organization must have some level of trust of the device in order to manage the data sensitivity according to the security tags and policy. The agency drives the policy, and standards drive the security tagging. Plus, the mobile device management [system] ensures the data is treated per the policy and associated security metadata.”
The mobile document also backs a move to shared services, reinforcing the theme of the Federal IT Shared Services Strategy, which was also unveiled in May. GSA’s Digital Services Innovation Center will collaborate with agencies on shared solutions and work with them to create Web APIs.
In addition, the center will set up a mobile application development program that will help agencies create “secure, device-agnostic mobile applications,” foster code sharing, offer a development test environment and validate government applications.
Catherine Graziose, an IT specialist at the Nuclear Regulatory Commission’s Office of Information Technology, sees value in a governmentwide shared-services catalog.
“An IT shared-services strategy will help agencies with their efforts to eliminate waste and duplication, improve return on investment, close productivity gaps, and improve communications with stakeholders,” she said.
Peter Gallagher, group vice president of portfolio solutions at Unisys Federal Systems, said the creation of common APIs is fundamental to OMB’s shared-services strategy. He said sharing data will prove expensive until the government shares APIs.
But governmentwide initiatives — shared templates for building apps and a shared code repository, for example — might be somewhat premature, said Tim Hoechst, chief technology officer at Agilex, a government services provider with a specialty in mobility apps.
“I would say that shared app development service centers at a federal level are still a ways off,” he said, noting that those facilities will arrive after agency- and department-level efforts prove successful.
In the meantime, Hoechst said agencies can and should establish mobile development programs for citizen-facing apps within a year. The items that need to be standardized are a little simpler for citizen-facing apps, he said, citing templates for consistency and policies for data use. Enterprisewide apps will take longer because they must account for identity management and data security, among other standards, he added.
Mobile procurement and device management
The areas of mobile procurement and device management sparked the greatest range of views on how doable a federal strategy might prove.
Some commenters questioned the viability of a governmentwide acquisition contract for mobile products and services, given the rapid pace of development in that area.
“A GWAC-style contract for mobile devices does not sound feasible,” Graziose said. “Technology changes too rapidly for this type of contract to provide timely, relevant procurement services.”
Nevertheless, the digital strategy calls for GSA to oversee such a contract vehicle for mobile devices and services. The government expects to capitalize on economies of scale and streamlined purchasing through this enterprisewide approach but also expects to leave room for flexibility.
“In most cases, a refresh would take place after 18 months,” said Dave Peters, mobility program manager at the Office of Integrated Technology Services in GSA’s Federal Acquisition Service. “However, the program provides each individual agency with the flexibility to respond to shifting technology needs.”
Also, existing security requirements still apply, VanRoekel said. “It is important to recognize that wireless devices have to be subjected to an in-depth certification review process to ensure that they meet federal cybersecurity requirements before they can be acquired for general use by federal agencies,” he said.
Shawn McCarthy, research director at IDC Government Insights, said a mobile GWAC could work, if it is updated quarterly.
“Less frequently than that and it can be difficult to keep pace with market changes,” he said. “The refresh period lets the government request updates to pricing or other terms, based on changes that have taken place in the market.”
Mobile procurement could also suffer if the government were to specify the details of a service plan — for example, by requiring a particular number of broadband gigabytes or text messages per month, said Kevin Kelly, chief operations officer at LGS Innovations, the federal subsidiary of Alcatel-Lucent.
Service providers typically compete to find the sweet spot in terms of service plan components and pricing, Kelly said. Eliminating that element would whittle away at their competitive edge, and that reduced flexibility could end up increasing prices.
Other executives agree that a more loosely defined procurement might be a better approach for mobile technology. “They would have to keep it fairly broad-brush, not too detailed, and leave it to the individual agencies to tighten up requirements,” said Jeff Ward, vice president of Federal at Fiberlink, an MDM vendor.
A mobile GWAC would not be an entirely new concept in government procurement, said Horace Blackman, CIO and director of IT support services at the Veterans Affairs Department’s Central Office, citing the FTS program and the successor Networx contracts. He said he looks forward to having a governmentwide mobile contract, noting that it is “great to have a vehicle that is already pre-competed.”
He said his biggest concern is cost. With an installed based of 19,000 mobile devices, VA already benefits from economies-of-scale pricing. “Our concern is to make sure the pricing we get is as good as we have or better,” Blackman said, adding that GSA’s Networx gives him a level of comfort in that regard.
