Anil Karmel Deputy Chief Technology Officer National Nuclear Security Administration Streamlined Application Management The Intersection of Cloud and Mobility
Dec 26, 2015
Anil Karmel Deputy Chief Technology Officer
National Nuclear Security Administration
Streamlined Application ManagementThe Intersection of Cloud and Mobility
2
There is a perfect storm of disruptive technology on the horizon that will enable a leaner,
smarter government
Cloud Computi
ng
Mobility
Social Computi
ng
Big Data/Analytics
.
leaner, smarter
government
Rapid deployme
nt of servers to scientists
Security controls based on
data sensitivity
Calculating energy savings
Disaster Recovery
Capital Expenditu
re Reduction
DOE IaaS Business Use Cases
DOE SaaS Business Use Cases
Social Computing
Web Conferenci
ng
Instant Messaging
Enterprise Mobility
Laboratory & Plant Users
Other Gov’t Agecy Users
Support Contractors
DOE Cloud On-Premise Cloud
NNSA Cloud Public Cloud
* Powered by developed by LANL
Services Broker
A Cloud of Clouds approach brokering any organization, through any device, to any service respectful of site autonomy; powered by the
innovation of the National Labs
Other Gov’t Agency Cloud
General Public Users
DOE Federal Users
INSIGHT• Green &
Business IT Smart Meters
• PortfolioStat• Enterprise
Architecture• Data Center
Consolidation
FEATURES• Virtual Desktops
& Servers• Enterprise
Application Store
• Enterprise Certification & Accreditation
Services Broker Enclaves
SITES
On Premise Cloud DOE Cloud Public Cloud
Organization: DOE Customer
Remediation
CFO
VDI
Public Websites
Shared Services Open Science
Hypervisor
Network
Compute
Storage
Challenge Deploying modern wireless technology is
incredibly difficult within government
Multiple federal approvals are required that slow speed to impact or block progress all together
Customers demand devices they are most familiar with yet show little interest in devices we are comfortable with securing
True wireless automation and a connected government are years, if not decades away
Rethink Mobility There are two main
strategies for data security: Virtualization and Containerization. Secure the data not the device.
Employees must be able to work how they want, where they want, on the device of their choosing.
You don’t truly understand your risk until you understand your transport.
Data
Location
Transport
National Lab Case Study
• Why Enterprise Mobility?– Problems we need to solve
• RIM Blackberry– Security Posture– Accomplishments and Statistics
• Apple iPad and Google Android– Good Mobile– Other Use Cases
• Key Takeaways & Considerations
• Key Issues– Malware– Application Architecture– Mobile Content Delivery
• Key Considerations– Corporate vs. Personally owned
devices– Help Desk Support
Why Enterprise Mobility?Where’s the right balance?
National Lab Case Study: BlackberryCurrent Environment
• Security– Secured with DISA/DoD Secure
Technical Implementation Guide– Transmissions & Data fully encrypted
(FIPS 140-2 compliant)
• Devices– Blackberry with no camera or WiFi
• Ability to remotely wipe a Blackberry if it is lost or stolen
National Lab Case Study: Blackberry Deployment Security Posture
• Blackberry can’t connect to a foreign wireless network (no WiFi)
• Only a Lab-supplied SIM can be used on the device• No third party applications allowed• USB port and microSD card slot disabled• Blackberry “Home” Screen locked on all
smartphones• Web Traffic routed through Lab infrastructure• 24/7 phone number to call if Blackberry is lost or
stolen
Apple iPad and Google AndroidConsumer-Oriented devices in the Enterprise
End users demand functionality – IT requires security
How does IT deliver solutions and yet secure consumer-oriented devices?
• Enterprise-class Email, Calendar & Contacts Consistent feature set across all platforms Message indicators for reply/forward, high
importance, meeting invites, etc. Accept/Decline meeting requests from Inbox
and view conflicts Access to Global Address List (GAL)
• Launcher Bar Provides quick access to apps
National Lab Case Study: Good MobileApple iPad and Google Android
• Security– Secured with DISA/DoD Secure Technical
Implementation Guide– Transmission & data fully encrypted (FIPS 140-
2 compliant)
• Devices– Android and Apple iOS Devices
• Secure Enterprise Container– IT keeps corporate data secure– End users get to keep their personal apps– Ability to remotely wipe the application / data if
it is lost or stolen
National Lab Case Study: Good MobileSecurity Posture
Apple iPadAdditional Use Case
Remote access to your Desktop
• Virtual Desktop Interface availability
• Remote Desktop Client for iPad (Physical Desktops)
People
Processes
Technology
Change How People Behave
Enterprise Mobility Policy
Risk Management Framework
Enterprise C&A and Procurements
802.11 everywhere
VDI and Containerization
App Store
Mobile App Management
Bring Your Own Device
Mobile/Virtual Worker
Collaboration
Mobile Applications
Change How We Do Things
Evolve our Capabilities
• What’s Your Security Posture?
• Create Cross-Functional Teams– Technical– Customer
• Manage User Expectations– Give users new features rather than take them
away– Start small, scale quickly
Key Takeaways & Considerations