MMMMMMMMMOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESOBILESAAAAAAOBILESAOBILESOBILESOBILESAOBILESAOBILESAOBILESOBILESOBILESAOBILESTTACK!TTACK!TTACK!TTACK!TTACK!TTACK!TTACK!TTACK!TTACK!TTACK!TTACK!TTACK!OBILESTTACK!OBILESOBILESOBILESTTACK!OBILESTTACK!OBILESTTACK!OBILESOBILESOBILESTTACK!OBILESOBILESTTACK!OBILESOBILESOBILESTTACK!OBILESTTACK!OBILESTTACK!OBILESOBILESOBILESTTACK!OBILES

ATTACK!AAATTACK!ATTACK!ATTACK!AAATTACK!AATTACK!AAATTACK!ATTACK!ATTACK!AAATTACK!AOBILESAOBILESTTACK!OBILES

AOBILESOBILESOBILESAOBILESTTACK!OBILES

AOBILESAOBILESAOBILESTTACK!OBILES

AOBILESOBILESOBILESAOBILESTTACK!OBILES

AOBILESTTACK!OBILES

AOBILESTTACK!OBILES

AOBILESOBILESOBILESAOBILESTTACK!OBILES

AOBILESAOBILESAOBILESTTACK!OBILES

AOBILESOBILESOBILESAOBILESTTACK!OBILES

AOBILES

THE MOBILE INVASION

IS UNDERWAY

GOVERNMENT TECHNOLOGY REVIEW

NO

VE

MB

ER

20

12

• IS

SU

E 1

5WEBSITE RELAUNCH: www.gov

techreview.com.au

E-LEARNING SUCCESS STORIES ●\CROWDSOURCING, LTE & EMERGENCY SERVICES

TELEPRESENCE PAYS ITS WAY

BRISBANE CITY COUNCIL’S HUGE WEEKEND UPGRADE

DIGITAL SIGNAGE THE FUTURE LOOKS BRIGHT

Stop typing,start talkingand get the recognition you deserve

Dragon NaturallySpeaking 12 Professional is enterprise-ready speech recognition software providing security features, confi guration options and administration tools for managing large user networks. Create macros to automate business processes. Use Dragon with a digital voice recorder, anywhere, anytime

and automatically transcribe the text when you connect to your PC.

Contact your preferred software reseller for pricing and availability or call 1300 550 716.

Dragon Speech Recognition boosts employee productivity by dramatically reducing documentation completion time. Creativity and detail is enhanced, with ideas appearing on the screen three times faster than typing - using natural, conversational speech.

Contact us today to find out about the great new features in version 12 including enhanced webmail,faster correction, the interactive tutorial and more.

Ask us about our Multi-user licensing program available for five or more licenses - includes unlimitedtechnical support, all version upgrades and software updates.

NEW VERSION 12

www.voicerecognition.com.au1300 255 900

www.voicex.com.au1300 551 778

zallcom.com.au02 6279 1700

data3.com.au1300 232 823

GTR NOVEMBER 2012 | 1

8

EMERGENCY RESPONSE: USING CITIZENS AS SENSORSWhat do high-profile disasters like Fukushima’s tsunami, Brisbane’s floods or the devastation of Hurricane Sandy have in common? With the explosion in social networking, they’re generating real-time coverage and user engagement. Here’s how emergency-services authorities are tapping into the clickstream.

NBN DEMOGRAPHICS HELP PLAN GOVT SERVICESGovernment agencies should already be planning how they’ll interact with citizens as the National Broadband Network (NBN) is rolled out. New analysis provides an unprecedented demographic view of early rollout sites and those scheduled for completion through 2015.

SPECIAL FEATURES

26 46

COVER STORY: MOBILES ATTACK! THE INVASION IS UNDERWAYThey may be the most popular productivity tool since the pen and paper, but smartphones are proving to be a double-edged sword as technology managers seek to juggle users’ rapidly increasing expectations with the realities of government-grade security requirements. The answer, as Adam Turner finds, isn’t always easy – but it is out there.

REGULARS2 Editor’s letter

4 News

34 Opinions: Amajjika Kumara, Airwave Solutions, Esri, Gary Griffiths, Karen Raccani

48 NBN Update

FEATURES14 Which smartphone is most secure? We run down the leading mobile

platforms and their strengths and vulnerabilities for enterprise use.

17 Emergency services eye fast wireless Lack of bandwidth has long compromised

the data available to emergency workers. LTE will change all that.

20 Get yourself on the train e-Learning has become an integral

part of training and education within government organisations. Here’s what the leaders are doing.

30 All signs point to digital Whether via tablet or house-sized

billboard, digital signage offers new opportunities to get your message across – and to interact with citizens in completely new ways.