There are also some reservations about having a federal MDM platform. The strategy states that GSA will establish such a platform “to support enhanced monitoring, management, security and device synchronization.”
Gallagher called the governmentwide management platform a tall order. Some products work better than others in a particular situation, he said. Management approaches range from controlling a single type of device on a network — BlackBerrys, for example — to flexible approaches for managing BYOD environments.
VanRoekel said a governmentwide mobility management platform would not require the use of an individual or limited set of MDM products.
“Mobility management and its MDM components are not yet mature technologies,” he said. “This fact, combined with government's migration to multi-OS environments, dictates the need for flexibility and, in some cases, multiple MDMs per agency. Ultimately, the acquisition strategy and vehicle will reflect the collective agency requirements, which are still in research and evaluation.”
The strategy’s plan to offer BYOD advice is finding general support. OMB’s forthcoming Digital Services Advisory Group will partner with the CIO Council to provide governmentwide BYOD guidance. To date, agencies have been addressing the influx of consumer devices on their own. The strategy document said the advisory group and CIO Council will tap into the experiences of agencies that have already undertaken BYOD pilot projects.
Tom Simmons, area vice president of Citrix Systems’ U.S. Public Sector, said BYOD could play a key role in government IT, given the number of employees who own mobile devices.
“If we can securely provide access to the resources that allow them to do their jobs, why not leverage that and save money in the long run?” he said. “Once we get the policy issue addressed and the technology gets tested...I think BYOD is going to be a very important factor in the device that is used to access government data.”
Simmons said situations involving highly sensitive data, however, might call for government-provided equipment.
McCarthy agreed. “BYOD is an acceptable approach if you just want to give employees access to the same basic services that they could reach with a standard Web browser,” he said. “But for business-critical connectivity, IT departments can’t be in a situation where they need to test the security and compatibility of every possible device. In such cases, officially procured and tested devices are more trustworthy.”
The impact on agencies
The strategy will likely have different effects on different agencies, depending on where they stand on the mobile technology adoption curve, said Jason Parry, unified communications practice director at solutions provider Force 3.
“For agencies that may be further along with executing on an existing mobile strategy, these plans could be disruptive, requiring them to readdress how they execute a plan and possibly even start over,” he said. “This would ultimately create wasted time and possible delays in existing projects.”
Nevertheless, mobile neophytes will probably benefit from the digital strategy and its guidance. “For agencies that are in the infancy of developing a mobile strategy, these plans can provide a framework, saving these agencies time and the burden of creating, testing and piloting their own plans,” Parry added.
Also on the plus side, the strategy gives CIOs specific guidance and provides “a good set of milestones” to pursue, Kelly said. Those milestones also provide a sense of urgency.
On the other hand, Graziose said, based on her past experience, the timelines are a bit out of alignment. For example, the strategy calls for the Homeland Security Department, the Defense Department and the National Institute of Standards and Technology to develop a mobile and wireless security baseline within 12 months.
“This effort, if just starting now, will be a challenge to complete in that time frame, and if it is, it will be too late to support the other actions agencies must take or plan ahead of that 12-month mark,” Graziose said.
And what about agencies that opt to go their own way? Kelly said he was somewhat concerned that the strategy lacks an enforcement method and questioned the government’s ability to succeed without one.
VanRoekel said the president’s memorandum on building a 21st century digital government mandates that agencies comply with the requirements of the digital strategy and adhere to the time frames for specific actions.
“Progress tracking will be open and fully transparent — a powerful enforcement mechanism,” he said.
Mobility and accessibility
The new focus on mobile technology provides an opportunity for agencies to revisit accessibility.
The category on Section 508 compliance and Web content accessibility was the top vote-getter in the National Dialogue on the Federal Mobility Strategy, a public website set up in January to gather input and ideas. The general view among commenters was that agencies should build accessibility into their emerging crop of mobile apps from the beginning rather than retrofitting accessibility later.
In general, the principles of mobile app development lend themselves to accessibility. Mobile designers and developers generally avoid complicated bells and whistles, which are the very things that can make a website or app inaccessible, and instead aim for uncluttered apps because users have less display space.
“The spirit of Section 508...is to eliminate barriers to IT for people with disabilities,” said Nancy Massey, president of MasseyNet.com, a company that provides consulting on Section 508 compliance. “We do that by keeping it simple.”
And testing apps should be part of the equation. Massey said people with disabilities need to be involved in that process.
Under the federal digital strategy, the new Digital Services Innovation Center will offer agencies a range of shared solutions and training in usability and accessibility testing, among other areas.