5 highlights from new CIO Council federal mobility report
The Chief Information Officers Council released a new report on Tuesday that analyzes the current state of mobility use in the federal government, along with looking at challenges moving forward.
Below we highlight five major takeaways from the document, “Government Use of Mobile Technology: Barriers, Opportunities, and Gap Analysis,” based on interviews with 21 federal agencies.
Agencies are already adopting bring your own device or similar policies, but have expressed concerns regarding legal, privacy and financial policies that need to be developed to support use of these new approaches. Agencies also identified a need for guidance on the use of mobile devices in general, and specific guidance and decisions on BYOD reimbursement policies when government work is performed using the device.
The lack of a government-wide contract vehicle for devices and data plans was noted as a cost barrier. Some agencies are well into the planning stages for mobile technologies and will not delay deployment in anticipation of an acquisition vehicle. Another primary issue is the difficulty of performing a life cycle cost-benefit analysis to justify investment in mobile technologies. The rapidly changing maturity of the mobile marketplace and the relative immaturity of support infrastructure products may drive up costs as agencies have to support an increasing number of devices and products.
There are limited options for strong authentication and data encryption are the most significant short-term barriers to secure adoption of mobile technologies. Currently, it is challenging to configure mobile devices to meet security requirements across multiple platforms and operating systems. The lack of consistent configuration guidance for mobile devices and their rapid refresh cycle make it difficult to develop operating system hardening configurations for mobile devices.
- Security and privacy: Gaps exist between federal security and privacy requirements and the availability of products that implement the required protections.
- Policy and legal: There will need to be a continued focus on ensuring that existing policies accommodate agency needs in mobility.
- Application and infrastructure: Gaps exist between the goals of supporting multiple devices and the cross-platform infrastructure needed for applications and devices.
The following areas are areas of immediate focus:
- Mobile device management: Improvements in tools and processes are necessary to support enterprise-level configuration management and controls for federal agencies.
- Application services: Better tools and processes are needed to accredit and distribute applications required for government missions, leveraging commercial market cycles and commercial and federal application stores. The National Institute of Standards and Technology will release guidelines soon to provide a methodology for testing and vetting third-party applications that are distributed through various app stores.
- Identity access management: The use of the PIV standard for user authentication is not well supported by existing products. Implementation of FIPS 201-2 and NIST SP 800-157 will require focused attention to ensure proper implementation and market support for user authentication tools.
- Improved governance and standards: The federal government must work collaboratively with industry to bridge the security gaps present in today’s smart phones, tablets and other mobile devices, while continuing to identify policy and legal issues that may need to be addressed to accommodate these new technologies and better fulfill agency mission requirements.