It’s amazing how commonplace the mobility conversation has become this past year within the Federal government. Everyone is abuzz with the term, and it looks like “mobility” is going the way of “cloud” in regard to disparate and varied usage. Several telework initiatives have even been folded under the Mobility umbrella — see the recent re-branding of the Federal Telework Exchange as the “Mobile Work Exchange”

From a Mobility strategy perspective, the Feds made some major strides towards adoption across several agencies:

First off, early last year the Federal CIO fast-tracked the formation of a Federal mobility strategy, using an innovative, crowd-sourcing approach; ensuring that all agency requirements were gathered for incorporation into a larger strategy. Second, the Federal CIO Council released a BYOD toolkit that outlined sample policies and use cases for leveraging mobility within agencies – it even spoke about specific examples of how agencies are leveraging BYOD for mobility today (virtualization, MDM, etc). Lastly, the DoD CIO released a mobility strategy of its own, outlining objectives for upgrading DoD infrastructure to support mobile devices, instituting device policies and standards along with promoting the use of DoD-developed mobile and web apps. Several supporting agencies including DISA released RFIs to better understand industry capabilities available within this developing, nascent market.

All of these initiatives help to raise awareness of the challenges present to mobility adoption within the federal space:

  • Securing mobile data – Ensuring that data-in-transit to the mobile device and data-at-rest on the mobile device are encrypted using Federal standards.
  • Device management – Providing peripheral control, inventory and usage tracking for GFE devices.
  • Managing network access – Preventing public wifi and telco networks from becoming possible unauthorized entry points into secure government networks.
  • Authentication – Leveraging the appropriate level of authentication (HSPD-12) for mobile use cases including network access, digital signatures and encryption.
  • App management – Having the ability to whitelist/blacklist apps while providing users with a native self-service app-store type of experience for mobile government apps.
  • Analytics – Providing an excellent user experience while giving administrators the ability to audit devices, apps and network access.

Although the majority of agencies are looking into some sort of MDM (mobile device management) solution in order to solve these mobility challenges, several industry analysts have already called for a more robust solution that includes the overall management of mobile apps, data and analytics. This is leading to the emergence of EMM (enterprise mobility management) solutions to address the next generation of these mobility challenges.

Mobile Device Management (MDM) provides the foundation for an EMM solution, but the level of device control required can vary based on policy, use case and the owner of the device. The classic use case for a GFE mobile device is to utilize a traditional MDM solution to fully control all data and apps residing on the device; this model is very similar to the way agencies handle PCs today – full control.
On the other end of the spectrum, several agencies are looking into BYOD programs as a way to cut costs and give users a greater sense of empowerment. Classic MDM solutions do not play well with consumer-owned devices as the majority of agency policies will require the user to “sign away” rights to all data on the device. In this scenario, a “secure container” approach is much more feasible as all government data is enclosed within an encrypted container. IT only has control over the container and has no visibility into the personal apps and data present on the device.
Quite a few agencies are also looking into personally enabling GFE devices, by allowing users to install personal apps. This concept of Government-Owned, Personally Enabled (GOPE) blends MDM with the secure container approach to bring about a hybrid solution.

Federal Scenarios for Mobile Device Management

Mobile App Management (MAM) has traditionally consisted of deploying native iOS/Android onto a mobile device wrapped in policy. Enterprise app stores are usually the user interface used to deploy these apps in a self-service manner. Although the development of federal-specific, native mobile apps are in the initial stages, several agencies are also looking into mobilizing their web-based applications for use on mobile devices. The DoD mobility strategy and federal digital strategy outline key objectives for mobilizing web-based apps. Additionally, federal agencies also view mobile devices as a strategic thin-client device that can be used for remotely access a Windows-based desktop or application residing in a secured data center or cloud.

Scenarios for Mobile App Mgmt

Mobile Data Management is a new emerging concept in the realm of mobility. This can be illustrated by the classic “Dropbox” problem within a federal agency — a user stores sensitive data within a cloud-based storage service to allow anywhere access to this data. The rise in popularity of these free-mium services is outstripping IT’s ability to restrict them. Other agencies are looking to embrace this concept by seeking to virtualize a user’s “home drive” into an ever-present “cloud” service, enabling document access from anywhere. Ensuring local document storage is encrypted and can be controlled/wipe remotely is critical for these agencies.

Scenarios for Mobile Data Mgmt

While each agency will define its own policy, having a breadth of solutions available ensures that  evolving Mobility requirements can be met as devices, standards and policies emerge. All of these components – Mobile Device Mgmt, Mobile App Mgmt, and Mobile Data Mgmt are critical to ensuring a complete Enterprise Mobility Solution. Citrix has been keenly involved with Federal mobility solutions from a virtualization perspective for a number of years. Last year we added key capabilities in the mobile app and data management arena and this year we acquired the MDM vendor Zenprise to complete our EMM vision. Stay tuned for more details on how we will be providing all inclusive capabilities to meet these challenging requirements, all while ensuring relevant Federal standards are adhered to: FIPS encryption, PKI authentication, HPSD-12, PIV/CAC, etc.

Are there specific requirements your agency is looking for as they adopt mobility?
Feel free to use the comments section to discuss or reach out directly:

Faisal Iqbal – Systems Engineering Manager, US Public Sector