GADGETS GALORE THE LATEST IN CONSUMER TECHNOLOGY
GOVERNMENT TECHNOLOGY REVIEW | JULY/AUG 2014 ISSUE 25
GOVERNMENT IN THE
FIELD
GO MOBILE WITHOUT LOSING CONTROL
GEOSPATIAL: MAPPING THE CLOUD
USE YOUR ASSETS LIKE NEVER BEFORE
INTERVIEW: US CIO FRAN TRENTLEY VIDEO AND COMMUNICATIONS TOOLS
DATA CENTRES ROUNDTABLE
Recreated PMS
Keeping it in the family
Choose from the FUJITSU Enterpise Family to transform your IT environment. An efficient, flexible foundation for business growth. www.fujitsu.com.au
shaping tomorrow with you
Contents
Cover Story
GOVERNMENT IN THE FIELD: GO MOBILE WITHOUT LOSING CONTROL
Mobility is everywhere these days, and the new style of working is certainly paying dividends. But that doesn't simplify things for the IT strategists who are charged with executing on the mobility agenda whilst retaining security, policy and data control – not to mention the very real logistics involved in managing fleets of bring your own device (BYOD) empowered workers. How can you go mobile without losing control?
REGULARS 2 Editor’s Letter 4 News 46 Opinion: Ovum, Esri, TechnologyOne, Emantra, NextDC, Bellridge, Spatial Vision, Fuji Xerox, Schneider Electric, Outback Imaging
FEATURES 20 Just talk to the cloud
Videoconferencing used to be complex, proprietary business – but a new wave of cloud-based VC providers has taken the guesswork out of the process and opened up videoconferencing to anyone with a desk phone, computer, smartphone, or tablet.
22 Interview: Fran Trentley
Special Features
8
34
A former CIO of the Presidential-level White House Communications Agency, Fran Trentley now engages with government customers of content-distribution giant Akamai. GTR caught up with him to talk about the security challenges government faces today. Watch the entire interview at www.gtrknowledgeseries. com.au.
26 GTR Government Suppliers Guide GTR's regular directory of key suppliers of information systems to government agencies.
44 Gadgets Galore
Everyone loves a great gadget – so we round up some of the latest and best.
CASE STUDIES 12 City of Charles Sturt
14 MAPPING IN THE CLOUD Geospatial technology is more widely used in government than in many other industries – and to much greater effect. But with social content and cloud-based data architectures now changing the way it's collected and used more dramatically than ever, even the GIS old-timers are finding new ways to unlock value from their geospatial investments. Here's how.
SA council shares its success locking down BYOD.
30 Orange City Council
ROUNDTABLE: THE DATA CENTRE REVOLUTION TURNS INWARDS With the government reviewing its data centre as a service (DCaaS) arrangements and a large amount of top-tier capacity now on the market, providers are looking at new ways to add value for customers that have come to expect increasing service levels and integration both between and within data-centre environments.
A major asset-management upgrade has improved asset maintenance and financial forecasting.
32 Victoria Department of Justice
The FireReady mobile app was a great hit – until demand surged so far that it fell in a heap. It was fixed with the help of the cloud. GTR JULY/AUG 2014 | 1
Editor’s Letter As any government CIO will tell you, the biggest problem about empowering your employees to be mobile, is that they are empowered to be mobile. Data tracking, at-rest encryption, cloud security, and even the logistics of tracking and managing a panoply of mobile devices have all joined the usual laundry list of CIO stressors as new technology's potential continues to enthral – and its byproducts continue to concern. Our main features this month both consider these issues, with questions of mobile security leaned against some of the latest advancements in geospatial technology. These two fields both address critical operational questions, relating at once to both the challenges of building a spatially-related infrastructure and the obstacles it poses for IT. One field that has adapted well to the change is video conferencing, which is no longer about proprietary and monstrously expensive in-room systems and more about allowing people to join multimedia collaboration sessions using whatever technology they have in their hands at the time. We run down the latest in cloud-based videoconferencing; if you're not already using one of these services, you may be making your life more complicated than it needs to be. I must set aside a moment to mention the GTR Knowledge Series (www. gtrknowledgeseries.com.au), our ongoing series of interviews in which I've been talking with a range of IT luminaries about the challenges they face and the ways they've dealt with them. We have posted over a dozen interviews – all of which I found quite interesting, as I'm sure you will – and there are more on the way in coming months. To give you a taste of what the GTR Knowledge Series involves, in this issue we've included part of the interview with Fran Trentley – a former US military man who came to head IT strategy at the White House Communications Agency and currently leads Akamai's engagement with the government sector. We talked about security and the quantity of change since his time, and if you find the excerpt here interesting, I encourage you to visit the Web site to see the complete interview. Also scattered throughout this issue are the latest industry roundtable – in which datacentre luminaries share their thoughts about the growth of the industry in the cloud era – as well as a pull-out supplier's guide to keep you in touch with the latest in the industry. And, as always, we feature interesting case studies showcasing innovative work – in this issue, the Department of Justice's FireReady app and an asset-management revitalisation project at NSW's Orange City Council. As always, I'd love to hear what's on your radar. How are you handling the challenge of mobility?Drop me a line and let me know!
