Recently, I attended the Defense & Security Mobile Symposium in Washington, DC, sponsored by AFCEA DC. Speakers and panelists from across the DoD and agencies such as the Department of Homeland Security, the National Security Agency and others discussed the opportunities and challenges with respect to ‘going mobile’. Here are the key themes that emerged:
1. Data Security – Cloud Storage vs. Local Data on Device
Naturally, in this business, security is always going to be paramount. All it takes is one serious breach to undo any progress made towards sustained mobility. That being said, just how to achieve reliable security seems to be a cloud vs. local debate – but only on the surface, because it’s never that simple – it all depends on the use case. If the use case is a CONUS environment with high connectivity, cloud-only storage can be the general rule for highly-sensitive data. However, in an overseas battle environment with little to no connectivity, cloud data serves no purpose as it can never be reliably retrieved or updated. Therefore, each organization and division will need to identify the specific use case and answer this question based on several criteria such as:
- Sensitivity of the data if a device is lost
- Network availability and throughput
- Requirements as to the timeliness of the data
In most cases, this could likely lead to some local and some cloud data rather than a single direction – each data set would just need to be put in a category based on the above criteria, and a decision made as to its persistence.
2. Device Ownership – BYOD vs. Organization-Supplied Devices
With the proliferation of consumer mobile devices, there is the natural desire for individuals to use a single device – and the type they prefer – for all mobile use. For years, the corporate world resisted BYOD, but has largely begun to follow the trend. In the defense & security arenas, lives are at risk. What happens if a user decides to upgrade their device’s OS? Will mission-critical apps still work? How can any security settings be ensured to remain functional? What if the user’s carrier pushes that OS update? Does this mean that the device needs to go through weeks of a security review & recertification process before it can be used again? This has begun to drive a need for at least two separate devices – one government device for classified use and an allowed personal device for unclassified enterprise systems (e.g., email, calendars, unclassified applications, files, etc.). For many users, this is still seen as an improvement, as they can at least perform some duties on their personal device. Regardless of who provides the device – one attendee posed a very interesting question: Is there any concern that these devices for classified use are being manufactured overseas?
3. Specific Platforms vs. All Platforms
Two main operating systems – iOS and Android – have clearly emerged in the consumer and corporate worlds. These OSs have naturally enamored defense & security users as well in their personal lives, driving discussions as to which devices will be supported. While most representatives at the Symposium seemed to lean towards taking a ‘device and OS agnostic’ approach, there was at least one that did not feel iOS would ever support classified operations. For the US Army, their selection of Android and DARPA’s development of its own ultra-secure flavor of Android has been no secret either. Again, it will likely come back to the use case. Not to mention the fact that the use case will need to consider purchasing and managing potentially hundreds of thousands of devices. In large numbers, uniformity typically wins out due to full life cycle costs. For unclassified applications, multiple platform approaches could still be implemented, especially in BYOD situations. Several panelists expressed that their teams are either piloting or considering ‘hybrid apps’ (i.e., web and native apps) to help address users across multiple platforms. This could include tools such as Appcelerator Titanium and others that allow HTML5 to be written while also delivering native behavior and native device APIs.
4. Network Availability and Throughput
At stations overseas, in the field and even at home in the US, network availability and the ‘size of the pipe’ are constant concerns. For example, if several thousand Marines are landing on a beach and all attempting to download the latest secure annotated maps and mission data to their mobile devices at the same time, what kind of network could support that? Have prior arrangements been made to hijack local networks? Are those networks compatible with our devices? Are they sufficiently reliable? Could they be sabotaged while we are depending on them? Are local cell towers in danger of being ‘tapped’ while sensitive data is being transmitted through them? For less urgent situations and for longer deployments, what will local cellular providers charge for using their networks? Even back home we have signal ‘dead zones’, weak signal areas and trouble indoors with connectivity. As more and more people in the U.S. and around the world become mobile device users, more and more of the spectrum will be taken up. What course of action does the government need to take to reallocate and redistribute parts of the spectrum – either in the event of emergencies or for the long-term? Obviously, there are a host of questions around connectivity that must be resolved for a full set of mobile use cases to be implemented.
