May 2017, IDC Government Insights #US42509717
White Paper
Digital Transformation Enabling Next-Generation Public Safety and National Security
Sponsored by: Microsoft
Alan Webber
May 2017
IN THIS WHITE PAPER
The mission of public safety and national security (PSNS) organizations such as police, fire,
emergency medical services, and defense agencies is to keep the public safe. These organizations
exist at all levels — local, regional, national, and even international — and while this is a diverse and
eclectic group of organizations ranging from a volunteer fire department at one end to NATO at the
other, the one thing they have in common is that their success or failure is often a matter of life and
death.
There are new threats in the world that these organizations are on the front line of responding to,
threats that range from terrorist attacks to criminal gangs to natural disasters. These organizations are
chartered with keeping the public safe and preserving law and order including by not just responding to
incidents (e.g., a fire, an accident, a crime, or even a terrorist attack) but also preventing these
incidents from happening. But many of these organizations are trying to respond and stop these
threats using outdated technologies and approaches, with increasingly limited success. New and
evolving threats require new approaches. These new approaches include:
Share information faster and more efficiently. It is critical that PSNS organizations have the
ability and capabilities to gather, analyze, and share information. Capturing and sharing
information on paper once worked but is now an outdated process that does not support
mission optimization for PSNS organizations as paper is difficult to manage and share.
Unfortunately, there are several examples of communication breakdown that have led to
ineffectual response or worse, allowing a preventable act to happen because information didn't
reach the right stakeholders in time to act.
Better protect the data and information PSNS organizations have. Once they have the
information, PSNS organizations need to use the most advanced tools available to protect it.
Like the physical world, threats exist in the digital world as the cyberthreat landscape has
changed as well. Sophisticated cybercrime networks, nation states, and even third-party
actors all perpetuate increasingly sophisticated attacks and thefts of critical digital information,
and that means protecting data and devices from the edge in.
Take advantage of the evolution of technology. Just as the threats have changed, so has the
technology to combat them, specifically around cloud computing and devices. Where agencies
were once faced with purchasing clunky and hard-to-use single-application devices, newer
digital devices are available to PSNS agencies that support multiple uses and that can cover a
range of needs. These devices are often tied into cloud networks, facilitating the sharing of
information, and offer better protection of information than paper does.
©2017 IDC Government Insights #US42509717 2
IDC interviewed government technology and program managers and conducted additional research to
better understand the evolving maturity of the mobile government environment and how PSNS
agencies are adapting to this new environment. Through these interviews and additional research, IDC
was able to better understand the critical issues that government faces in adapting to a growing and
shifting mobile environment. IDC's research found that:
There is a blurring among device categories that are taking advantage of the continued
merging of desktop and mobile operating systems (OSs) such as in Windows 10. These new
devices enabled by ubiquitous operating systems allow a phone or a tablet to operate as a
desktop computer.
Devices continue to have a primary role. For example, smartphones and tablets excel at being
devices for consuming content, but devices with a keyboard and a mouse are still better for
creating content. Consumption devices are becoming more able to use input devices like a
keyboard and a mouse along with new input forms like handwritten content with an electronic
stylus, speech-to-text capabilities, and capturing video and photos because these capabilities
are now being built into device hardware and the operating systems. As a result, the new
generation of devices will truly become ubiquitous.
The cloud is reducing the dependency on the capabilities of a specific device. For example,
content creation or content review can be started on one device and finished on another. This
results in people having more than one device and those devices are connected, although the
security of those devices and operating system becomes more critical with the connectivity.
But devices still need to be able to operate while either connected or disconnected with full
capabilities.
Public safety agencies require multiple levels of security including device-based content,
application, and data-oriented security and management across multiple device hardware
types (e.g., small smartphone, tablet, laptop, and large format device) and ideally a single
operating system (or minimal OSs) to simplify both security and application development. In
this new environment, this will be a significant issue across both government-owned devices
and bring your own devices (BYODs).
Shifting to digital is valuable to the organization. Capturing information and assets digitally
leads to more complete case files. For example, using a digital device to capture typed or
handwritten info with "digital ink" including sketches, diagrams, and notes as well as digital
photos, digital voice recordings (e.g., witness statements), and other information allows it to be
immediately added to a case file and shared with trusted individuals, agencies, and groups
instantly. This can result in greater efficiency and effectiveness across the organization.