CASE STUDIES12 Department of Sustainability, Environment,

Water, Population & Communities BYOD doesn’t have to be a nightmare, as long as you focus on what really counts.

16 Waverley Council counts the cost Security isn’t the only challenge in managing mobile fleets; here’s how one council got its bills under control.

25 NBN Co: Building a learning organisation from the ground up

NBN Co has gone from 0 to 100, figuratively, in record time – thanks in part to e-learning.

40 Three years on, AGIMO still counting telepresence savings Hard return-on-investment metrics can be hard to come by, but AGIMO knows exactly how much its videoconference system has saved. Hint: it’s a lot.

42 WorkSafe Victoria keeps agents in step Strict regulations around workplace compensation administration have forced WorkSafe Victoria to maintain an intricate identity system.

44 Brisbane’s big messaging migration Brisbane City Council has pulled off a massive coup after successfully migrating nearly 12,000 email inboxes in one weekend.

Stop typing,start talkingand get the recognition you deserve

Dragon NaturallySpeaking 12 Professional is enterprise-ready speech recognition software providing security features, confi guration options and administration tools for managing large user networks. Create macros to automate business processes. Use Dragon with a digital voice recorder, anywhere, anytime

and automatically transcribe the text when you connect to your PC.

Contact your preferred software reseller for pricing and availability or call 1300 550 716.

Dragon Speech Recognition boosts employee productivity by dramatically reducing documentation completion time. Creativity and detail is enhanced, with ideas appearing on the screen three times faster than typing - using natural, conversational speech.

Contact us today to find out about the great new features in version 12 including enhanced webmail,faster correction, the interactive tutorial and more.

Ask us about our Multi-user licensing program available for five or more licenses - includes unlimitedtechnical support, all version upgrades and software updates.

NEW VERSION 12

www.voicerecognition.com.au1300 255 900

www.voicex.com.au1300 551 778

zallcom.com.au02 6279 1700

data3.com.au1300 232 823

2 | GTR NOVEMBER 2012

EDITOR

David Braue

E: editor@govtechreview.com.au

NATIONAL SALES MANAGER

Yuri Mamistvalov

E: yuri@commstrat.com.au

Tel: 03 8534 5008

ART DIRECTOR

Annette Epifanidis

E: annette@commstrat.com.au

Tel: 03 8534 5030

DESIGN & PRODUCTION

Nicholas Thorne

CONTRIBUTORS

Brad Howarth, Gary Griffiths, Amajjika Kumara,

Karen Raccani, Adam Turner, Airwave Solutions, Esri

MELBOURNE OFFICE

Level 8, 574 St Kilda Rd. Melbourne Vic 3004

PO Box 6137, St Kilda Rd Central 8008

Phone: 03 8534 5000 Fax: 03 9530 8911

Government Technology Review is published by CommStrat

ABN 31 008 434 802

www.commstrat.com.au

All material in Government Technology Review is copyright. Reproduction in

whole or in part is not allowed without written permission from the Publisher.

To subscribe to GTR magazine

phone: 03 8534 5009, email: subs@govtechreview.com.au

or go to www.govtechreview.com.au/subscribeDavid Braue, Editor

E: editor@govtechreview.com.au

I know, you love your smartphone. So it’s natural to want to use it whether you’re at work and at home.

No problem. You do, of course, take every precaution to ensure that you don’t bring sensitive data home with you, right? You’re sure you haven’t synced the latest policy costings to your Dropbox account, which you are certain hasn’t been hacked, right? And you know it isn’t infected with data-sniffing malware installed after your gadget-loving four-year-old borrowed it to play Sparkly Sammy and Her Mystical Friends. Don’t you?

This month, we look into the challenges of bring-your-own-device (BYOD) strategies that are forcing organisations to reassess their long-held assumptions about security, data preservation, and employee behaviour.

We run down the relative merits of mobile platforms, and talk with a government body that has used proactive approaches to safely and successful implement BYOD. Consider your own environment carefully, because I guarantee these issues apply to you. You may be stunned to discover just how many unaddressed security problems they have created – and how easy they can be to fix.

We also take a look into the world of eLearning, which is paying off handsomely as government bodies explore new ways to turn modern technologies into effective staff training and citizen outreach tools. And we see how social-media tools and next-generation wireless technologies are promising new ways to better equip emergency-services workers.

I’d like to take a moment to thank the many readers who took the time to complete our recent reader survey. We were heartened by the positive feedback to GTR, and will take your suggestions on board to make it even more relevant for you.

For example, this issue we debut a national broadband network (NBN) update section, in which we will recap the latest developments in what is by far the government’s largest and most crucial infrastructure project.

Congratulations to Tim Downing (WA), who will receive an iPad as the winner of our reader-survey competition.

May I also direct you to www.govtechreview.com.au. After an extended period of design and consultation, we’ve overhauled the GTR Web site to be cleaner, more engaging, and better representative of GTR’s goals and market strengths.

