As many of you have heard, The Defense Department has recently unveiled an a mobile device strategy that gives the White House’s digital strategy some backbone. The strategy will hopefully lay a groundwork for mobile policy as evolving technology permeates the DOD. As DOD’s CIO. Furthermore, it should allow other Agencies to perhaps look at aligning some of their mobile implementation policy with DOD’s information security classifications in mind. Teri Takai states:
“The Department of Defense is taking a leadership role in leveraging mobile device technology to improve information sharing, collaboration and efficiencies. As today’s DOD personnel become increasingly mobile, a wide variety of devices offer unprecedented opportunities to advance the operational effectiveness of the DOD workforce. This strategy will allow mobile activities across the department to converge towards a common vision and approach.”
Currently, the footprint of mobile devices in the DOD includes over 250,000 mobile devices as well as about 10,000 Apple & Android devices and that pool of Apple & Android devices is expected to grow with this announcement. The DOD’s strategy is pragmatic in approach and reading the details shows that it dispels visions of soldiers in the field playing “Angry Birds” with one hand while returning fire with the other. The strategy outlines 3 clear goals with specific objectives outlined for each goal as listed below:
Advance and evolve the DoD Information Enterprise infrastructure to support mobile devices
Evolve Spectrum Management – In basic terms as more and more types of devices come online, the DOD must make sure services have the necessary access to digital spectrums to avoid a digital traffic jam
Expand infrastructure to support wireless capabilities – DOD must work very closely with industry to ensure that infrastructure scales as need and adheres to mobile policy guidelines while still leveraging as much COTS technology as possible
Establish a mobile device security architecture – A comprehensive Mobile Device Management (MDM) strategy needs to be put in place to mitigate risks to the both the mobile network and devices
Institute mobile device policies and standards
Develop mobile device policy and standards – DoD must develop policy and standards to aid rapid adoption of commercial mobile devices while maintaining security as well as speed up approval processes.
Establish a mobile device management service – To ensure there isn’t a fragmented approach to standards enforcement, a mobile device management service needs to be stood up within DOD. This will ensure that “rogue” deployments don’t propogate throughout the agency
Educate and train mobile users – Effective training must put in place for both BYOD devices as well as DOD supplied mobile devices. There are different threat profiles for each device type and users must be aware of the Do’s & Dont’s.
Promote the development and use of DoD mobile and web-enabled applications –
Establish a common mobile application development framework – Standardized tools, processes and build and testing methodologies are a key to drive standardization across the agency.
Institute a mobile application certification process – Putting some gates in place to ensure that mobile apps are adhering to policy will aid both mobile development efforts as well as give policy enforcers the ability to assure the network readiness of apps
Provide an enterprise mobile application environment – At a high level, create an app store for DOD so apps can be easily distributed
Web-enable IT capabilities for mobile device support – Make sure existing web enabled sites are “responsive” and are accessible on mobile devices.
To illustrate the range of services and data from non-sensitive through top secret, the DOD published the graphic below to demonstrate that different data classifications will drive different considerations in terms of mobile implementation. The assumption is that DOD may focus initially on producing results around the mobile apps that leverage non-sensitive data as that would be the most compelling arena to demonstrate progress against their mobile strategy.
In summary, we like DOD’s approach around their mobility strategy, it provides some much needed guidance on exactly how DOD and potentially other agencies and embrace mobility without sacrificing security and productivity. We will watch closely to see how they execute on this vision over the next year.