Total Mobility: Still Evolving

4th Annual

Dr. Michael Valivullah, CTO, NASS, USDA

Feb. 27, 2014

What is Total Mobility? • An ability to perform work from

anywhere, on any device, at any time and access data or information securely and efficiently

• Also known as Nomadic Computing

2Dr. Valivullah - Mobility

Mobility – Three segments1. End Point – Device/User Experience – Ease of

Use, Accessibility, Availability, Latency, Data at Rest…

2. Mobile Connectivity – Capacity, Reliability, Ubiquity 24/7 , Weather, Tunnels, Buildings, Data in Transit…

3. Back-End Systems – Data, Applications, Access Control, Response Time, Cloud, Middleware…

3Dr. Valivullah - Mobility

Impact• PEOPLE: Feds & Customers – Services

and Support (Consumers and Providers)• PROCESS: Rules & Regulations, Policy &

Procedures, and Operations• TECHNOLOGY: Databases, Applications,

and Networks & End Points - Devices

4Dr. Valivullah - Mobility

Mobility Evolution (ME)

Where are we in the Mobile Evolution?

All of us are moving towards mobile maturity…Exploration, Acceleration, Innovation (IDC 2011)

5Dr. Valivullah - Mobility

Adapting to Change

From: Bing

6Dr. Valivullah - Mobility

Environmental Pressure - 1• Unprecedented number of mobile devices

are connecting to the enterprise network• Numbers are continuing to increase• Over a billion mobile devices sold

7Dr. Valivullah - Mobility

Environmental Pressure - 2• Powerful Smartphones and Tablets are

trying to outdo conventional PCs in the work place

• People are demanding to use them, especially younger workers - BYOD

8Dr. Valivullah - Mobility

Environmental Pressure - 3• Organizations are expanding beyond email and

calendars into• Backend systems – supporting the core mission –

with access to• Customer Support, Workflow, Business

Intelligence, Corporate data/information – to serve the public efficiently

9Dr. Valivullah - Mobility

Environmental Pressure - 4• Leverage consumer mobile technology for

broader access• Increase Agility, Productivity, Faster Response to

customer request, decrease cycle time • Reduce Cost• Increase Employee and Customer Satisfaction

10Dr. Valivullah - Mobility

Environmental Challenge - 1• Lost or Stolen Device• Dealing with Confidential or Sensitive

Data on the Device and in Transit

11Dr. Valivullah - Mobility

Environmental Challenge - 2• Different Mobile Platforms / OSs /

Devices / Apps– Different levels of vulnerability to– Malicious code and Malware– Enticing Targets to Hackers – Provide more Vectors for malicious payload

12Dr. Valivullah - Mobility

Environmental Challenge - 3• APT (Advanced Persistent Threat) is on the rise• Nation State-sponsored threats• Mobile traffic – especially wireless traffic – is

fraught with security challenges, dead spaces• Wireless, Bluetooth, insecure Wi-Fi - Airports,

Coffee Shops, Hotel Lobby

13Dr. Valivullah - Mobility

Environmental Challenge - 4• Patching and Upgrades can be plenty and time

consuming to implement• Configuration / Change Management (CM)• Mobile Apps. - Numbers exploding and life-span

is getting shorter

14Dr. Valivullah - Mobility

Environmental Challenge - 5End User Behavior• Corporate email forwarded to personal accounts• Storing mission critical and sensitive corporate

content/data in the public cloud (Dropbox), device without proper security controls

• Agency data co-mingling with personal data, data leaks• Weak passwords

15Dr. Valivullah - Mobility

Environmental Challenge - 6• Complex Compliance needs :

– Infringement of Privacy Laws - PII– HIPAA– CIPSEA– SOX – NIST- Pub 800 Guidelines– Section 508– OMB Circulars, Executive Orders, etc.