5. Speeding up the Entire Lifecycle – From Procurement to Security Approval
The entire acquisition life cycle in defense and security (and the Federal government for that matter) was built on the Waterfall life cycle, which itself was largely based on the physical world (e.g., you have to architect a ship before you start to build any of it, etc.). We have all seen examples of how that approach has led to large cost overruns and failures in systems development. The very nature of mobile devices and mobile applications is the rapidity at which they arrive, evolve and become obsolete. One thing that nearly all panelists at the Symposium recognized is the absolute need for the entire acquisition life cycle to adapt – at least for mobile efforts. This includes recognizing that a procurement for a 30-day app development project cannot take 6 months – nor can the IA/C&A Security approval process. This is driving various groups to form committees and pilot groups tasked with identifying just how to tackle this issue – while still maintaining ‘the good parts’ of the legacy processes to ensure that taxpayer dollars are spent wisely, missions are achieved and security risks are minimized. In addition, many of the panelists mentioned that they are considering, piloting or using agile development practices rather than traditional waterfall development. Vendors that are well-versed in agile methodologies will be most prepared to meet these needs.
6. Integration with Enterprise Systems
As so many enterprise systems – classified and unclassified – were developed without modern mobile devices in mind, they naturally do not offer ideal connectivity to modern mobile devices ‘out of the box’. If the full value of mobile applications is to be attained, these enterprise systems will need to be adapted to deliver mobile-consumable content and capabilities. In some cases, this may be as simple as exposing some available APIs in JSON format via RESTful methods. In others, this may entail connecting the enterprise system to another tool that effectively ‘bolts-on’ a mobile-friendly API. In others, it may entail re-writing the system and developing wholly new APIs. Knowing the mobile data needs, the source data systems and the complexity of adapting those source data systems for mobile is key to determining the overall feasibility, cost and schedule of the particular mobile initiative. If integrating data from multiple systems, the added complexity of authenticating with multiple databases comes into play. This could necessitate the building of a consolidated database or date warehouse to support the mobile use case.
7. Leveraging Technology and Lessons Learned from Other Industries
As different as their missions are from other industries, the DoD and Security communities recognize that other industries have faced and tackled many similar issues – especially around security. The Financial Services and Healthcare industries in particular are ones that have developed technologies, standards and policies that can be leveraged – at least as starting points for handling classified data. In addition, taking a page out of the consumer market’s ‘app store’ concept, several services are planning their own app marketplaces. These will not only make apps easier to deliver to users, but will also allow publishing by others outside of the traditional channels. This would enable ‘grass roots’ development to meet urgent needs, create innovative solutions and to tackle unforeseen problems – naturally with some review and approval before publishing.
Overall, there are many issues to be tackled to enable full mobility in the DoD and Security Communities. The good news is that progress is being made and that teams of cross-agency and cross-service collaborators are being assembled to keep moving forward – all with an understanding of the need to move at a different pace than in the past.
About the Author
Brian Blankenship is a Senior Mobile Solutions Provider with Clearly Innovative, Inc. He is an experienced mobile developer, as well as a certified project manager with experience and certifications in agile development. He has developed apps for various industries including the federal government.
Clearly Innovative, Inc.
Clearly Innovative, Inc. is a certified small business and a premier provider of mobile technology solutions for iPhone, iPad, Android, BlackBerry, the Nook Color and Kindle Fire. Based in Washington, DC and founded in 2009, Clearly Innovative has developed over 20 apps and serves clients in various industries such as the Federal, DoD, Commercial, Social Media, Non-profit arenas. Clearly Innovative specializes in mobile app development using the Appcelerator Titanium platform, which essentially allows code to be written once and ‘published’ across multiple platforms – drastically reducing time and cost throughout the development lifecycle. Clearly Innovative is an official Appcelerator Gold-Level Integration partner, with many certified mobile app developers and deep expertise on the platform. In addition to bringing top-notch mobile expertise, Clearly Innovative brings solid project management and process improvement expertise to support a solid and lasting solution.