With the initial operational capability of its mobile device management solution, DoD can embrace a wider variety of mobile devices. (Brian Gebhart/ARNEWS)
At last count, the Defense Department’s mobile device inventory topped 600,000 devices, with BlackBerry accounting for more than three-quarters of that total. There are also about 60,000 Apple and Android devices in use, but very few are connected to DoD’s network, mainly for security reasons. That is good enough for viewing information, but not so helpful for accessing emails, business applications or overall productivity.
The situation is changing, however.
On Jan. 31, the Defense Information Systems Agency launched initial capabilities for the department’s mobile device management solution, MDM for short. The solution, provided by technology firm DMI, signals a major shift in the department’s willingness to embrace a wider variety of commercial mobile devices beyond BlackBerry.
“Although mobile devices are the new and popular item in today's commercial market, this [DoD mobile device] strategy is not simply about embracing the newest technology,” said John Hickey, DISA’s mobility portfolio manager. “It is about keeping the DoD relevant and adaptive in an era when information and cyberspace play a critical role in mission success.”
The MDM is expected to centrally manage up to 300,000 unclassified DoD smarpthones and tablet computers over the three-year contract. The goal is to reach 100,000 devices this fiscal year.
More than 100 DISA employees and Army personnel are using the MDM today, Hickey said. About 38,000 users are expected to transition over the next five to six months.
The technology will give DoD a central view of what devices are connected to the network, whether they are in compliance with security policies and enable administrators to remotely wipe devices of data if they are lost or stolen. Approved devices include the iPhone 4S and 5; iPad mini, 2, 3 and 4; Motorola RAZR; Samsung Galaxy S III; Dell Streak; Motorola Xoom; and Samsung Galaxy Tab 10.1
The Air Force has also signed on to using the new system. Initial capabilities will include access to a DoD mobile application store and transition of approved apps and enterprise services, including DoD Enterprise Email, the Pentagon’s Global Address List and Defense Connect Online, as well as secure Web browsing features for Apple and Android devices.
Microsoft Office will be included in the next incremental roll out, or spiral as DISA calls it. “You can do pretty much what 90 percent of... the people in an office want to do today, on that device,” Hickey said.
Approved devices include the iPhone 4S and 5, iPad mini, 2, 3 and 4, Motorola RAZR, Samsung Galaxy S III, Dell Streak, Motorola Xoom, and Samsung Galaxy Tab 10.1
Buying a service
As of January, the Army had 50 Apple device users operating on the MDM, said Rick Walsh, the Army CIO G/6 mobility team lead. The Army is working with DISA to add another 10,000 users to the system within a month.
The goal: create an environment where approved Apple, Android, Microsoft and BlackBerry devices can be used.
“How they provide that service is their call,” Walsh said of DISA. “I don’t say ‘how are you going to do that?’ I buy a service.”
Within the next year, Walsh said he expects to add about 20,000 users to the MDM from across the Army, including small offices and entire commands with hundreds of users.
But not every device will be managed by the new MDM software. For example, BlackBerry devices will also be managed by DISA under a separate management solution, known as BlackBerry Enterprise Servers. Hickey said DISA is standing up initial capabilities for using BlackBerry 10 devices.
Within the Army, customers will decide what devices to procure and will help fund testing and vetting of applications for those devices, Walsh said. DISA is working through the logistics of creating an ordering portal for DoD components to pay for mobile services.
“I don’t want to get into the business of telling people in the Army how to do their job,” Walsh said. “The ultimate goal, the end state we want to get to is if your mobile device is a mobile workstation, you can do your job.”
More apps, more risk
There is, however, an Army baseline of approved applications, , Walsh said. Downloading an unapproved app from Apple’s app store or Google Play could get you blocked from the Army network.
“More apps introduce more risks,” Walsh said.
Facebook is one of the exceptions that will be available for user groups approved to access the app. Users will have access to different apps based on what has been vetted and approved by their managers for use. In some cases, location services, which enable third-party apps like cameras or maps to determine a users location, could be turned on. While Pandora and iTunes may not be high on the list as mission critical apps, they will be evaluated in the same processes as other apps, Hickey said.
“From my side,...I have full oversight of all the devices on my network, how many I have, number of users, what are the apps being used,” Walsh said. At a moments notice, the device can be immediately disabled if it’s lost, and anyone can call the Army help desk to get that done.
That’s part of the challenge in rolling out MDM capabilities across DoD. “You’ve got to have legacy IT people be excited about supporting new [operating systems], and you have to support them,” said DISA’s Hickey.
DISA customers must also procure their own devices, accessories and voice and data service plans, and users should have DoD Enterprise Email (DEE) accounts prior to joining the mobility program, according to DISA.
The agency is working with Air Mobility Command to migrate 18,000 mobile users, and the Air Force is building out its tier 1 help desk capabilities, Hickey said.
The Air Force is also replacing 5,000 of its BlackBerry devices with Apple smartphones. Eventually, all Air Force mobile users will be required to trade in their old BlackBerrys for Apple devices or other approved smartphones and tablet computer, the Air Force said in a Feb. 14 announcement. BlackBberry users will turn the devices in to be shut off after making the transition, according to Brig. Gen. Kevin Wooton, communications director for Air Force Space Command, in a broader move to eradicate the legacy devices in favor of more modern commercial technologies.
Eventually, all Air Force mobile users will be required to trade in their old BlackBerrys for Apple devices or other approved smartphones and tablet computer, the Air Force said in a Feb. 14 announcement. Blackberry users will turn them in to be shut off after making the transition, according to Brig. Gen. Kevin Wooton, communications director for Air Force Space Command.
Any new BlackBerry provisioned after Jan. 1 will require a waiver from AFSPC/A6, Wooton said. ■
Initially, the Air Force will focus on replacing BlackBerrys and executive users and enabling about 5,000 iOS devices for use, which will not be managed by DISA but by the Air Force, said Air Force Space Command spokeswoman Capt. Christina Sukach.
The reality is that not everybody in DoD is going to have a DISA-provided device, Paul Brubaker, the Pentagon's director of planning and performance management, said at an information technology conference in December.
But they're going to have devices, Brubaker said, in response to questions about DISA accommodating DoD's mobile workforce.
Managing security, expectations
Balancing security and functionality of the devices will be key.
BlackBerry's strong security features have made it the most widely used smartphone in the U.S. federal government for years. But rigid security requirements blocked users from taking full advantage of the smarpthone’s capabilities.
“I don’t want to lock it down where people don’t want to use it,” Walsh said. DoD is nowhere close to allowing its workforce to bring their own devices, but eventually that’s the goal, he said.
“We are looking at being flexible but being secure,” he said.
Editor’s Note: Get more insight directly from DISA Mobility Manager John Hickey at the upcoming C4ISRNet conference in May. Active-duty service members can attend free. Click here for more information.