At the federal government, mobile email is sticky, to say the least. Several security directives and policies don't offer a lot of options. Typically, it's go BlackBerry or go without mobile email altogether.The burden of security
The Department of Defense (DoD) and the four branches of the military, for example, are all extremely mobile operations, but for years have been able to use only BlackBerry because of its level of security and ability to conform with security needs.
So too, government users have to wade through cumbersome procedures to enable mobile email and ensure that it satisfies security requirements dictated by the Department of Homeland Security. Indeed, when it comes to mobility, many government agencies have to comply with stringent security rules.
The Homeland Security Presidential Directive 12 (HSPD 12), for example, requires the use of public key infrastructure (PKI), while the Department of Defense Directive 8100.2 mandates the use of a common access card (CAC) to access mobile devices and information. CACs are used for identification, feature pictures of the federal employees, and have a chip embedded that gives access to systems, databases and locations, along with signing email through digital-read confirmations. Similar to an ATM card, a mobile device must read the CAC and the user must type in a password, such as a PIN number, for access.
Because so few mobile email systems meet these security requirements, the need to comply with security regulations has left agencies with few options; as a result, many organizations have become locked into proprietary solutions, like RIM's BlackBerry.
"There are rules of where you can and can't use [mobile messaging] and where and when you can use wireless email," said Ravi Iyer, group product manager for Motorola's Good Technology Group, adding that encryption and authentication are in place at all times to protect the integrity of data.BlackBerry, Windows Mobile meet their match
This week, however, Motorola Inc. introduced Good Mobile Messaging Secure Multipurpose Internet Mail Extensions (Good S/MIME), a messaging tool designed specifically to meet governmental security requirements while also offering a less cumbersome alternative to other tools through easier management and administration. According to Iyer, Good S/MIME supports the Motorola Q family of smartphones and other Windows Mobile devices.
Iyer said Good S/MIME is compliant with the mandated standards for public key encryption and signing of email. Additionally, the Defense Information Systems Agency has approved the development of a software technical implementation guide that will allow DoD agencies to begin using S/MIME immediately.
"For years, CIOs in the DoD have been asking for a secure mobile messaging solution that allows them to take advantage of the newest Windows Mobile devices and extends them more of the customizability of their desktop while they are mobile," said Charles Kriete, president and CEO of Buffalo Grove, Ill.-based OTBT Inc., a wireless communications distributor to the federal government sales channel.
Jack Gold, principal and founder of J.Gold Associates, a Northborough, Mass.-based mobility research and advisory firm, said the introduction of S/MIME can fill a gap that Microsoft couldn't fill on its own with Windows Mobile.
"This is the ability for the Q and other Windows Mobile devices to be secure and do something they couldn't do before," Gold said. "BlackBerry has been in the government for years and has done pretty good. On the Windows side, the devices didn't reach the government's security regulations."
Gold said enabling Windows devices to read CACs, along with adding S/MIME, offers government agencies a broader choice of devices, not limiting them to BlackBerry.
"It opens it up a bit more to competition, especially in new deployments," he said. "It provides an option for the government. It's good to have those options and not be locked in."
Current Analysis analyst Kathryn Weldon agreed, adding that Motorola and Good's addition of a CAC reader and S/MIME falls into an overall security strategy that Motorola is pushing as a market differentiator.
"Government is and always has been a key vertical for Motorola. … Security is also a key focus area, and [Motorola] is increasingly finding ways to leverage Good's expertise and assets," she said.
The Good S/MIME works with the Q device family, >Bluetooth CAC readers and standard DoD-issued common access cards to secure CAC communications, sign and encrypt email and attachments.
The technology also includes the following features:
- Automatic signing and encrypting of attachments, including Word, Excel, PowerPoint and PDF documents and pictures.
- Three-click CAC pairing, through which end users can pair CAC readers to their smartphones.
- Automatic over-the-air synchronization of certificates, which delivers cable-free access to all certificates such as personal contacts, rather than just those stored in the corporate
Along with the boosted security, Good S/MIME has all the features recently introduced under Good Mobile Messaging 5 software and service. Coupling Good 5 with Good S/MIME gives end users an integrated Really Simple Syndication, or RSS, reader and subscription manager; the ability to group and sort emails by conversation threads; the ability to customize priority mail with personalized notifications; and calendaring capabilities like real-time free/busy visibility and conference room lookup.
"There has been a void in mobile email solutions for the federal government, where security has come at a price of poor mobile experience and manageability headaches," said Sue Forbes, senior director of product management and marketing for Motorola's Enterprise Mobility Business. Forbes added that users want to be as productive on their handsets as they are on their laptops, while IT wants to ensure the highest security in compliance with government directives.
In the short term, Gold said it is unlikely Motorola and Good's S/MIME release will make a big splash, especially because the federal government is calculated in its mobility decision making. Plus, deploying Good's option requires not only devices and clients, but the back-end gear to support it. Gold said he anticipates that it will have a broader impact on companies that work closely with government agencies, such as contractors and consultants.
"You're dealing with the government," he said. "It's not like people can go out and pick up any device they choose. I don't think it's going to have a huge impact in the short term, but it is good to have options. I think this is more about the impact it will have outside the government."