As the federal government warms to the idea of allowing employees to use their own mobile devices for work and develops new device management policies, agency CIOs and others will still have to grapple with the challenges associated with application security, experts warn.
The initial challenge for federal IT managers evaluating BYOD policies was to ensure that their agency's infrastructure was secure enough for new devices to enter the network and provide for central management, according to Tom Suder, president of the mobile services provider Mobilegov.
With those policies in place, agencies have cleared the way for the development and adoption of innovative new applications that could boost productivity in a mobilized workforce. But those apps invite a host of new security challenges.
Mobile Device Management vs. Mobile Application Security
"I think we're definitely in exciting times here. We're actually talking about doing better work for the government. I think we've shifted the conversation from mobile device management (MDM) and getting people -- you know, authorizing devices on the network. Even the DoD has authorized iOS and Android devices on their network in conjunction with an MDM," Suder said during an online presentation yesterday.
"And I think we're really getting to the point now where we're going to have these real good mission apps, doing-your-job kind of apps, and I think it's going to, you know, increase efficiency and make people do their jobs better, but I do think that we need to balance that with security, and there hasn't been too many enterprise mobility apps out there, so I think this is definitely an area we need to be paying attention to," Suder said.
"There has been a gap on mobile application security," he adds.
The government's cautious embrace of new mobile devices and applications comes amid a broader evolution in the government's $80 billion IT operation, and, like the move toward cloud computing, comes with a White House mandate.
Federal CIO Steve VanRoekel unveiled the federal government's mobile strategy last January at the annual Consumer Electronics Show in Las Vegas, directing departments and agencies to develop strategies for the adoption of new devices and applications.
Since then, the Obama administration has issued the more sweeping digital government strategy, which laid out a series of deliverables with due dates, including mile markers for mobile adoption.
Agencies, particularly those moving toward BYOD, have been developing device management policies with features like remote data wiping and encryption, but those policies, if left at the device level, fail to address the unique security concerns associated with mobile apps, according to Tom Voshell, senior director of solutions engineering at SAP's regulated industries division.
Sign up for CIO Asia eNewsletters.