Jan 24 2011

The Mobility Equation

As the use of personal mobile technology increases, federal IT departments face a challenging task: responding to their users’ wants and needs, while staying on budget and keeping their agency safe.

As the use of personal mobile technology increases, federal IT departments face a challenging task: responding to their users’ wants and needs, while staying on budget and keeping their agency safe.

It can be difficult to assess how to best incorporate an agency’s workers in technology planning and buying decisions, but research shows that it’s a must. A recent survey of 400 IT and security professionals by IDG Research Services for RSA illustrates that users are playing an increasingly integral role in IT and security decisions.

While the use of smartphones, tablets and notebook computers continues to rise, so does each user’s need to be able to access all of his or her data — both work and personal — on all devices at all times. The Army and the Internal Revenue Service both face this reality.

At the IRS, Chief Information Security Officer David Stender acknowledges the benefits of exploring the types of devices agency workers want to use and how. Buying technology tools without user involvement leads to little or zero productivity gain, he
says. “That’s what we’ve been doing, and it’s not paying off.”

Stender says the productivity benefit to the government would be better realized if workers were part of the decision. The trick is to figure out how to adopt new approaches en masse.

Data and Apps Everywhere

In the cyberspace of tomorrow, the physical layer will become abstracted, points out Giorgio Bertoli, chief of offensive information operations for the Army’s Communications Electronics Research, Development and Engineering Center.

As agencies move to everything-over-IP infrastructures, they will increasingly be able to buy services that can be delivered to any mobile device workers are using. “That’s the vision of this environment,” Bertoli says.

According to the RSA survey, most IT departments are not prepared to handle and support these devices, even though they often provide social media and other extranets for users’ personal devices. And, federal IT departments are less likely than those in the corporate world to bring these devices into their agencys’ environments.

What’s causing the disconnect?

Security is the main sticking point. Only 11 percent of the RSA survey respondents felt their organization’s security systems were prepared to welcome users’ commercial devices into the enterprise environment. But this challenge is not insurmountable. Many current government initiatives will help, including virtualization, thin-client adoption and continuous monitoring, says Douglas P. Van Gorden, acting director of the Army’s Information Assurance and Security Engineering Directorate.

Agencies must focus on infrastructure-layer security — making access control and authentication the priority. Van Gorden foresees extensive use of continuous-monitoring dashboards and also of asset-­monitoring tools by individual organizations. But that is not enough for government. Agencies will also need enterprise tools that provide health checks at a higher, cross-organization level as well as tools that provide visibility into data flows.

Real Threats

The need for these measures is not disputed, in part because the number of attacks on federal networks is unlikely to taper off and the attacks themselves continue to evolve. Twenty-three percent of organizations with 10,000 or more employees surveyed by RSA reported suffering a serious security breach incurred by a personal device accessing the network.

Passage of the Telework Enhancement Act combined with a new Office of Personnel Management policy directing staff to work from home during government closures only serves to up the ante. Both of these will put increased pressure on agencies to be more inclusive of the personal devices preferred by workers.

The emphasis will be on productivity and mission delivery, from wherever the workers log on and whatever devices they use. For agencies, this means embracing user-driven mobile technology, keeping a sharp eye on the budget and working to uphold strict security requirements.