When devices are appropriately configured, digital information can be more secure than paper
files. For example, a device with modern security software can be wiped remotely if lost or
stolen. The data on the device will be encrypted while stored on the device and when it is
transmitted.
SITUATION OVERVIEW
Introduction
We have become a society dependent on technology, and many consumers are shifting to mobile
digital technologies that operate within an increasingly digital-enabled society. Whether we are buying
coffee at Starbucks with an app, choosing what restaurant to eat at and what movie to see, or looking
up recipes at home, most of us have one or more mobile devices with us that we can use to access
©2017 IDC Government Insights #US42509717 3
email, text messages, the internet, other apps, and more. For example, according to the January 2017
Mobile Technology Fact Sheet from the Pew Internet Project, 95% of American adults have a cell
phone, 77% of American adults have a smartphone, and about 50% of American adults have a tablet
computer. We are increasingly becoming a global society dependent on digital technologies as a way
of communicating, interacting, and receiving information in our personal and professional lives. And
this is carrying over into our work lives as more and more employees are bringing personal devices
into work and using them for work purposes such as email, collaboration, and remote work. This
movement not only has changed the expectations of the value that digital technologies can add to the
workplace but also has forced IT departments to transform from a desktop mindset to a more mobile
and dispersed IT operating environment mindset.
Governments, and specifically public safety and national security agencies, are no different from the
private sector in that the IT department is being forced to transform often by forces outside of its
control. The first era of digital government, or Gov 1.0, was the era where government employees
began to adopt email, connecting them to each other and to the public for the first time via digital
means. This was also the era of the early static government websites that matched what was available
in print. The second era of digital government, or Gov 2.0, saw the introduction of additional online
services, the use of multimedia and multichannel communications, and true transactions happening
across a digital platform. Gov 2.0 also saw the introduction of wireless capabilities, for both citizens
and government employees, including the introduction of telework. The current era, or Gov 3.0, is
focused on delivering broad and pervasive government services to citizens across multiple channels
and platforms. For government employees, it is employing digital platforms to move beyond telework to
the ability to work anywhere with the same resources, no matter the device that the job requires from
the office to the battlefield and anywhere in between.
Mobile technologies and mobile-centric applications are key components in what IDC calls the
"3rd Platform," a new generation of technologies and applications that include Big Data and analytics,
social business technologies, cloud, and mobile. As public safety agencies, including law enforcement,
ambulance/EMS, and fire services, evolve to become more efficient in their use of resources and more
effective in mission accomplishments, a critical technology will be mobile. Implementing mobile
technologies in public safety will provide a number of potential benefits. But implementing mobile
technologies in public safety agencies is not without its issues.
The Needs of Public Safety and National Security Are Different
Although many government agencies have special roles and missions that need to be accomplished,
the role of public safety is uniquely different from other types of government agencies and significantly
different from most roles in the private sector. Public safety agencies, including law enforcement,
border control and management, fire and rescue, emergency medical services and, in some cases,
national defense agencies, have a broad set of missions whose ultimate purpose is to protect life and
property whether on land or at sea. Because of the requirements placed on these agencies, often the
toolsets including IT resources, mobile devices, and connectivity are unique to the space and the role.
Some of the requirements that the public safety demands around data and devices are:
Access and handling of large amounts of data. Public safety missions can and often do require
the ability to access and handle large amounts of data from maps with multiple layers to files
of contacts and related information to detailed medical records. The ability for the devices and
platforms that public safety agencies use to be able to efficiently and effectively access and
handle large amounts of data is a critical requirement.
©2017 IDC Government Insights #US42509717 4
Unique sources of data. Data used in the public safety mission can come from a variety of
sources and formats including GPS data tied to maps and other records, still photographs and
images, recorded and live video feeds, and flat files. So whatever platform public safety
agencies use needs to have the applications necessary to be able to process and display the
data from current and future sources. For example, the ability to place a camera feed from the
security cameras both inside and outside a convenience store that is being robbed into the
computer of the responding police officers gives them critical information about what they are
up against and how to respond.
