Managing a mobile workforce: think data, not just devices

18 April 2014 | Susie Adams, CTO, Microsoft Federal

In my experience, government agencies are not built for change. They’re great at process, standards, and policy, but relentless, turn-on-a-dime change? Not so much. This can be a problem, especially in light of the sea-change that is mobile computing. According to many sources, 2014 marks a tipping point in mobility, with over half of all Internet access now taking place on mobile devices. If government agencies can’t accommodate that shift, they’re in for a bumpy, disruptive ride over the next few years.

Mobilizing for change

I had a chance to address mobility’s role as a change agent at the 4th Annual MobileGov Summit, and discuss how agencies today are sometimes culturally challenged to integrate and take advantage of the new paradigms. At the heart of it all: balancing the benefits of a productive and mobile workforce with the security protocols needed to safely access agency data using new devices and remote-access technologies. These new demands do add some complexity, but the payoff can be significant.

On the productivity side, there’s the promise of fully enabled users who can work on the devices they want, anywhere, anytime, with consistent access to agency resources. Thinking about the way we all work today, it’s clear that everyone expects to be able to use the same types of devices—and in many cases, a single device—in their personal and work lives. Delivering a unified application and device management environment, both on-premises and in the cloud, provides the consistent access that really drives the benefits home.

On the security side, how do you balance productivity against the very real risks to agency information? Where’s the sweet spot between providing access and protecting data? Enterprises and governments struggle with the same questions. Too much access and you run the risk of leaking information to the public; too much restriction and you reduce productivity and lose the benefits of mobile. The key is balance.

A happy mobile medium

I can’t speak for every company, but at Microsoft, we’ve had to find a happy medium between information security policies, the goals of our business groups, and overall employee productivity and needs. We’ve spent years working on solutions to allow employees to access sensitive data from outside our firewalls on countless devices from locations worldwide. Today we have policies, procedures, best practices, and technologies in place to do just that.

For example, in our hardware procurement strategies, we’ve created a system that accommodates a range of devices while helping us manage and control our entire mobile ecosystem. Device categories at Microsoft include:

  • “Here Is Your Own”—Highest access, lowest risk devices, such as company-purchased, domain-joined, enterprise-class PCs with Trusted Platform Module (TPM) management.
  • “Bring Your Own Managed”—Devices purchased by an employee but managed by Microsoft.
  • “On Your Own”—Highest risk, lowest access devices, not domain-joined and not supported by Microsoft IT.

Each category determines how much access a device will have to Microsoft data. That data is classified based on sensitivity, from high to moderate to low business impact, so access can be granted based on an employee’s identity and device category. We also offer an opt-in model to connect new devices to corporate resources, and surround it all with a robust firewall and perimeter protection. This allows us to manage our ever-changing, ever-evolving mobile universe by directing our focus where it belongs most: on governing data, not just devices.

Have a comment or opinion on this post? Let me know @Microsoft_Gov. Or e-mail us at ongovernment@microsoft.com.

 
Susie Adams
CTO, Microsoft Federal