EDITOR David Braue e: editor@govtechreview.com.au NATIONAL SALES MANAGER Yuri Mamistvalov e: yuri@commstrat.com.au Tel: 03 8534 5008 ART DIRECTOR Annette Epifanidis e: annette@commstrat.com.au Tel: 03 8534 5030 DESIGN & PRODUCTION Nicholas Thorne CONTRIBUTORS Kelly Mills, Kevin Noonan, Adam Turner MELBOURNE OFFICE Level 8, 574 St Kilda Rd. Melbourne Vic 3004 PO Box 6137, St Kilda Rd Central 8008 Phone: 03 8534 5000 Fax: 03 9530 8911 Government Technology Review is published by CommStrat ABN 31 008 434 802
www.commstrat.com.au All material in Government Technology Review is copyright. Reproduction in whole or in part is not allowed without written permission from the Publisher.
To subscribe to GTR magazine
phone: 03 8534 5009
David Braue, Editor E: editor@govtechreview.com.au
2 | GTR JULY/AUG 2014
email: subs@govtechreview.com.au or go to www.govtechreview.com.au/subscribe
SUBSCRIBE NOW
FOR INDEPTH COVERAGE IN YOUR SECTOR GTR Magazine incorporates technology reviews and experience from all levels of government and includes news, case studies, opinion and roundtable discussions. Subscribe to GTR magazine at iSubscribe Go to http://bit.ly/1kIPq7n
News NEWCASTLE CONSOLIDATES SYSTEMS FOR CUSTOMER-SERVICE BOOST Ratepayers in Newcastle, NSW are expected to see an improvement in customer service and responsiveness after the City of Newcastle went live with a revamped council administration that consolidates the functionality previously provided by a range of legacy systems. On July 1, the Council switched on a new and integrated finance, supply chain, payroll and employee self-service environment built on TechnologyOne's OneCouncil solution. The system represents an expanded commitment to the platform, which was previously used for financials, supply chain and enterprise content management alongside a range of other systems. “We needed to shift from a best of breed approach to an enterprise solution, in order to support the internal drive for more effective service delivery,” council IT manager Greg Brent said in a statement. “We had a number of different corporate applications and a multitude of spreadsheets that were not designed to work together.” “This meant we were constantly implementing and managing a number of interfaces to facilitate end-to-end transactions across the disparate applications. Development and maintenance of these interfaces is time consuming and expensive with a less than satisfactory outcome.”
Newcastle's new environment replaces legacy systems including Civica Authority, Chris 21 and a range of other inhouse-built systems and reflects a move back from the council's previous best-ofbreed IT architecture strategy. Brent's team will continue to expand the scope of the OneCouncil implementation, with a second phase due to add the remaining OneCouncil modules – including budgeting, asset management, business intelligence, ECM, performance planning, property & rating and customer relationship management – for go-live in July 2015.
“By spending less time on making the different systems work together, we will be able to focus on improved customer service,” Brent said. “Once implementation is complete we have also forecast significant cost savings to the organisation by reducing licensing, ongoing management and support fees. We will use the new software as a platform to re-engineer our business processes and drive further improvements across Council.” The City of Newcastle has been working with TechnologyOne since 1996 and was the company's first local-government customer.