Speed of data to information. Data is great, but to accomplish the public safety mission
requires turning the data into knowledge, and this often involves speed. For example, if there
is a fire, the data about that fire including location, size, materials involved, people in danger,
and any hazardous materials or conditions is necessary for the fire department to execute an
effective response. If the information is slow getting to the responding units or in a format they
can't use, it places the responding units at a disadvantage and may result in additional
property loss or loss of life.
Operate in harsh environments. Most public safety missions don't happen in a protected office
but out in environments that include freezing to boiling temperatures, rain and snow, and high
winds. Because of this, the devices that public safety professionals rely on need to be able to
operate in all these extreme environments, and at the same time, the network these devices
depend on needs to be able to operate in the same conditions. For example, coast guard units
around the world operate in some of the harshest environments at sea, including rescuing
boaters during hurricanes and typhoons, and the devices they use to get information and
communicate need to be able to operate under these conditions.
Security of information and devices. Much of the information that public safety agencies deal
with is at the minimum confidential and may include personally identifiable information. At the
upper levels, it may be secret and require significant protection. For example, the information
counterterrorist officers or anti-gang unit police officers require on their device could have
significant consequences for the officers and their investigations, families of affected parties,
and more if that data were to be compromised. It is critical that devices have built-in security;
for example, employing telemetry data to determine when and where events take place can
not only support the mission but also identify when there may be unusual behavior or a
security breach.
The Benefits of Adoption of a Digital Architecture for PSNS
The high adoption of digital architecture and the devices and platforms that enable it within public
safety agencies is driven by the benefits. These benefits come from two types of use —
supplementation and replacement allowing computing resources anywhere and across multiple
platforms. Supplementation is the use of mobile devices as a secondary platform to supplement the
primary work platform of a personal computer or a laptop. Replacement is the use of a mobile device
in lieu of a personal computer or a laptop. Currently, in public safety agencies, much of the adoption is
supplementation and, to a degree, replacement and is done with employee-owned devices because
agencies are either not providing the devices or not enabling them enough when they do provide them.
Some of the benefits that public safety and national security agencies and employees have found from
the use of personal or other mobile devices expanding a digital architecture while at work are:
Increased productivity. One of the largest benefits of a digital architecture is increased
efficiency and effectiveness. Whether looking up information in a meeting, reviewing
photographs and charts from a remote location, or simply returning an email, a PSNS
employee who has the ability to complete a task away from his/her primary computer gets
©2017 IDC Government Insights #US42509717 5
more work done. An example of this is the issuing of ruggedized tablets to police officers and
other law enforcement officers to use in their patrol cars, both providing better access to
information and allowing the officer to complete necessary paperwork away from the office.
Enhanced access. Closely tied to increased productivity is enhanced access to information
and applications. Whether through directed applications unique to the agency or general
applications like Google Maps, Yahoo Weather, or a web browser across devices, employees
can access additional applications and corresponding information when away from their desks
or in the field. For example, a social worker can access information about a current case and
background information along with potential resources while working in the field with a
homeless family.
Better collaboration. Outcomes improve through collaboration. Until recently, collaboration has
been limited to in person, on the phone, and back and forth via email. New devices and
applications are changing to increase the breadth of contexts that collaboration happens
across and the depth of the level of collaboration. Using different collaboration platforms, an
investigator can access records and files he/she needs as well as communicate and
collaborate with colleagues on the other side of the city or country quickly and easily thanks to
modern mobile technologies.
Better service to citizens. A digital architecture will allow public safety employees to deliver
better services to citizens more quickly by bringing the information stored in government IT
systems to the point of interaction and engagement. For example, a park ranger can
coordinate softball and soccer field use or quickly call for an ambulance if someone is injured.
