ATF, NASA navigate mobile device management

Two agencies are taking very different approaches to MDM

At NASA, mobile device management isn't about the devices at all, said Erna Beverly, enterprise applications service executive at the agency.

"We took a lightweight approach to MDM via [mobile application management] and we're using an in-house developed, secure mobile access point and security services to address the security of the data, not the device," said Beverly Aug. 8 while speaking at the Federal Mobile Computing Summit in Washington, D.C.

"Our next step is going to be [to add] PIN-based authentication, or it might even be biometric," said Beverly.

The Bureau of Alcohol, Tobacco, Firearms and Explosives is actually using two MDM solutions to manage its 2,500 iPhones, 300 iPads and 1,200 BlackBerrys said Walter Bigalow, chief of IT services management at ATF.

"The use cases determine how we use the MDMs in our environment," he said, adding that ATF uses a combination of Good and AirWatch.

The bureau is using Good's MDM solution when it needs to ensure that ATF information stays within the sandbox, which requires a complex passcode to access. Agents can use a simpler passcode just to get on and make a phone call, said Bigalow.

AirWatch--which requires a single, complex passcode--allows agents broader access into the iPhone to use third-party apps to take photos, GPS readings and send information back to the bureau through the enterprise case management system, he said.

The bureau is "aggressively" exploring bring your own device, or BYOD, for agents and its established MDM strategy could make that process easier, said Bigelow.

Because NASA is using mopbile application management and has a "robust security infrastructure in place" it's already allowing BYOD, said Beverly. Employees are required to use their NASA credentials for authentication, when accessing an application, she said. However, users are limited to NASA's internal apps.

"Our CTO and CIO recognize there are other aspects of mobility that the users are going to want to utilize, and they're going to have to address a policy. We're in the throes of doing that now," said Beverly. "By September I do believe we'll have our first draft of that particular strategy."

Related Articles:
No BYOD at NSA, says Plunkett
NIST: Agencies should use MDM software
DISA eyes BYOD mobility strategy