Photo credit: CC BY-SA 2.0 berichard
SMARTMATIC-CYBERNETICA CENTRE OF EXCELLENCE PROMOTES ELECTRONIC VOTING Growing momentum behind electronic voting systems has driven e-voting vendor Smartmatic to open a centre for excellence intended to promote the use of e-voting technologies in elections around the world. The Smartmatic-Cybernetica Centre for Excellence (CoE) for Internet Voting has been designed with a remit to study and develop the process of voting over the Internet from social, political, organisational, procedural and technological angles. Citing Cybernetica's early success in Estonia – where nearly a third of voters have voted online through seven general elections in the past decade – Smartmatic has recently secured wins for its
Photo credit: Election MG 3455 - CC BY-SA 2.0 Rama
4 | GTR JULY/AUG 2014
technology in Belgium and Brazil, where the company will roll out 1424 Broadband Global Area Network (BGAN) SABRE satellite terminals to deliver voting services to the country's 15 most isolated states during its October general elections. In May, Smartmatic helped Belgian voters elect their European Parliament representatives through 3365 polling stations in a process that chose representatives for regional, federal and European parliaments and saw a voter turnout of nearly 90 percent. To be based in Tartu, Estonia, the CoE will build on the lessons learned in these and other e-voting exercises in order to promote the cause in other countries. “Estonia has been at the leading edge of Internet voting for years and is widely acknowledged as pioneers in the field,” Smartmatic chief strategy officer Paul Babic said in a statement. “They are the only country in the world where all voters can choose to vote over the Internet securely. When we were looking at investing in the future of Internet voting, it made a lot of sense to go to the source of the world’s best experience.” Despite the availability of suitable systems, e-voting has struggled to gain traction in Australia beyond the use of electronic voting in the last four ACT General Assembly elections.
CSC OPENS AUSTRALIAN SECURITY OPERATIONS CENTRE Service provider CSC has boosted its investment in the ANZ region with the launch of a security operations centre (SOC) in Sydney that has filled out the company's global network of support facilities. That network now has five locations, with more than 700 cybersecurity specialists providing a broad range of around-the-clock monitoring services including advanced threat detection, application security testing, incident response, real-time situational awareness, security information and event management, network and host intrusion detection and prevention, technical compliance monitoring, vulnerability scanning and alerting, endpoint security management, managed encryption services, data loss prevention, and forensic analysis and response. Linkages between the Sydney centre and its four peers ensure a unified security defence and helps the company detect global trends that inform the provision of proactive global protection for CSC clients, Australian vice president and general manager Seelan Nayagam said. “Security threats continue to evolve, making it incredibly challenging for organisations today to stay current,” he explained, “much less a step ahead unless cybersecurity is a key focus of risk and budget.” “As attackers become more sophisticated and risks increase, no single organisation can counter today's escalating risks on their own, therefore making it imperative to work with trusted experts.”
Samuel Visner, CSC’s global cybersecurity vice president and general manager, said the new facility would support innovative cybersecurity efforts in public and private sector organisations. “New IT architectures require evolving Cybersecurity capabilities,” he said. “In addition, cyber threats to our critical infrastructures require commercial and public sector organisations to innovate constantly. CSC’s global cybersecurity delivery infrastructure is designed to confront new threats and to innovate new technologies and practices as they become available.”
News INTELLIGENT TRANSPORT SYSTEMS AWARDS RECOGNISE GOVERNMENT INNOVATION The addition of three new award categories, including one recognising government organisations, has been confirmed by intelligent transport systems (ITS) peak body ITS Australia as it seeks to broaden the scope of ITS-related innovation across the country. The new categories in the 2014 National ITS Awards program, which is accepting nominations through 30 September, offer travel to the industry's global peak event, the ITS 2015 World Congress, in Bordeaux, France.
