Download a copy of the Mobile Devices Advisory doc format of Mobile Device Advisory
 
 

FROM:          Jason Snyder, Chief Technology Officer, Commonwealth of Massachusetts

DATE:           August 8, 2012

RE:               Advisory Memorandum - Mobile Devices


The Commonwealth Chief Technology Officer is issuing this Advisory Memorandum in response to questions raised relative to the use of Mobile Devices for Secretariat/Agency deployment.  This advisory specifically focuses on employees, vendors and contractors of the Commonwealth. ITD is currently involved in a variety of related ongoing efforts that are bound by the idea of defining an Enterprise-based mobility architecture for the entire Commonwealth that will allow for the perpetual growth and expansion of mobile device technology.  One of the most active of these efforts has a goal of procuring an architecture solution that will include management and support for “BYOD” (Bring Your Own Device) technology.  At this time, the use of Mobile Devices should be limited to those devices that have been approved by Secretariat/Agency CIOs (or their designees) only.  In such cases, mobile devices can be utilized subsequent to a thorough review and deliberate acceptance of the risks that could be introduced or may already exist.  In instances where Secretariats and their Agencies choose to permit the use of mobile devices, the tenets contained within the Enterprise Access Control Policy and supporting Standards must be followed.

Based on preliminary testing, current industry practices, Commonwealth Secretariat/Agency feedback, and business owner feedback, it is advised that Secretariats/Agencies take into consideration the following key points when evaluating whether to allow use of mobile devices.

Business need:

Mobile devices are a part of our modern society.  They have transcended into almost every aspect of our lives, including the workplace.  In January, U.S. CIO Steven VanRoekel announced the launch of a broad-ranging program to articulate policies for procuring, managing and securing mobile devices, and to establish guidelines for developing apps for deployment in the federal government.  Mobile workforces tend to be more productive workforces and the Commonwealth is no exception.  The Commonwealth has issued to employees “managed devices”, such as RIM’s Blackberry for many years for email use.  However, the current trend is “BYOD” (Bring Your Own Device).  The concept of an employee using a personally owned mobile device for work purposes represents a brave new step from the Commonwealth’s perspective, however, the truth of the matter is that the use of these devices within the Commonwealth’s networks is occurring presently, and such use will only grow in momentum.  As such, the Commonwealth as an Enterprise needs to be prepared to not only address this technological movement, but also to capitalize on BYOD benefits while managing its challenges.

Benefits and Challenges:

Certainly the cost benefits for the Commonwealth are fairly clear when it comes to the concept of some of the workforce needing less and less desktop style computer infrastructure to perform their jobs.  However, there are many challenges in the mobile device realm that require consideration, particularly relative to securing what in many cases is highly sensitive data related to the citizens of the Commonwealth.

  • Benefits of Mobile Device technology use in the Commonwealth:
    • Continuous decreased expenditure in desktop infrastructure over time.
    • Long term prospects for savings related to office space for “mobile” employees.
    • Mobile workforces tend to be more productive and effective.
    • Familiarity with the mobile platforms that consumers of state services will be increasingly using to access those services.
    •  Simplifying collaborations leveraging standard mobile app platforms.

 

  • Challenges of Mobile Device technology use in the Commonwealth:
    • Security is the top concern when considering mobile device technology.
      • Highly sensitive data access from mobile devices is a great risk.
      • Privacy of device owner personal information.
      • Such devices statistically are more prone to theft and loss (often with sensitive information cached on the device).
      • Risk of compromise to state systems through mobile devices.
      • Legal Considerations
    • Difficulties relative to managing the myriad number of devices that currently exist, as well as ever–evolving makes and models of such devices. Policy considerations and employee relations with regard to Mobile work.
    • Increasing public demand for mobile access to state resources.

