Deploying mobile devices? A few questions to consider.
- By William Jackson
- Aug 20, 2013
The National Oceanic and Atmospheric Administration is using the MaaS360 cloud-based service to manage mobile devices in its enterprise; but before any agency fully implements a program for using mobile devices in the workplace, whether agency-issued or BYOD, there are questions that must be answered.
Provisioning and securing the devices is done through policy enforcement, and policies have to be developed to mesh with the agency’s mission, said Daniel McCrae, NOAA’s director of IT service delivery. The agency’s use of government-issued iPhones and Android devices now is limited, as NOAA tests the waters and answers questions about how the devices are to be used and managed.
The first step in developing a program for mobile devices is to determine the agency’s mission requirements, and then identify policies and protocols for supporting those requirements. These policies then can be used to development the functional requirements for a mobility management platform.
There are a variety of issues to be considered in establishing policy that are likely to vary from agency to agency, and even from one job to another within an agency. Resolving some of these issues can involve working with human resources departments and employee unions as well as security and IT shops.
Geolocation is one issue. Most smartphones come with GPS capability, which not only is a valuable function for the user but also can be used to track the device. There are advantages to this, including the ability to locate lost or stolen devices. But this also tracks the user, which can be a sensitive issue, especially when the device is being used off-duty.
“We’re not going to enable that, because we don’t want to track our employees,” McCrae said.
There are several questions involving application provisioning. Should the agency set up its own app store for approved applications, or use the stores provided by Google and Apple? Should employees be allowed to acquire their own apps? NOAA now is issuing phones to select employees, but there is an expectation that they also will be put to personal use. The limit of controls on personal apps has to be determined, and a technique for enforcing it decided on. Should the agency use a white list (allowing only specified applications) or a black list (banning specified applications)?
What happens when an employee leaves the agency? A government device obviously will have to be left behind, but what about the personal information it contains and the applications the employee has bought? If the agency allows workers to use their own devices on the job, to what extent with it be able to wipe or clean up the personal device upon departure?
How is NOAA handling these issues? “That’s a work in process,” McCrae said.
William Jackson is freelance writer and the author of the CyberEye blog.