16Dr. Valivullah - Mobility

Environmental Challenge - 7• Rapid pace of change on all mobile fronts

– Users, Devices, Networks – wired and wireless, Back ends, Middleware, rules, regulations, peoples, staff skills, resources, expertise, process, technology, malware, hackers, virus, trojans, etc.

– Hard to keep up with simultaneous developments on all fronts

17Dr. Valivullah - Mobility

Environmental Challenge - 8

• Finding and keeping skilled Employees, providing Employee Training and Resources to procure, implement and manage these technologies and threats

18Dr. Valivullah - Mobility

Environmental Challenge - 9• Mobile Governance

– Developing and implementing appropriate policies and procedures

– Selecting and implementing appropriate MDM/EMM solutions

– Protecting data on the device, segregating data containers, controlling mobile devices, allowing selected applications, etc.

– Enforcing enterprise security policies remotely 19Dr. Valivullah - Mobility

Environmental Challenge - 10• Identification, Authentication, and Authorization

– Authentication – 2 factor - fingerprint, tokens, card readers, pictures, voice

– Federated Identity Management – Single SignOn– Cipher Key Management (place, length, life span)– Role-based Access and Authorization to back-end

resources – within agency firewalls, Private Cloud

20Dr. Valivullah - Mobility

Adaptation Set - 1 1. Most important Mobile Policy Decisions

– Who should make them?

2. Lost or Stolen Devices– How to deal with them?

3. Mobile Applications– How to manage them?

4. Malware / Malicious Apps– How to prevent / respond / recover from them?

21Dr. Valivullah - Mobility

Adaptation Set - 2 5. BYOD

– How to deal manage the device configurations / platforms / access controls / data leaks?

6. User Experience and Security– How to secure the agency data / content without infringing

upon device owner’s rights

7. MDM Solution– Cost / Benefit Analysis – Do we really need it?

22Dr. Valivullah - Mobility

Adaptation Set - 3 8. Containerization

- What are the challenges in sand boxes and containers?

9. Mobile Application Security- Which type of Web (HTML 5, js), Native (Java, .NET, Object C),

Hybrid applications / SDKs / OS (iOS, Android, Windows Mobile, Symbian, etc.) to use?

10. Middleware / Cloud (BaaS) – Are the mobile applications accessing the middleware to reach

into corporate data or using Cloud backend (Backend as a Service, BaaS) with APIs

23Dr. Valivullah - Mobility

Adaptation Set - 4 11. Long-term Mobile Strategy

- What is our long term mobile strategy? What do we gain from this strategy? What is the goal we are trying to achieve? What are the metrics we would use to measure our progress?

12. Skills development and training- How do we train our employees to manage this trend and be

successful at it? How much can we do in house and how much can we outsource? Do we have resources and exec. support?

13. Staying put - Will we become irrelevant or extinct (like dinosaurs)?

24Dr. Valivullah - Mobility

Adapt to Survive

From: Bing

25Dr. Valivullah - Mobility

What does the Mobility End Point look like?

From: Bing 26Dr. Valivullah - Mobility

Time will tell….

27Dr. Valivullah - Mobility

survival of the fittest….

From : Google

References1. Cyber Challenge Report (2013) HP2. Predicts 2014: Mobile and Wireless, (2013) Gartner3. BYOD: Facts and Future, (2013) Gartner 4. Enterprise Mobile App Portfolio (2014), TechTarget5. Critical Capabilities of MDM Software (2013) Gartner6. Security for Business Innovation Council – Information Security Shake-Up7. CIO Essentials: Five Stages of Mobility Maturity (2013) IDC8. Several IDC Publications on Mobility (2013, 2014)9. Several FierceIT Security Publications (2013, 2014)10. NIST Pub. 800 -124, Managing Mobile Security, (2013) 11. Google and Bing searches online

28Dr. Valivullah - Mobility

Thank you for your service to the American Public!

Any Questions, Comments?

Contact Info: Michael.Valivullah@nass.USDA.gov

29Dr. Valivullah - Mobility