The government category is designed to recognise entrants that have developed or deployed a significant new innovative ITS system or services over the course of the previous year. The system or service must have “fostered advanced deployment of ITS services”, the award criteria state. The National ITS Awards Night and Dinner will be held on 28 November in Brisbane. Visit www.its-australia.com.au for more information about the awards.
WORLDWIDE SCHOLARSHIPS FOSTER PUBLIC-SECTOR GOVERNANCE SKILLS Governance-minded public-sector employees are eligible for up to $12,600 in funding under a scholarship program designed to encourage the development of governance skills in public-sector organisations. The Chant Legacy scholarships program, which is accepting applicants until October, funds up to six courses at $2100 each at any governmentaccredited tertiary institution, anywhere in the world. Scholarships are based on merit and financial need, and have been targeted to bolster governance skills that would support better management and public accountability. Twenty-one scholarships have been awarded since the program's inception two years ago, with four of them going to public-sector recipients. “Practical skills and knowledge in governance are critical for anyone seeking to improve the performance, transparency and accountability of their organisation, whatever sector they may be in – private, government or not-for-profit,” said Tim Sheehy, chief executive of Governance Institute of Australia in a statement. “As public sector budgets continue to be trimmed, government bodies have become more conscious of how a robust governance framework can directly improve the organisation’s efficiency.” Scholarship applications will be judged by governance professionals including the director of the UTS Centre for Corporate Governance, Professor Thomas Clarke; Julie Hare, higher education editor at The Australian; and Governance Institute board member, Douglas Gration. Successful applicants will be announced in December and must undertake their study during the first semester of 2015. Visit bit.ly/1rZSaCO for application forms and more information.
Digital Risk Officers to become common by 2015: Gartner The growing need to manage risk across organisations will see CEOs creating formal digital leadership roles within their offices by 2015 and fully one-third of large organisations will have digital risk officers (DROs) by 2017, Gartner has argued in recent research. The transition reflects the growing risk from informationsystems insecurity, with IT security teams struggling to manage digital risk as new technology and use cases test their defences in new and potentially compromising ways. Explosion in the use of Internet of Things, operational and other IT-related technologies will force organisations to take a higher-level view of their operations, and Gartner believes digital risk management is “the next evolution in enterprise risk
6 | GTR JULY/AUG 2014
and security for digital businesses” as a result. “Digital risk officers will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk," said Paul Proctor, vice president and distinguished analyst at Gartner. "Many traditional security officers will change their titles to digital risk and security officers, but without material change in their scope, mandate, and skills they will not fulfil this role in its entirety." The new DRO roles will be “very different” to conventional chief security officer (CSO) positions, with DROs reporting to a senior executive outside of the IT organisation.
Rather than focusing on IT security, the broader scope of the role will see DROs managing risk at a high level across business units and collaborating with peers across legal, privacy, compliance, digital marketing, digital sales and digital operations. Evolution of the role will see DROs forging close working relationships with CSOs as well as physical security teams, whose increasing reliance on digital technologies increasingly precludes their functioning in isolation. “IT, OT, the Internet of Things (IoT) and physical security form a new superset of technology that challenges the ability of existing organisational structures, skill sets and tools to consistently and adequately assess, define and
manage technology risks,” Gartner advises in the report, entitled Innovation Insight: Digital Business Innovation Risk – The Rise of the Digital Risk Officer. “Simply expanding the portfolio of the existing IT security team to include technology risk for all Internet-aware technology is not viable. New and existing technology managed outside of the IT organisation requires skills and tools beyond the competence of the IT security team in its current responsibilities.” By 2019, the digital risk concept will become “the default approach for technology risk management,” Proctor argues, noting that DROs will influence governance, oversight and decision making related to digital business.