Anticipated Commonwealth Mobile Device use cases:

While Commonwealth citizens will mostly be consumers of state offered mobile applications, mobile device use case scenarios for Commonwealth employees will mostly fall into the following categories: 

  • Email and Messaging
    • Mobile email similar to that of the blackberries currently provided, with the potential for access to an enterprise-class Instant Messaging platform such as “Lync”.
  • VDI(Virtual Desktop)
    • Remote control of a virtual “desktop” session which can deliver the more business-centric feature set of a Windows operating system and productivity suite to a tablet and even a smartphone securely.
  • Document Access
    • With maturing possibilities in cloud technology, the potential exists to securely allow access and editing to Commonwealth business documents.
  • Mobile Applications
    • Both Employees and citizens can benefit from various methodologies to deliver Commonwealth content/functionality:
      • Mobile app alongside regular Web site
      • Mobile site content as a special use case scenario for existing Web site design efforts (mobile devices will auto-route to this set of pages)
      • Simplified overall Web site design so that displaying content on mobile devices is paramount, i.e. mobile devices become the new Web design paradigm
      • Mobile use of the standard Web site

Mobile Device Management (MDM):

As described by Gartner, “(MDM) software is primarily a policy and configuration management tool for mobile handheld devices, such as smartphones and tablets based on smartphone operating systems.  It helps enterprises manage the transition to a more complex mobile computing and communications environment by supporting security, network services, and software and hardware management across multiple OS platforms.”  MDM can support both state-owned as well as personally owned devices.  ITD is currently gathering information and preparing to pursue an Enterprise solution for mobile devices that will leverage “MDM” (Mobile Device Management) technologies.

  • Agency/Secretariat options for utilizing Mobile Device Management technology for Email/Messaging:
    • Continue to use the current Commonwealth Blackberry service offering.
    • Utilize mobile devices that support the commonwealth’s “OWA” (Outlook Web Access) for accessing the MASSMAIL system, as long as full compliance with all relevant Commonwealth Enterprise policies and standards is maintained.
    • Collaborate with the ITD initiated process in pursuit of the new Commonwealth-wide, (MDM) solution that will support both state issued and personally owned mobile devices.
    • In collaboration with ITD, pursue a well architected, agency/secretariat-based (MDM) solution that is in full compliance with all relevant Commonwealth Enterprise policies and standards, and supports only state-issued devices.

As with any technology deployment, we recommend secretariats/agencies conduct thorough testing of their own internal critical systems with Mobile Devices, including acceptance of the risks that are introduced before considering implementing a mobile device solution.  At this time, the use of Mobile Devices should be limited to use that is approved by Secretariat/Agency CIOs only. ITD recently disseminated to the Commonwealth SCIOs for comment and feedback a proposed letter outlining the procedures for implementing and managing personal and state issued mobile devices. ITD also proposed that users engaged in working for the Commonwealth sign an acknowledgment form relative to understanding their responsibilities when using such devices.  In instances where Secretariats and their Agencies choose to use mobile devices, it should only be done in accordance with the Enterprise Access Control Policy and supporting Standards .

In summary, at this time ITD recommends secretariats/agencies looking to deploy Mobile Device Management technology for Email/Messaging use:

  • The current Commonwealth Blackberry service offering.
  • Browser based “OWA” (Outlook Web Access) for accessing the MASSMAIL system on supported mobile devices under full compliance with all relevant Commonwealth Enterprise policies and standards.
  • It is requested that the Secretariats utilizing BYOD adhere to the tenets delineated in the letter relative to Mobile Device Management and obtain acknowledgement from the personnel under their purview who are utilizing BYOD.
  • Forthcoming ITD-initiated Commonwealth-wide, (MDM) solution that looks to support both state issued and personally owned mobile devices.
  • If any Secretariat or Agency wishes to pursue their own well architected MDM solution that is in full compliance with all relevant Commonwealth Enterprise policies and standards, and supports only state-issued devices, they should contact the Commonwealth Chief Technology Office as ITD would like to collaborate on any such solution.

Concerns regarding this advisory can be sent to: standards@state.ma.us.