Mobility in 2013: A CIO's perspective

The Defense Department will face a number of issues in 2013, including mobility. To manage and take advantage of mobility’s capabilities, some issues will need to be addressed: strategies for implementing mobile solutions; deploying services to manage mobile devices; moving important, but non-vital, capabilities and services to the cloud; and dealing with the emergence of the General Services Administration’s Federal Risk Authorization Management Program (FedRAMP) as the government standard to vet mobile and other cloud-based applications.

DOD is looking at major pilot programs for mobility. Beyond issuing agency-approved handhelds, bring-your-own-device (BYOD) polices in some agencies will expand. While this will require an agency-by-agency approach to evaluate specific mission and security needs, CIOs are still looking into whether staff can use their personal devices.

BYOD policies can positively impact an agency’s budget, but the extent they will be implemented will depend on an organization’s mission and security policy. However, if employees want to bring their own devices, an agency’s best economic interest will be to determine secure and efficient ways to accommodate BYOD policies.

Once federal agencies have a mobile device plan in place, devices will have to be managed for access and security purposes. This is where mobile device management (MDM) systems become critical.

These systems play two key roles. First, they provide a strong core system that can policy-check an end-state device, which includes verifying add-on components that enhance its existing commercial-grade capabilities. Second, they provide a capability to extend mobile applications to enrolled mobile devices. These could include agency-developed applications, commercial applications or enhanced encryption solutions for data at rest. The agency’s mission will determine the type of MDM system they use.

Another key issue influencing mobile device adoption is the government’s cloud computing mandate. Agencies will continue the trend of transferring important, but non-mission critical, systems to the cloud. These include MDM systems and a variety of other cloud services, such as reporting, collaboration and workflow systems.

When agencies move systems to the cloud, some organizations might not have the time, resources or need to develop technical expertise in the solutions they wish to use. In this case, important, but non-mission- critical capabilities — such as asset, maintenance, fleet and real estate management systems — can be purchased from a vendor. These capabilities then can be accessed through the agency’s cloud or a cloud service provider from any authorized location. Such alternatives will enable the agency to meet cloud mandates without risking security.

This year FedRAMP will be critical for all federal agencies. This governmentwide program provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. As it gains critical mass, agencies, as well as integrators, wishing to sell cloud-based services to the government, will need to keep FedRAMP in mind.

As awareness of FedRAMP grows, government and industry will embrace it. For specific contracting scenarios where FedRAMP compliance is required, organizations or vendors that are not there yet, are out of the game. FedRAMP will help accelerate the adoption of secure cloud solutions by maximizing reuse of assessments and authorizations already completed by other organizations adopting the same cloud services.

During 2013 we will see these various government mobility issues reach a critical point. Some, like BYOD, will require an agency-by-agency assessment of security needs versus efficiency gains. Ultimately, resolving these issues will result in a more efficient and effective work force. Other developments, such as the emergence of FedRAMP, will serve as a springboard for mobile and other cloud solutions that reach across the entire federal government.