WA LOCAL GOVERNMENTS SIGNS FOR ELECTRONIC PLANNING LODGEMENTS WA councils will get a significantly updated system for electronic lodgement of planning documents after the Western Australia Local Government Association (WALGA) signed a deal with ICON Software to use ICON's LODGE solution as the basis of a massive overhaul of its document-lodgement system. That system, called CouncilsOnline, went live in 2012 and has facilitated the lodgement of more than 12,000 building and planning approvals as well as more than 11,000 approvals. The need for a technology refresh was identified in late 2013 in order to improve performance, user experience and integration between councils and other authorities. WALGA went to tender and eventually identified the ICON solution as best meeting its requirements. Use of ICON's LODGE solution – already in use by WA councils including the Cities of Swan and Gosnells, and the Town of Victoria Park – is expected to improve accessibility by applicants to local government approval processes; reduce red tape through simplified processes, faster approvals and reduced processing costs; improve consistency between local government requirements to streamline approvals processes; and improved transparency, along with the ability to track applications at every stage in the assessment process. WA local government agencies will be progressively transitioned from the legacy CouncilsOnline platform to a new, hosted instance of the LODGE system.
GOVHACK INTEREST GROWS AS NEW DATA SETS SPUR CREATIVITY The expanding GovHack development contest this month named category, team and geography prize winners in the wake of an intense competition that saw more than 1000 participants in 10 geographies putting their heads together to find new uses for government-provided public data. The GovHack competition (www.govhack.org) saw teams competing in all capital cities (save Darwin) as well as Ballarat, Cairns, Gold Coast and Mt Gambier. Sponsorship from Telstra, Mashery, NICTA, the Department of Communications and a host of A-grade vendors confirmed the growing interest in use of open data sets. Data sets made available for this year's competition included the National Library of Australia's Trove database; 14 years' worth of Landsat 5 and 7 satellite imagery; API-based access to Australian Bureau of Statistics data; a year of Web-based analytics data through the ATO Web site; energy rating data for 6 million devices sold in Australia, from the Department of Industry; and other national data sets. There were also regional data sets, including data already available through portals managed by the likes of state governments and cities including Brisbane, Melbourne, Greater Geelong, Ballarat, Gold Coast, ACT, Adelaide, Burnside, Port Adelaide Enfield, and more. This year's challenge targeted challenges faced by data journalism, digital humanities, open science, business, social inclusion and open government. For a complete list of winners – and details of the data sets used and the applications that were created – visit www.govhack.org/2014-winners.
NEW FEDERAL GOVERNMENT CLOUD POLICY EXPECTED TO LOOSEN POLICY RESTRAINTS An overhauled policy on use of cloud-computing services in government is likely to loosen restrictions requiring ministers to sign off on individual business cases where data is expected to be moved offshore, according to reports in the leadup to the new policy's launch. Communications minister Malcolm Turnbull confirmed the launch was imminent at a recent IT industry event, noting that the policy would “significantly increase the take up of cloud services by federal government agencies, consistent with our policy for e-government and the digital economy.” The federal government was spending around $6 billion annually on ICT procurement but had spent less than $5 million on cloud services in the past four years, Turnbull said. “Of most importance are the actions we're taking to remove barriers that currently restrict, and in many cases prevent, agencies from procuring cloud services.” Citing draft policy documents, industry journal ZDNet Australia reported that these actions were likely to include the requirement for agencies to get approval from both their portfolio minister, and from the Attorney-General, before they could move data offshore.
Instead, the documents said, that responsibility would be delegated to agency heads who “are ultimately responsible for risk within their agency, and their understanding and acceptance of any risk manifested through outsourced ICT arrangements, including Cloud.”
GTR JULY/AUG 2014 | 7
Mobile Devices
GOVERNMENT IN THE
FIELD
GO MOBILE WITHOUT LOSING CONTROL BYBEVERLY HEAD
8 | GTR JULY/AUG 2014
C
learly, government data is no longer tethered to the desk – but is it properly protected when unleashed on mobile devices? When the Australian Signals Directorate updated its executive guide regarding BYOD programmes in February this year, it outlined the legal, financial and security implications for public sector IT leaders. The guide recommends that before embracing BYOD agency CIOs give careful consideration to issues such as compliance with software licences, the mechanics of how a freedom of information request might be handled if relevant data was stored on a personally owned device, and the need to ensure the security and privacy of information stored on mobile devices.
