Kathleen Urbine is senior vice president of the enterprise solutions division of DMI. (Colin Kelly/Staff)
The ability to centrally manage hundreds of thousands of smartphones, tablets and applications is key to the Pentagon’s mobility strategy.
Technology firm DMI is is playing a large role in that effort under a three-year, $16 million contract it received in June for mobile device management and mobile app store capabilities. The Defense Information Systems Agency, which manages the enterprise service on the Pentagon’s behalf, has committed to standing up initial capabilities by January. “I am very happy to say we are on schedule and that we will be meeting all of our milestones,” said Kathleen Urbine, senior vice president of DMI’s Enterprise Solutions Group.
The company also is working to provide similar capabilities for the Agriculture Department, and boasts a customer base of 40 agencies. C4ISR & Networks staff writer Nicole Blake Johnson recently spoke with Urbine and DMI CEO Sunny Bajaj. Following are edited excerpts:
Can you provide an update on the mobile device management contract?
Urbine: It is a complete end-to-end solution that is going to support all of DoD with their mobile needs. We have meet all of the milestones, and this will actually be available for DoD to leverage mobile device management and application store and the delivery of secure email. When you are part of the enterprise you will be able to leverage a government furnished smartphone to securely get your email, calendar, and contents on your device. What that means is the enterprise solution has already put together all of the policies required to manage that device so that you can use that device on the DoD environment.
Are the devices unclassified Android and Apple smartphones and tablets?
Urbine: Right now, they will be deploying Android and iOS devices with this solution, but it can support other devices, which DoD will have to approve to be used.
You have the Samsung with the Knox solution. You have Windows mobile 8 devices. These are devices of the future that if DoD chooses, can be supported.
Have any services or DoD agencies committed to using the MDM/MAS solution?
Bajaj: Part of our job is not just to develop the solution for DISA but helping them drive user adoption and buy-in. DoD is actually responsible for what we call on-boarding. I can't speak in terms of numbers and which groups in DISA have already committed, but we have already seen interest from other federal agencies and other DoD entities to use that DISA vehicle.
How many users does DISA expect to support when the solution roles out by January?
Urbine: What I would say is per the contract base year, which end of base is more in the July time frame, the goal of DISA is to have 100,000 users on boarded within the first base year. The goal is every option year, which is six month option years is another 50,000 because their goal is to have all 300,000 users so that is an objective.
Potential users are exploring other MDM solutions, including the Navy. Is there a concern that people will use other solutions instead?
Urbine: There is always going to be people who test technology. We encourage them to test the technology because we truly believe that we have provided DISA with a very scalable, flexible solution. We approach this with a road map.
As new technologies evolve you introduce them into the environment, and you can remove components to gain efficiencies and drive down costs. We provided DISA with a very flexible solution that isn't just about today's needs but that can evolve and will evolve over time with the proper technical and costs model to introduce these new technologies and reduce cost.
Is there an avenue for BYOD, or is this going to be strictly government furnished devices?
Urbine: The technology can support bring-your-own-device. Once again, it is up to the individual agencies and the policy that is going to drive adoption.
How will a user’s identity be verified on the device?
Urbine: The solution supports CAC card for authentication as well as encryption and signing of emails. The requirement is FIPS 140-2. That is what I have to make sure that I can meet, and there is more than one way to do this. One size doesn't fit all. You can use a CAC card with a sled, which our solution supports. The other is to use a device that is hardened and has FIPS inherently built into it. Our solution can support that, too.
It is all about the flexibility in providing the solution and aligning the solution to an individual agency's requirements.
What measures are in place to ensure the MDM can support a growing number of users?
Urbine: We have worked very, very closely with DISA and agency architects, and the architects that are responsible for the locations where the solution is located. It has been sized and provisioned to support users. Now, the beauty is as the users come it grows. It has already been built with that scalability because it has been virtualized to be able to grow as the demand comes on board. So that was a requirement right up front that we design a scalable solution that could grow to the 300,000 users.
How does what you are developing for DISA differ from what you’re developing for the Agriculture Department?
Urbine: The difference between the two are just some of the different apps that we have deployed. Once again it is all about one size doesn't fit all. It is about the capabilities. It is how content is being delivered or how email is being delivered. DISA has a container solution, and USDA has a wrapped solution. Every individual application can be wrapped and then the wrapped apps can talk.
Similar to DISA’s role within DoD, will Agriculture provide MDM services for civilian agencies?
Urbine: When they put their acquisition strategy together that is exactly what they thought about, making it easier for some of the smaller civilian agencies to be able to use their contract vehicle. They wanted to first make sure that all 29 agencies within USDA had the ability to use it first, but they are opening it to other agencies to help gain these efficiencies.
Will DISA’s mobile app store be rolled out with the MDM solution?
Urbine: Yes. The app store is available as well. When you get your device you will be enrolled automatically. Once you enroll, the solution will push down the policies required to secure your device and any apps that have been assigned to you. After that it will automatically update as any changes are made to those apps. You also have the feature where you can go to the app store and you will only be able to see those apps that you have been approved to download. It is not any different than what we are used to commercially.
DISA is responsible for vetting the apps. Outside of this contract vehicle we also have won another task order. It is called the code checker. They are piloting how do I vet an app. How do I ensure the app is secure, and how I make sure I don't introduce any vulnerabilities? There were three awardees, and we were one of them. We provide an automated continuous integration solution that will first scan the app for any vulnerabilities or malicious [code]. Then it will also do a runtime where it will identify if there is anything that will introduce vulnerabilities to the network. Once that validation is done it will automatically publish to any app store.
What is nice about the runtime feature is it will take a third party app without having to have the source code, and it will do a scan on it and identify any vulnerabilities. We also provide a black list, white list that have already been validated. So it helps our customers be able to vet these applications quicker and know that they can securely put these third party apps out to their environment.
Are there already apps in the store?
Whatever apps that they’ve already vetted, but as far as what we’re deploying the first ones will be the container and then delivery of secure email and the PIM information [personal information manager, which includes calendar and contacts features]. Everyone thinks that an app store is just a place you go and you get an app, but it’s a way of managing your apps. Anytime you have changes you can push it to the app store so that the end devices are automatically updated. Our solution has the capability to help manage apps.
Where do you think mobility will be a few years from now?
Urbine: We are all working with industry to move away from CACs and go more to derived credentials. All of the vendors that are now inherently putting security into the device that is making it even easier to bring a secure device into the environment. So, I see a lot of devices being introduced and new technologies being introduced to help with the authentication and ensuring that the right person is getting the right information and the right apps.