Improved cost efficiency. A digital architecture potentially improves the cost efficiency of
technology in two ways. First, the use of personal devices (BYOD) in a supplementation role
has been a cost-effective option for government because it increases the effectiveness of the
employee while only moderately increasing organizational IT support costs and hardware
costs. Second, the costs of managing devices, applications, and corresponding infrastructure
are generally lower for a single device than for multiple devices. Third, the long-term costs of
digitizing paper forms such as work orders or inspection forms are lower and drive efficiencies
by eliminating printing and shipping costs as well as labor costs associated with scanning
paper documents or the need to key in handwritten information from a paper form to a digital
format — which is also prone to transcription errors.
The Security Aspect in PSNS
For all the benefits that these new generation of devices can bring to PSNS agencies, there is a
significant issue in ensuring the security of the information and the networks. Each device is an
endpoint and an access point to the network, and adding devices, especially mobile devices, to a
government network significantly increases the potential attack surface that a threat may target. In
addition, each device becomes a mobile computer with data and access on it that can be misplaced,
lost, or stolen much easier than a desktop PC can be. Thus adopting mobile devices requires that
public safety agencies incorporate security planning from the beginning and take a broad look at
mobile security from hardware and software to technical requirements and user behavior.
©2017 IDC Government Insights #US42509717 6
In developing a digital architecture, public safety agencies need to address the following critical issues
in planning for security:
Enhanced monitoring and management. Given the nature of certain types of information being
exchanged across public safety devices, there is a need for enhanced monitoring and
management of the devices — the types and sources of information both stored and
exchanged on the devices, the applications available and used on the device, and the
operating system environment that is operating.
Protecting data at rest. Data and information stored on the device become significantly more
vulnerable if the device is lost or stolen than data stored on-premise behind the firewall.
Protecting data in transit. Another issue is how government data and information are protected
in transit. Most agencies will employ a commercial network, and government data traveling
across a commercial network is open to interception.
Trusted/measured boot and trusted/measured runtime. A vulnerability of mobile devices is that
they can be hacked through the introduction of an altered boot or runtime such as through a
virus. Securing against this requires a trusted boot accomplished through a hardware DRM
and a trusted runtime environment allowing only signed software to run. This includes an
operating system that has been secured by closing open ports, patching kernels, and
establishing defensive measures, including firewalls, intrusion prevention systems, and
intrusion detection systems.
To address these issues, public safety agencies need to implement the following critical components
to mobile security:
Mobile device management (MDM). Mobile device management solutions allow government to
effectively manage the mobile devices on its networks and address the need for enhanced
monitoring and management. This includes ensuring that the device is appropriately
provisioned and configured, controlling what software can be installed and how the devices
are used, ensuring that software patches are up to date, conducting remote backups, tracking
the device, and then securing that endpoint should the device be lost or stolen. MDM also
includes appropriate VPNs, secure email and messaging services, and other secure services
such as a secure browser as necessary.
User authentication. A second key component is user authentication to protect data at rest. At
the most basic level, this involves a username and a password. However, government is
moving toward multifactor authentication leveraging derived credentials and the adoption of
biometric and multifactor authentication using the device itself (via a Trusted Platform Module
[TPM] chip) as a factor.
Data encryption and information rights management. Given the nature of the data and the
potential impact of its loss, government data should be encrypted on any device to protect any
data at rest on the device and data in transit to and from the device and a VPN should be
employed to protect the data in transit. Data must also be protected, whether in a raw format
or in a document format, so that accidental or intentional distribution to non-authorized
recipients is prohibited.
Malware and virus detection. Malware and viruses are a threat to all types of devices including
those running Windows 10. The threat landscape is dynamic, and hackers will surely create
new threats that will require new and innovative changes to the operating system to remain
secure.
©2017 IDC Government Insights #US42509717 7
The Use Cases of Digital Transformation in Public Safety
Public safety agency adoption of the digital-enabled platform is being driven less by the IT department
and more by individual public safety employees who are using advanced digital devices at home and
bringing their personal digital devices to work so that they can check and respond to email from
anywhere, take notes in meetings that are then synchronized and shared with other employees
through the cloud, and access information via a web browser. These employees have recognized that
there is significant value in advanced digital technologies that take advantage of the digital
transformation of society and culture, and if the government won't provide them, then the employees
will provide their own. This has resulted in significant pressure on the IT department because the lack
of standardization in devices and applications brought into the agency under BYOD results in a
significant security risk to public safety agencies that often have sensitive, if not confidential,
information.