Research suggests few have the answers yet: only a quarter of Australian enterprises with 20 employees or more use any form of mobile device management technology that can track devices, monitor use patterns and – if need be – wipe a stolen or lost mobile, according to analyst firm Telsyte. BYOD has been embraced across the Australian economy – and BYO apps (BYOA) is also on the rise. Telsyte’s Enterprise Mobility Market study indicates around two thirds of Australian organisations now have some form of BYO app used by employees and 27 per cent of organisations allow employees to use personal mobile or cloud applications with no restrictions. Analyst Rodney Gedda says that BYO is widespread, with most CIOs knowing that if they try to outlaw it, “Staff will go ahead and do it anyway”. He says a combination of policy and technology remains the best approach to ensure IT maintains some level of control over data and devices. Chris Roberts, worldwide vice president of public sector with Good Technology, says that government has been slower to BYOD (according to Telsyte about 44 per cent of enterprises with more than 20 employees allow BYOD). Certainly not all public sector organisations allow BYOD. Victoria’s Brimbank City Council, for example, does not allow any form of BYOD according to director of corporate services Doris Cunningham. It does, however, make use of council owned mobile devices to support employees, which can be almost as challenging to manage.
ACRONYM SOUP If the BYO market already feels like a big serving of acronym soup, then gird your loins because there are also moves afoot to advance CYOD (choose your own device) and COPE (corporate owner and personally enabled) programmes in the public sector. Brian Walshe, general manager of end user computing at Dimension Data, says he is seeing a “pretty strong move away from BYOD”, which had in the past been implemented as a “knee jerk reaction to the fact that organisations had fallen behind in keeping technology up to date.”
Matthew Ball, Blackberry
GTR JULY/AUG 2014 | 9
Mobile Devices
“People who BYOD are less likely to lose their device and take more care than if it was employer-owned.” He expects to see more movement toward CYOD initiatives in the future, where some degree of soft control is implemented as the organisation defines a list of equipment that employees may select: “I don’t think people, if presented with a really good list of equipment, would want to spend their own money.” Ultimately, however, it matters less who bought the machine, than how the data stored on it and productivity it allows is protected. Cunningham says that the main issues Brimbank faces with employees using mobile devices is ensuring the security of the devices, and having a system that allows applications to be pushed out automatically and securely. It uses VMware’s AirWatch to track and, if necessary, delete information that is held on devices that are stolen or misplaced. AirWatch is one of a number of MDM systems delivering technical support to mobile use policies. Telsyte claims that the MDM market in Australia is fragmented, with BlackBerry the most widely deployed followed by AirWatch, MobileIron, Good Technology and SAP. BlackBerry has lately been reinventing itself in the MDM space and implemented a series of solutions in the public sector, supplying systems to the Australian Transport Safety Bureau – which provides investigators which want one with a BlackBerry smartphone connected to the BlackBerry Enterprise Service (BES) 10 infrastructure, and to the Australian National Audit Office which has similarly rolled out BES10 to support mobile management across the organisation, providing security and content management for both BlackBerry and other mobile devices. Managing director Matthew Ball says that ensuring data security for government agencies was “table stakes” for allowing any form of mobile access regardless of the lure of freedom and flexibility that mobile
William Murphy, Office of Finance and Services
10 | GTR JULY/AUG 2014
posed for employees. Blackberry’s BES10, and looming BES12 systems, are able to securely wrap content on any device, ensuring its security and also precluding that data from being cut and paste back into a personal app on a mobile device. Andrew Souter, presales manager for Landesk Software, says that the key feature of any MDM is the ability to know who was using a device and accessing data, to know what was on the device, and to track the device and wipe it when required. Earlier this year the company bought LetMobile, which provides secure email content management, so that nothing which has been stored on a device can be accessed if that device is lost or stolen. If the device is lost, it can be replaced and the employee back up and working immediately. But Souter says that in his experience people who BYOD are less likely to lose their device and take more care than if it was employer-owned. He says that although he has come across a number of organisations which have a couple of spare 'loaner' devices that people can use if they do lose their own machines, he says few agencies hold more than a couple of devices lest they are superseded. Gedda agrees that personally owned devices are less likely to be lost, and doubts many organisations have many spare devices in stock, although some government agencies may be able to tap service providers for occasional access to spare devices.
