WASHINGTON, D.C. -- IT executives with federal and state governments are struggling to sort out mobile strategies for smartphones and tablets that would be used by employees at work.
The "bring your own device" conundrum was evident in the energetic discussions in sessions at the combined Fose/GovSec Conference here, where information technology professionals from the U.S. Department of Defense, General Services Administration, Department of Agriculture, NASA and the state of Mississippi spoke about the frustrations they have encountered with BYOD.
FAVE RAVES: IT pros name their favorite products
While the adoption of Apple iOS and Google Android devices, among other mobile platforms, is high, there's the sense that creating custom apps is expensive and that the talent to do it largely lies outside of government. There's also the perception that, given the slow pace of government contracting, Apple's quick device release cycle and Google's ecosphere of Android device manufacturers make decisions on procurement and app investment brutally hard.
"We're at the beginning of a mobile apps store," said Craig Orgeron, chief information officer for the state of Mississippi, who spoke on how employees for the state, with their unbounded enthusiasm for smartphones and tablets, are propelling the BYOD approach forward.
Mississippi tried writing its own apps in-house, but the staff newly hired to do this kept leaving for the private sector, where the talent is in high demand and pays more, said Orgeron. So the state took the step of setting up a public-private partnership under an entity called Mississippi Interactive LLC. The idea is to gain access to a large library of mobile apps that might be developed by others, which could be shared with other states as well.
Orgeron acknowledged that due to the autonomy granted state agencies, trying to devise a mobile-device strategy is "like herding cats." But BYOD is sweeping through Mississippi government as employees get their way in using their own smartphones and tablets for work. "It's happening. It's overwhelming," said Orgeron. The state took up the topic regarding purchasing in the legislature but "people begged to buy their own," he says.
"It was easier. To be candid, I did the same thing. I could easily have gotten a state-issued device." But Orgeron said he'd rather use his own smartphone because he wants to speak to his family, and state restrictions require phone calls to be strictly for business purposes. Orgeron says Mississippi has now called in the Gartner consultancy to help it sort out security and management issues.
Mississippi isn't the only government entity feeling the tidal pull of BYOD.
Chris Hamm, deputy director of the General Services Administration's Federal Systems Integration and Management Center, which provides services to the government, said GSA is piloting tablets and setting up an apps store in the hopes this could be a resource for the civilian agencies.
Hamm said GSA has already set up some apps via its website for public use that can be downloaded through Apple iTunes or Google Play, and will be expanding that in the coming weeks to other devices. One of the main projects starting at his own office, he said, is use of Android devices. "My office will be an Android-based tablet shop, and one of the first apps will be for time sheets."
There's a BYOD policy for this. "GSA employees with their own tablets can do email and calendar," he said. But the employees have to digitally sign an agreement to allow GSA IT staff to remotely wipe the tablets, and they have to follow GSA-defined password procedures and install a VPN. In his office, Hamm noted, about half the employees so far are electing not to go BYOD simply because they don't want the government to have that power over their personal devices.
In the panel discussion, David Rogers, research associate at the Institute for Simulation and Training, University of Central Florida, which has had grad students designing apps for the Department of Defense (DOD) and others under a special program, pointed out a few things he's noticed in the way that custom apps are built. Committee-driven requirements tend to create "bloating of features" that software developers are compelled to include in the apps, but which a majority of the end users hate. He advocated highly focused "user-driven requirements."
He also noted the main difficulty today in app development is the highly fluid nature of what the mobile OS developers and manufacturers are doing out in the market. This is especially true with Android, where fragmentation in manufacturer hardware makes it hard to build an app that will work well across the devices. The world of app development today is driven in the commercial sector, where apps are turned out with entrepreneurial zeal and where money is the determinant of success, Rogers pointed out. "Government contracts don't do that," he noted, adding, "There's needs to be a way to tie the developers' contract with ultimate success of the apps in the enterprise."
At the end of the day, there's the classic chicken-and-egg situation where there's not a need for mobile apps until there are mobile devices.
The DOD uses RIM's BlackBerries today, but it's seeking to expand into broad use of Google Android and perhaps other devices. The National Security Agency recently published technical specs for what it wants in Android-based smartphones for classified use, which it hopes will influence the private sector. Robert Carey, principal deputy CIO at the DOD, spoke on the department's modernization plans, and said the DOD has a draft plan in place for mobile but is facing some "security hurdles related to everything except BlackBerry."
There are big plans for mobile smartphones and tablets at agencies that include NASA and the Department of Agriculture.
Owen Unangst, associate CIO at the Department of Agriculture, said the agency has 38,000 people working nationwide, usually outside of offices, and mobile tablets present a natural fit for many jobs. Agriculture is seeking to define an in-depth security and management strategy for BYOD that could have the agency supporting 80,000 over-the-air devices a year from now.
This goal has the agency examining some of the more cutting-edge options for mobile apps stores and for security containerization, which seek to cordon off personal and business data on a device.
Agriculture is looking at apps stores and containerization products from Nukona (recently acquired by Symantec) and startup Mocana, as well as from AppCentral and Apperian. Also getting a look for mobile-device management (MDM) is Good Technology, Afaria from Sybase, MobileIron and AirWatch. The agency has used McAfee's Trust Digital for mobile devices for about two years but may migrate off it, Unangst said.
The security experts for security compliance at Agriculture are having a big say in these initiatives, Unangst noted. He also said there are questions about mission-critical apps moving to mobile devices, if only because the wireless networks that are needed can be spotty in rural parts of the country. He also said the agency thinks specific device and OS standards should be pinned down for mission-critical apps, because these apps may not work well over time across multiple hardware platforms given the pace of changes and fragmentation.
At NASA, the idea is being floated that mobile smartphones should replace traditional wired phone systems entirely, according to Sasi Pillay, NASA's chief technology officer.
Today, there are already 10,000 mobile smartphones accessing servers at NASA, and only 6,000 are government-furnished, Pillay said. The remaining 4,000 are employee-owned, and NASA is registering them in what's becoming a BYOD strategy that "pushes the envelope," he said, adding that BYOD could save NASA $15 million a year in costs. He also expressed skepticism about the usefulness of network firewalls.
"We're trying to roll out apps and test them. We're trying to build security with each application," Pillay said, noting that many apps will not be for classified use. Mobile smartphones and tablets represent a revolution in computing that represents "an opportunity to rethink everything about IT infrastructure," he concluded.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.