The first challenge for agencies is to clearly define what the need is and what the use case is for a
digital transformation. For example, a police officer using a smartphone or tablet to take pictures at a
traffic accident is a different use case from a community health nurse who is doing in-home
assessments, collecting private information and medical information that are then uploaded into a case
management system. To better meet the needs of agencies and employees, agencies must identify
the needs and develop appropriate use cases.
The need for digital transformation in public safety and national security can be examined across a 3 x
3 matrix that then can be used to identify an appropriate use case (see Figure 1). The x-axis is the
need for the ability to exchange information that is not bound by a specific technology or by a location.
This is segmented as a high need, meaning that the role requires the employee to be in the field or
away from the office more than 75% of the time and it is critical that the employee has the ability to
exchange information; a moderate need, meaning that the employee is away from the office more than
25% but less than 75% of the time or has only a moderate need to exchange information while mobile;
and a low need, meaning that the employee is seldom away from the office or when he/she is away,
there is no need to exchange information. The y-axis is the sensitivity of the information that the role
requires, which is broken down into three categories: public information, confidential and personally
identifiable information, and secure information such as around a law enforcement investigation.
©2017 IDC Government Insights #US42509717 8
FIGURE 1
Matrix of Government PSNS Digital Technology Use Cases
Source: IDC Government Insights, 2017
Selecting the Appropriate Technology for Public Safety
Government is one of the few industries that has the need and the capability to fund and create its own
technology solutions. This is often tied back to the unique needs of public safety agencies and whether
these needs can be met with a BYOD strategy, a direct commercial solution (COTS), a modified
commercial solution (MCOTS), or a government unique solution (GOTS) that is often employed in
specialized or highly unique environments (see Figure 2).
As an agency moves up the continuum from BYOD to GOTS, there is an increase in the cost to
procure, maintain, and manage the device, the applications, and the corresponding infrastructure.
So procuring and deploying as far down the continuum as is viable as defined by the use case is
generally the best solution set for government.
High need Medium need Low need
Highly secure Senior executives, leaders, and managers in law enforcement, security, and prosecutorial roles
Mid-level managers in law enforcement, security, and prosecutorial roles
Administrative staff in law enforcement, security, and intelligence spaces
Secure Middle-level managers and field personnel in organizations dealing with confidential information such as law enforcement, security, and medical roles
Middle-level managers in organizations dealing with confidential information and/or personal information
Non-field personnel and administrative staff in organizations dealing with confidential and personal information
General Field personnel in non–law enforcement, non- security, and non-medical roles
Mid-level and some senior-level managers and executives in non-military, non–law enforcement, and
non-security roles
Administrative and back-office personnel in non-military, non–law enforcement, and non-security roles
©2017 IDC Government Insights #US42509717 9
FIGURE 2
Government Technology Continuum
Source: IDC Government Insights, 2017
FUTURE OUTLOOK
Public safety agencies are beginning to look beyond the ruggedized laptop and traditional BlackBerry
to expand the capabilities of employees and provide better services to citizens. From police officers
who have tablets in their cars synced with the smartphone on their person to the fire inspector using a
tablet to capture photos of code violations and to reference digital building plans to public health
agency workers who use mobile devices to input digital notes directly in the electronic case file, access
electronic medical records, and track patient health and outcomes, public safety agencies are
becoming more mobile, bringing tremendous value to the government organization, to the community,
and to the citizen.
