Skip to Content

In the first post of this blog series, we discussed how Government/Public Sector enterprises are the laggards in the mobility race. This week we’ll take a further look at some of the challenges that come from lagging behind and some of the benefits that come from embracing mobility.

Security

Agencies often try to prevent data leakage and unauthorized use of mobile devices by creating rules and policies with severe punishments for offenders. But as history shows, rules that go against the grain of an otherwise socially accepted behavior become unenforceable over time. Up to 66% of millennials use either unsanctioned mobile devices or devices that are not sufficiently supported by their organization’s IT department for work purposes (Source). For this reason, IT departments should embrace the mobile movement and not hide behind the wall of regulations that require high levels of data protection when going mobile. By endorsing this, IT departments can provide better data protection and properly monitor the use of mobile devices for work.

Forrester Research notes that few organizations properly segment users according to their mobility needs and respective security profiles. The result is that “80 percent of employees work under security and management policies that are too restrictive, and 20 percent of workers don’t have access to the mobile power and features they need”. (Enterprise Mobility for Dummies)  Enterprise Mobility Management software is readily available in the market. Why not use it? For more information on this topic, check-out BusinessWeek’s White Paper, “Looking Beyond Mobile Device Management to Enterprise Mobility Management” (free with registration) [and yes, SAP has solutions available today: SAP Afaria, for mobile device and application management, SAP Mobile Documents, for managing mobile content, and SAP Mobile App Protection by Mocana, to secure apps with encryption on managed or unmanaged devices].

Despite the fact that governments are lagging behind in the mobile revolution, they should not go mobile solely because they feel it is required. Agencies should keep in mind what is best for them. However, as governments experience budget constraints and the need to cut spending, it is essential for them to look to technology for all the help it can offer.

Enterprise Mobility – An Advantage for Government

Increased productivity is a reoccurring theme in the mobility revolution and the numbers speak for themselves. “Survey data taken from 240 enterprises suggest that [overall], the use of mobile apps designed specifically to help employees get their work done, increased productivity by 45%. Furthermore, the data reveals that operational efficiency rises almost as much (44%) when enterprise apps are made available,” said Andrew Borg of Aberdeen, a consultancy, in a briefing cited by the iPad CTO.  

A survey of 260 travel experts conducted by the University of Applied Science, Heilbronn, Germany, found that the “use of mobile technology can increase productivity of business travelers by 30-50%”. Additionally, CIO Survey on Enterprise Mobility found that “Improved employee availability, better customer support, and enhanced communication are the other key benefits. Reducing operational costs, however, takes a lower place on the benefits list, clearly indicating that organizations value productivity over mere cost savings.”

So what does this all mean? Agencies should explore the benefits that going mobile could bring and fully embrace the mobile wave, when appropriate, as a means to increase employee productivity.

Check back with us next week for a discussion on mobility in public security and field services.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Narendra Agrawal
    Having spent past 5 years implementing SAP for US Federal Government including mobility initiatives, in my opinion one of the biggest hurdles is also the industry readiness.

    So e.g. in Defense space where military grade security is absolute must, all of the Apple mobile devices have failed to satisfy the security requirements as laid down by the Government. In Android space only one such device (Dell Streak 2.2 and that too when overlaid with not one but two different MDM solutions – Good and Fixmo) finally made the list but it has been discontinued since. Out of sheer frustration, Government is now developing their own version of secure Android. Apple remains reluctant to change anything in iOS which many believe is because of their primary focus on consumer and commercial market.

    Story is same on the software side. So e.g. Sybase unwired Platform does not satisfy FIPS encryption requirements and not even pursuing an approval with DOD. There are very few software vendors who support Smart Card (CAC) authentication which is requirement with DOD and many other Government organization.

    There is a great momentum within US Government for mobility – everyone wants an iPad for work. Multiple pilots, POC and testing is in progress, however one of the biggest challenge that remain is that vendors are too slow to meet the Government mobile security requirements.

    (0) 
    1. Andreas Muno Post author

      Thank you, Narendra, for this comment.

      The market is still in a very early and interesting phase. The rapid adoption of consumer-grade devices for business purposes has surprised some suppliers, but not necessarily changed their focus on consumers, nor their policies.

      The SAP Mobile Platform (f.k.a. Sybase Unwired Platform), and the Afaria mobile device and application management platform cater to enterprises and government agencies globally, but do not address US Federal government-specific encryption requirements. Why is that?

      First, the federal government is a huge market for software vendors. But often times it is not the only one. If there are enough other markets to play in with fewer regulatory requirements, a profit maximizing corporation has to prioritize towards those.

      Second, in some cases regulatory requirements have to be looked at from both sides, the government buyer and the supplier, and sometimes it just doesn’t make sense for a vender to apply for certification of specific product. Point in case, FIPS and the SAP Mobile Platform: NIST’s FIPS 140-2 standard is about cryptographic modules. “

      The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification, cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks.” The SAP Mobile Platform is not a closed circuit system, but an open platform to create and manage mobile apps, built with and for open standards, like OData. It does not cover the entire data transfer between data source, often an ERP system, and a mobile device. It cannot control the encryption of data on the ERP database or the other layers of hard- and software, nor on the device itself. If the SAP Mobile Platform or Afaria were FIPS compliant, the customer would still have to have all other elements covered with FIPS-compliant modules, software and handware, database to mobile devices. As long as consumer-grade mobile devices government employees use don’t adhere to the FIPS standard, and the telecom and wireless connections are not FIPS compliant, there is very little benefit for a customer from having a FIPS compliant Mobile Platform. And hence there is very little incentive for SAP to pursue approval for certification.

      Third, innovation in mobile happens fast, and certification cycles are long. Sometimes, regulation slows down innovation, and lengthy certification cycles certainly don’t speed up innovation.  

      (0) 

Leave a Reply