TECHNOLOGY POLICES POLICY The most successful mobile deployments mesh policy and technology to authenticate users, provide access, manage and protect data, steer end user behaviour and police activity. In this way, they manage the fine balance that exists between managing risk and supporting flexibility and user productivity. In NSW, a Government Mobility Solutions Framework has been developed to help agencies define a mobility strategy appropriate for their needs. According to William Murphy, deputy secretary of the service innovation and strategy branch in the Office of Finance and Services, “Government agencies can use MDM solutions to protect their systems and data from unauthorised access, use or disclosure. These considerations apply irrespective of whether the device is government issued or BYOD.” “MDM also covers device back-up and information recovery,” he continues. “Agencies can develop their own approach to managing this process within the broader government policy framework.” When devices are missing or mislaid, MDM solutions can encrypt information, which agencies are able to scramble remotely should the need arise. One of the benefits of implementing an MDM solution is that it reduces the need for data to be stored locally on devices. Ultimately, Murphy explains, “It is incumbent on each agency to set their own terms of responsibility for personal devices within their own agency’s BYOD policy and associated agreements with employees. “Agencies are required to develop their own specific policy requirements, and some agencies may assist staff to recover their own devices – however, these will be addressed in their BYOD agreements.” Dimension Data’s Brian Walshe says that it is important when deploying any form of mobile management system to ensure that restraints on what people can and cannot do are not so tight that
they force people to develop workarounds that introduce additional insecurities. This can perhaps lead to data on mobile devices being invisible to central data stores and not properly backed up and protected. “If you went into government you would find a ridiculous amount of their IP is on people’s C-drives and not backed up,” says Walshe. He says a better approach is to use mobile devices for access, but have the applications and data reside in the cloud – either public or private. This may come about from a broader rethink toward mobility in the public sector. Good Technology’s Chris Roberts says that there are now some agencies which are looking more holistically at how mobile devices and mobile access can transform the way governments operate, rather than being bolted onto existing processes. At that point, the discussion would naturally move away from managing the mobile device, to managing the data. “We are trying to provide security around the data,” he explains, adding that this was of greater importance to most organisations “in a post Snowden world”. Roberts, who visits public sector customers internationally, and visits Australia three or four times a year, says that local agencies have been a leader in taking “cyber security and mobility seriously, and New Zealand isn’t far behind.”
Peter Alexander, Treasury
Capture your email records Batch profile your emails Save natively into your EDRMS Automated data capture
e
z
e
s
c
a
n
Talk to us ! www.ezescan.com.au
Optional PDF output Local support Digitisation standards and compliance
Call: 1300 EZESCAN (1300 393 722)
GTR JULY/AUG 2014 | 11
Mobile Devices
LOCKING DOWN BYOD AT CHARLES STURT
SECURITY THROUGH VIRTUALITY While mobile device management systems are useful in providing the technical muscle to police compliance with mobile policy, desktop virtualisation may deliver the real key to secure mobile access according to Treasury’s Peter Alexander. Alexander is the group general manager of Treasury’s corporate strategy and services group and is about to initiate a desktop virtualisation pilot for 50 staff that will allow any device, employee or employer owned to be used to access applications and data. “The best way to protect content is not to have content on there (the mobile) – just have a view of it,” says Alexander. “I think that is the future of where we are headed, especially for secure content,” he notes, adding that under that scenario the ownership or type of device used becomes almost irrelevant. However Alexander says there will still be a role for MDM, in terms of managing devices, and being able to wipe them if required – noting that modern MDMs allow for increasingly granular control of mobiles such that it’s possible to wipe work content and retain personal content if that is what an employee prefers. Treasury had tested Good Technology’s system, which allows content to be “containerised” and secured, but a requirement from ASD that Treasury harden mobile devices – essentially locking them down – before allowing them to access the agency’s secure network rendered the approach irrelevant. Instead, Treasury deployed AirWatch. At present the agency does not allow BYOD; instead it’s adopted a COPE (corporate owned personally enabled) approach, providing personnel with Apple devices. While users are encouraged to make the device their own, there are limitations: Treasury has banned employees from backing up data to iCloud in case passwords stored in certificates are rendered vulnerable, and DropBox is also blacklisted. Alexander acknowledges that the issue of back up remains problematic, with users often advised to send emails to themselves of information they do want backed up.