There are still some challenges to be overcome around a variety of devices, primarily around security
and device management, for them to be fully adopted by public safety agencies, but the number of
available solutions for agencies is growing every day. Agencies that want to deploy mobile devices for
the first time or continue to deploy additional devices should consider the following for selecting an
integrated OS and hardware solution:
Manageability of the devices, OS, and network through a native or third-party MDM solution
including remote lock and wipe
BYOD
Bring your own device is allowed with some
constraints and modifications, such as
for use with job-specific productivity
applications
COTS
Commercial devices procured and issued by government with some modifications
such as installed productivity
applications and restrictions on other
apps that can be loaded
GOTS
Devices specifically designed and
procured for use within environments
unique to public safety
MCOTS
COTS devices that are moderately or
heavily modified such as by disabling or
removing the camera, primarily for
security purposes and for use with
classified information
No devices
No devices are allowed or used by agency personnel
©2017 IDC Government Insights #US42509717 10
Comprehensive security of the device at FIPS 140-2 or equivalent minimum
AES-256 or equivalent encryption of data in transit and at rest
Comprehensive application permission management
Enterprise control of update deployment
Restrict or remove access to hardware such as Bluetooth, camera, and GPS
Managed WLAN connectivity
Durability of the hardware according to use and role
Minimal device churn
Simplified and sustainable training
Availability of government and enterprise applications and manageable stores
OVERVIEW OF THE MICROSOFT ECOSYSTEM FOR PSNS
Microsoft has built a portfolio of software, services, and devices that will help government agencies
accomplish their mission more efficiently and effectively while keeping government information secure.
This portfolio ranges from hardware such as the Surface Pro tablet to software platforms such as
Windows 10, including Windows 10 mobile, to collaboration and productivity tools like Office 365.
Benefits of the Evolution of the Microsoft Windows Platform
The Windows platform is almost 30 years old and has come a long way since Windows XP. It has
become more user-friendly, easier to integrate with and develop applications for, and easier to
manage. The current Windows 10 platform is making inroads into the public safety sector because of
its many security enhancements, but most PSNS customers around the globe are still running earlier
versions of Windows.
For those public safety agencies that have adopted Windows 10, the evolution of Windows toward a
single converged platform has demonstrated the following benefits:
Significant security enhancements. Windows 10 represents a dramatic change from previous
versions of Windows, especially in the ways it focuses on better improved security by:
Securing identities. Windows Hello requires two or more factors of user validation, such as
biometrics (fingerprints) and a device, to set up the credentials that will be used for
authentication. This can make it harder for an attacker to compromise the devices a team
uses. Behind the scenes, Credential Guard protects the user access tokens that are
generated once users have been authenticated. So even if a device is compromised, the
credentials are not available to the attacker.
Securing information. Windows Information Protection separates personal and business
data and encrypts data per policy.
Securing the device. Windows 10 employs a number of technologies to secure a device
and protect the network:
Device Guard can help protect the Windows system core and helps prevent untrusted
apps and executables from starting. Device Guard uses hardware-based isolation and
virtualization to help protect itself and the Windows system core from vulnerability and
zero-day exploits.
©2017 IDC Government Insights #US42509717 11
App-specific VPN access helps maintain the integrity of a device and the
organization's platform by determining trustworthiness using Unified Extensible
Firmware Interface (UEFI) and Trusted Platform Module. This helps ensure that only
authorized apps can communicate across the VPN — and that malware on the client
won't propagate to the organization's network.
Windows 10 ensures trusted boot by closing off the pathways that allow malware to
hide. With Windows trusted boot, used in combination with UEFI Secure Boot, it
makes sure that the PC boots more securely and that only trusted software can run
during start-up.
Hardware-based cryptographic processing (i.e., TPM) creates keys, signs sensitive
data, and assists in integrity validation.
Windows 10 uses virtualization to make use of hardware-based technologies so that
they can move some of the most sensitive Windows processes into containers that
can prevent tampering, even if the Windows kernel has been fully compromised.
Threat detection and response. Windows Defender ATP works behind the scenes to
detect threats on the network and helps a security team investigate and remediate data
breaches. Windows Defender ATP is a new cloud-powered agent, built into Windows. It
runs side by side with any antivirus software or other security solution that is deployed.
The agent is designed to collect behaviors from the onboarded Windows 10 endpoints and
send them to the cloud, where all the magic happens — security machine learning, data
correlation, and looking for suspicious activities observed from the machine that are used
to identify potential threats.
Universal security management. Another benefit of Windows 10 is the ability to manage
Windows phones and tablets security with the same management tools that are used to
manage desktops. This means that government agencies can leverage and extend their
existing desktop security tools, skills, and policies to manage tablets and phones.
