Mobility Release 1: EAS
Since the project’s inception more than five years ago, the G2SF Mobility Team has provided the Nuclear Regulatory Commission with a wide variety of enterprise mobility services and support. Beginning in 2011, the Agency requested that G2SF develop a plan to provide Bring Your Own Device (BYOD) services to Government employees. After researching various vendor solutions, the Exchange Active Sync (EAS) configuration was recommended due to its simplicity and low need for infrastructure-based changes. This configuration supported both Android and iOS devices and met industry standards. However, the Agency decided to adhere to an internal security recommendation to only permit devices that had been validated with native FIPS140-2 encryption at the device level. Consequently, BYOD users had to use (and therefore, own) a “compliant” phone, which was required to be encrypted and passcode-protected for BYOD service to be authorized. This requirement eliminated participation of iOS devices and many Android devices. Due to these constraints, program adoption rates were low. However, during the time that the EAS BYOD service operated, authorized Android users reported that the service met their needs, was highly customizable, and was reliable. A new requirement to include iOS and a validated encryption solution was issued to G2SF. Authorization to support the new requirements represents the conclusion of Mobility Release 1:EAS.
Mobility Release 2: Divide
After an arduous search for a mobile application vendor that met the Agency’s requirements, the G2SF Mobility Team identified Divide. At that time, Divide was an acceptable alternative because the Agency needed a mobile application, did not want to invest heavy in infrastructure, and wanted to include the support of iOS devices. Divide also used an algorithm for encryption that was FIPS140-2 validated, meaning all instances of the app for Android and iOS would be authorized. At the time, Divide met or exceeded the Agency’s mobility requirements such as workplace flexibility, encryption, security and other needs. In 2012, G2SF’s implementation of Divide became the first production BYOD service/program in the federal government. The G2SF opt-in mobile service solution was initially adopted by over 500 users and most of the Agency’s VIPs. Eventually, Divide’s business objectives diverged from the Agency’s requirements by discontinuing the company’s support iOS. Since iOS support was an Agency priority, G2SF immediately began a new search for the next mobile app/solution provider.
Mobility Release 3: MaaS360 Personal Information Management (PIM)
Based on the Divide experience and two years of BYOD user feedback, the G2SF Mobility Team identified and defined extensive mobile requirements for the next mobile solution. For example, requirements included data management (container policy), features/functions such as security, user friendliness, single sign on, and role-based administration. The G2SF Mobility Team reviewed various best-practice publications such as Gartner and Forrester to identify MDM solutions focused on enterprise capabilities including for example security, scalability, feature richness and cloud-first options. The team also considered testing results and testimonials from industry. G2SF developed an objective method for equitably and thoroughly assessing each of the vendor solutions and configurations (on-site, hybrid, and cloud-only) against defined requirements. After thoroughly researching various alternatives, the G2SF Mobility Team recommended what was Fiberlink’s MaaS360 as the best solution for the Agency. The recommendation was reviewed by senior Agency leadership and MaaS360 was approved for enterprise implementation. G2SF was then tasked to design, test, and deploy the enterprise MDM solution in just a few months. G2SF successfully met Agency deadlines and delivered Personal Information Management (PIM) services to over 1,000 users providing mobile access to Agency email, calendar, contacts and tasks. Within a short period of time the service became significantly more popular for both Android and iOS users, and was eventually expanded to include Government Furnished Equipment (GFE) as part of Mobility Release 4.
Mobility Release 4: MaaS360 Government Furnished Equipment (GFE)
G2SF designed and implemented GFE and direct network access (DNA) policies and services to meet expanding Agency specific requirements. For example, BYOD users required reassurance that their personal devices were not controlled by an admin (at a device level); whereas admin control of GFE devices was a requirement. Eventually, GFE devices were implemented in parallel with the DNA service to expand mobile capabilities for GFE users by providing access to internal resources. G2SF also implemented the use of Apple Volume Purchasing Program (VPP) to streamline the delivery of iOS devices to GFE users at more competitive prices.
The Agency piloted the DNA service for six months, during which time all GFE DNA capabilities were tested including access to Agency Intranet, Shared Drives, and SharePoint sites from within the encrypted MaaS360 container. This service feature was heavily tested by users during the pilot phase, mostly via documented use of the DNA service. During the pilot, various integration challenges provided ample opportunity for G2SF to enhance and fine tune the DNA service. After Agency authorization for the network access features, the DNA service was officially launched in July 2016. Eventually, DNA replaced Blackberry Enterprise Services (BES) which included over one thousand BlackBerry devices by providing a more feature-rich and cost-effective alternative for mobile power users. G2SF played a key role in facilitating the retirement of BES and the effort was publicly praised by Agency senior leadership.
Since its inception in 2011, the success of the mobility initiative has been measured by opt-in rates, growth in users supported, productivity gains, cost reductions, additional feature/functionality, formalized user feedback, low incident rates, and continued funding. IBM’s MaaS360 MDM solution currently in production supports more than 1500 users. The G2SF MaaS360 solution has increased operational efficiencies, introduced numerous enhancements, received exceptional feedback from users, logs relatively few incidents per month, and has continued to receive incremental funding to meet expanding requirements. The entire G2SF Mobility Team was publicly recognized in 2017 by the Agency CIO in a formal awards ceremony.