Jodie Rugless, City of Charles Sturt
12 | GTR JULY/AUG 2014
The City of Charles Sturt is located in Adelaide’s Western Suburbs, caters for around 107,000 residents and employs 450 people within its administrative operations. The council developed a policy regarding employee owned devices two years ago, according to manager of information services Jodie Rugless. Staff that sign up to that policy can access just email, contact lists and calendars at this stage. “Everyone who needs mobile beyond that needs a corporate device,” she says. For the 40 or so employees who have opted for BYOD, there is a strict policy regarding what happens to the data on that device should it be lost or stolen. In a nutshell, anyone wishing to BYOD, must notify Rugless’ team if their device goes missing – at which point the information systems team will use the native Microsoft Exchange tools to wipe everything from that device including personal data. According to Rugless, there has been no pushback from users about the Council deploying what amounts to a kill-switch on their personal devices. “It surprised me. But they seemed to feel that was reassuring,” she says. Rugless adds that the council’s policy is clear: the IT department is not responsible for any support of personally owned equipment, nor will it replace employees’ lost mobile devices regardless of how useful they were for their work. For council employees with a supplied mobile device, Rugless has deployed Soti’s MobiControl mobile device management system – which allows personal and council information to be distinguished, with only council data erased if a device is mislaid. Rugless is planning to roll out MobiControl for BYO devices probably in 2015, and at the same time also possibly extend the range of applications that can be accessed from employee-owned mobile devices. She also plans to use the Soti tool to control where and how end users are able to save documents or data on a mobile device. In parallel, the Council is working toward a new information infrastructure using desktop virtualisation – a pilot is planned for later this year – coupled with a choose-your-own-device initiative which will ensure that very limited content ever resides on a mobile device and employees are given more of a say in the tools that they use for work. Rugless says that she ultimately wants more control over the data and less over the device. “This is about personal productivity,” she says, adding that the council was keen to promote work-life blending for staff. “When I’m mobile I prefer the iPad, at my desk I prefer the laptop. If you swapped them around it would reduce my productivity.”
2015
Digital Government Conference QT Canberra | 17 & 18 March 2015 DIGITAL STRATEGIES | ICT LEADERSHIP | TECHNOLOGY SOLUTIONS
The 2nd Annual Digital Government Conference 2015 will provide government IT professionals with vital information about industry trends and current and emerging technologies through the presentation of expert analysis and case studies from leading IT professionals within government as well as industry experts and thought leaders. The conference will also examine the role of specific technologies and processes in delivering efficiencies and cost savings as well as improving service delivery.
The conference will feature discussion and analysis of key challenges facing government IT professionals including: • Digital transformation – opportunities, threats and challenges
• eServices – innovation in service delivery
• Driving innovation and change through technology
• Digital strategies – integrating cloud, analytics, mobility and social media for business outcomes
• Managing your IT budget and delivering cost savings through IT
• Mobile solutions – BYOD and mobile device management and mobile applications
• The changing role of the CIO
• Cloud computing implementation strategies and policy considerations
• Selecting best business value technologies • Taking an integrated approach to managing technology, people and processes • Streamlining government processes and service delivery through ICT
CALL FOR SPEAKERS: Government and public sector speakers who wish to be considered for speaking program selection for the Digital Government Conference 2015, please email Kim Coverdale, Conference Convenor, at kim.coverdale@commstrat.com.au with your proposed topic title, proposed presentation outline approx 100-150 words) and a brief bio of yourself.
• Big data analytics – gaining strategic value and improving service delivery through data analytics • Security and privacy – strategies, policies and risk mitigation
EARLYBIRD REGISTRATIONS NOW AVAILABLE Register online at www.govtechreview.com.au/digitalgovernment before 15th December 2014 and save $100 off the standard registration price.
MULTIPLE DELEGATE DISCOUNTS AVAILABLE Register three delegates from the same organisation for the price of two delegate fees (registrations must be made at the same time. Offer excludes entry to the Conference Dinner).
www.govtechreview.com.au/digitalgovernment