Conversely, Windows 10 devices can be managed by third-party mobile device
management tools (this includes Microsoft's own MDM tools), which means that even the
laptop form factor will be able to be managed in the way a customer has previously only
been able to manage a phone or a tablet. The result is that agencies can realize increased
flexibility and an increased return on their existing security investments.
Consistent user interface (UI) across device types. A benefit for public safety agencies to
deploy a Microsoft solution is the ability to integrate, consume, create, and share information
across multiple sources and systems in a way that employees are already familiar with. Right
now, within governments across the globe, there are a wide set of choices of devices and
hardware platforms from laptops and PCs to ruggedized tablets to low-cost tablets to secure
tablets — all of which run the same OS and have close to the same UI or user experience (UX).
Common application platform. Another benefit is that in Windows 10, under an integrated
platform is a universal application platform that will improve application development and
management because it allows government organizations to create, deploy, manage, and
support one application and deliver that application on any form factor — phone, tablet, laptop,
PC, or 84in. wall-mounted device.
Continuous innovation. Windows as a service refers to a new way to build, deploy, and service
the Windows operating system. Each part of the process has been redesigned to simplify
installation and maintenance while maintaining a consistent Windows 10 experience. These
improvements focus on simplifying the deployment and servicing of Windows client computers
and leveling out the resources needed to deploy and maintain Windows over time while adding
new features and functionality more rapidly than the previous "versions" model. It also means
©2017 IDC Government Insights #US42509717 12
that there are more frequent updates to respond to changes and improve security while still
giving organizations full control on when, how, and even if a new update is applied.
Hardware Solutions Using the Microsoft Platform
Hardware solutions that employ the Microsoft platform and run the Windows 10 operating system now
stretch across the complete continuum of devices, from portable devices such as phones to laptops to
desktop PCs including the Microsoft line of Surface 2-in-1 devices that convert from a tablet to a laptop
with a detachable keyboard. These devices include those developed by both Microsoft and OEM
hardware providers that take advantage of the capabilities in Windows 10 like special-purpose laptops
such as the Dell XPS 13, the Panasonic Toughpad, and the Lenovo ThinkPad Yoga convertible laptop.
For example, the HP Elite x3 is a phone that takes advantage of the Continuum feature in Windows 10
that allows it to effectively act like a desktop top PC when connected wirelessly to a monitor, a
keyboard, and a mouse. Windows 10 is enabling new devices such as HoloLens, a self-contained
wearable holographic device enabling mixed reality for the user. The result is that government
agencies now have access to a very broad range of devices that can be used to meet mission needs.
Benefits of Deploying Microsoft in a Modern PSNS Environment
The Windows platform along with the Microsoft Office suite is pervasive across IT environments
around the globe. Because of this ubiquity, deploying a Microsoft solution has a unique set of benefits,
including:
Integration with the government enterprise. Numerous government agencies and programs
are already using one or more components of the Microsoft stack, including Microsoft Office,
SharePoint, Active Directory, Exchange, and Dynamics CRM. Mobile devices that use the
Windows 10 OS already easily integrate with these applications and others. In addition, a very
high degree of application compatibility from Windows 7 or Windows 8/8.1 to Windows 10, as
well as the ability of Windows 10 tablets, 2-in-1s and laptops, and PCs to run x86 desktop
programs, means that Windows mobile devices can run most legacy desktop programs in
addition to modern touch-first apps.
Right tool for the job. There is a broad range of devices from hundreds of OEMs, ODMs, and
Microsoft itself. The result is there is a spectrum of devices that cover form factor (rugged up to
MIL-STD-810G rated to sleek high end to low cost), size, and features across a range of price
points. As Windows has converged to a single OS that can run on a range of devices including
the small "Internet of Things" (IoT) devices, this means it can run on small IoT and embedded
system devices, single-purpose handheld devices, phones, phablets, tablets, 2-in-1s, laptops,
desktops, all-in-ones, and large format devices such as the 84in. Surface Hub. This gives the
government a great deal of flexibility when it comes to hardware choice.
