Few people care about what happens to a device, points out Good Technology CTO Nicko van Someren, but most care what happens to the data on it.
The world is home to more mobile devices than people, and those devices are being used by consumers – more than 4 million of whom are federal employees – at ever increasing rates.
The influx of mobile options coupled with the inherent efficiencies both in the workplace and on the battlefield has forced nearly every federal agency to devise mobile device management plans that cover everything from security to device lifecycles.
These plans are important – no agency wants purchased mobile devices to go unused or to cause chaos when it’s time for replacement – but Nicko van Someren, chief technology officer at Good Technology, said data, not devices, should always be the most important factor in any data management plan.
“In many cases, you don’t really care what happens to a device, but you do care what happens to the data on it. The real problem-solving is in data management problems, not device management,” van Someren said.
Van Someren offered up a few basic tips for agencies either in the early stages of incorporating data management plans or those that want to improve what could be disorganized approaches to it.
The first, he said, is to “understand your data.”
Is it worth spending extra for high-end security and low usability devices for an agency that’s employees deal in public-facing, non-sensitive data? Probably not, although van Someren said feds at the management level tend to be extremely conservative taking on new technologies.
The second tip piggybacks on the first. After truly understanding what data you have, you can devise a list of pros and cons to increased mobility.
“Understand the risks and rewards to going mobile,” van Someren said. “If I’m going to be carrying around classified stuff, certainly I need to take every step possible. But if I’m carrying around a draft of [an agency’s] next set of recommendations, there’s probably not going to be too much damage incurred by that leaking out early.”
In a threat model where information is low-risk, an agency could save money seeking a lower-cost security option but realize savings through the increased efficiency and collaboration that mobile offers.
“It’s common for security people to say, ‘There is a risk here, we’re not going to let you do it,’” van Someren said. “Yes, there may be a risk, but what is the reward of letting me do it. How do you go about mitigating risk and maximizing award?”
Van Someren cited the financial services industry as an innovator in mobility. Banks and credit unions didn’t let security risks stop them from devising online and mobile banking solutions, he said, because the reward – satisfied customers, shorter lines and the like – far outweighed the risks.
Lastly, van Someren said, agencies need to be careful in how they approach procurement for mobile solutions, and whether and to what extent users can use their own devices for work. No agencies are alike in this regard, so guidelines will differ. But agencies can give themselves an advantage by asking more of industry and less of themselves in how mobile data will be secured.
“When it comes to procurement, you should probably be asking for proposals in the form of the sorts of protections you want to achieve rather than the means by which protection is achieved,” he said.
Van Someren also said it is helpful when agencies can focus procurements on specific problems rather than posing a blanket request for mobile options. This approach can speed up a process that tends to be the tortoise to technology’s hare.
NEXT STORY: Cobert: TechStat will adapt to agile development