Familiarity with the platform. The Windows Mobile platform is a familiar user interface and user
experience to most PC users. Given the near-identical nature of the platform in Windows 10
and Windows 10 mobile, public safety users have the same applications and capabilities
across all devices from mobile to desktop, complete with the familiar applications and
interfaces that they have come to know. The existing familiarity of users with the Windows
platform across OEM and Microsoft devices including small and large tablets, 2-in-1
convertibles, laptops, desktops, and all-in-ones should reduce the training time needed to
become familiar with the platform and the applications. The result is a reduced learning curve
for employees changing devices or even roles within or across organizations.
©2017 IDC Government Insights #US42509717 13
The Security of Windows 10 in a PSNS Environment
Security is a key issue for government including the ability to leverage existing investments. In addition
to the security improvements highlighted previously, Microsoft has addressed this issue and others
through Windows 10 by increasing the number of security APIs, employing federated authentication,
protecting data at rest through BitLocker, improving the ability to connect to enterprise VPNs, and
easily switching to enterprise WiFi while controlling access to external WiFi points.
These security enhancements appear to be resonating with PSNS organizations. In November 2015,
the chief information officer of the U.S. Department of Defense (DoD) issued a memo to the DoD
leadership with the subject of "Migration to Microsoft Windows 10 Secure Host Baseline." The first
sentence in the publicly available, nonclassified memo says, "It is important for the Department to
rapidly transition to Microsoft Windows 10 in order to improve our cybersecurity posture, lower the cost
of IT, and streamline the IT operating environment" (see the memo and updates to the memo at
http://iasecontent.disa.mil/stigs/pdf/U_DoD_CIO_Memo_Migration_to_Windows_10_Secure_Host_Ba
seline.pdf).
In recognizing the increased ubiquity of Apple and Android devices, Microsoft has developed Intune, a
cloud-based mobile device and application management tool, as well as cloud-service versions of its
Active Directory and Rights Management services — all three can better manage the security of
Android, Apple iOS, and Windows devices. In recognition of the need to manage and secure devices
and applications, manage identities, and protect information, as well as the reality that most personnel
have multiple devices, these three services have been packaged into the Enterprise Mobility Suite.
Because of its synergy and seamless interoperability (e.g., identity and email client) with Office 365,
the Enterprise Mobility Suite is a very good option for PSNS organizations that are currently using
Office across devices running various operating systems.
PARTING THOUGHTS
The digital technology requirements for government, whether devices, operating systems, platforms, or
applications, are different from the private sector because of the specific needs that government has
when it comes to operability, viability, resilience, and security. Within government, public safety and
national security is an even more specialized and specific niche that has additional and more stringent
requirements along these same areas.
To be successful, PSNS IT organizations need to match the digital technology they procure with the
unique requirements they have while thinking long term about the evolving mission in the face of
technology needs, organizational culture, and security that will provide a technology architecture that is
ultimately effective, secure, controllable, and scalable. These same platforms also need to provide a
user experience that is comparable with the consumer experience that employees have outside of the
office.
While taking these issues into account, decision makers must also be aware of long-term budgets and
efforts being made that reduce implementation costs and training costs and that leverage existing
infrastructure and investments. A solution that addresses the evolving security needs of government,
that is scalable, that takes advantage of technology familiarity to reduce training and implementation
costs, and that builds upon legacy investments goes a long way in meeting the needs of government.
About IDC
International Data Corporation (IDC) is the premier global provider of market intelligence, advisory
services, and events for the information technology, telecommunications and consumer technology
markets. IDC helps IT professionals, business executives, and the investment community make fact-
based decisions on technology purchases and business strategy. More than 1,100 IDC analysts
provide global, regional, and local expertise on technology and industry opportunities and trends in
over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients
achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology
media, research, and events company.
Global Headquarters
211 North Union Street, Suite 105
Alexandria, VA 22314
USA
571.296.8060
Twitter: @IDC
idc-insights-community.com
www.idc.com
Copyright Notice
Copyright 2017 IDC Government Insights. Reproduction without written permission is completely forbidden.
External Publication of IDC Government Insights Information and Data: Any IDC Government Insights information
that is to be used in advertising, press releases, or promotional materials requires prior written approval from the
appropriate IDC Government Insights Vice President. A draft of the proposed document should accompany any
such request. IDC Government Insights reserves the right to deny approval of external usage for any reason.