We’re posting regular news about Australia’s public-sector technology developments, and complementing that coverage with GTR resources including multimedia, event updates, and content from previous issues.

I encourage you to drop by the site, follow our companion Twitter feed (@gov_tech_review), join our LinkedIn discussion group (click through from the Web site top page), subscribe to our regular email newsletter, and drop me a line if there’s anything else you’d like to see us doing. I look forward to “seeing” you online!

By integrating eCopy ShareScan with your existing multi-function device you can:

• automatically convert hardcopy originals into accurate, formatted, editable digital fi les - including graphics & tables.• transform static text images into searchable documents as they are scanned.• transport information directly into Microsoft® applications such as SharePoint®, alleviating the need to rekey, distribute or archive paper.• integrate with HP TRIM and other records management systems, making it easy to search and retrieve scanned information.• use secure scan-to-mail, scan-to-PC and scan-to-fi le functionality.• lower document-processing costs and keep your organisation moving faster.

The best-in-class user interface in eCopy Sharescan eliminates training, ensures rapid adoption and generates a fast ROI for your organisation, so talk to one of our team today.Email: getecopy@nuance.com or call +61 2 9434 2382. Visit getecopy.com.au for more information

Paperless productivity for organisations of every size

Using eCopy, Government organisations can integrate paper documents into their digital document management systems, via existing scanners and copiers.

eCopy

4 | GTR NOVEMBER 2012

Despite some concrete steps towards

adoption of cloud computing, many within

Canberra’s political circles still have very little

understanding of what the model is and how it

applies to government, the head of an industry

lobby group has warned.

Speaking at the recent CommsDay

Melbourne Congress, Matt Healy, chairman of

cloud-industry group OzHub, said the group

had been undertaking “significant engagement

in Canberra” such as a recent 45-minute

educational session run for 32 Coalition

members of Parliament.

“It was very heartening that you could get

32 members of Parliament, during a sitting

day, to take time out to sit in on a 45 minute

talk on cloud issues,” Healy said. “That shows

the degree to which it is a hot-button issue in

Canberra at the moment.”

The session revealed a broad range of

familiarity with cloud concepts and the issues

they raise in terms of governance, citizen

protection and more. Healy named known

technophiles such as Paul Fletcher, Simon

Birmingham and Jamie Briggs as being “good

forward thinkers” while former attorney-general

Philip Ruddock was keen to delineate a clear

legislative framework and “was very exercised

in his mind as to what the policy responses

should be” for privacy breaches.

Even Bronwyn Bishop, a former minister

for aged care and minister for defence industry,

science and personnel, proved to be well

apprised about cloud computing: she “seemed

to have quite a good idea of what infrastructure

as a service was,” Healy said.

Yet many other members were still well

behind the curve, with “very different” ideas of

what cloud computing might be. These politicians

could not afford ignorance about the cloud

model any longer: “We had to educate Canberra

because of something of a perfect storm

approaching between consumers, providers,

businesses and government,” Healy warned.

“One of the more pressing things we’ve

discovered, and a real gap in the market, is in

Canberra. That gap is about an understanding

of what cloud services are, how they’re being

used, and what interventions will be needed.”

The need for intervention was, Healy said,

reinforced by consumer-focused research that

found citizens both want to use cloud-based

services, and expect government bodies to

deliver them – and do it securely.

“Consumers see a safety net being

there for use of these services, and want the

government to do it,” he said, noting that many

consumers wanted the government to impose

harsh penalties when data in government cloud

environments was not adequately protected.

OzHub was founded a year ago

as a consortium between Macquarie

Telecommunications, VMware, Infoplex and

Fujitsu, and has recently welcomed Alcatel-

Lucent and F5 Networks to the fold.

Read the full story at bit.ly/XWGi6h.

Pollies still coming to grips with the cloud: OzHub

GTR relaunches Web siteGovernment Technology Review’s Web site has gotten a major

overhaul with a transition to a more-flexible content management

system and a commitment to delivering the best in government-related

ICT news and features.

Build on a modern Wordpress foundation, the new site

(www.govtechreview.com.au) offers a broad range of content for your

reading pleasure. Daily news updates, job listings, reader polls, information

on upcoming CommStrat events and an extensive archive of past GTR

content ensure there’s always something interesting and informative to read.

As a companion to the Web site, we have also launched a GTR

Twitter feed (@gov_tech_review) and a LinkedIn discussion group,

Technology News for the Public Sector, where readers are encouraged to

share ideas on the latest in government technology.

The Web site is a work in progress and will be continually updated to

ensure it’s meeting the needs of GTR’s readers as well as possible. If you

have any suggestions, don’t hesitate to contact GTR editor David Braue

on editor@govtechreview.com.au.

GTR NOVEMBER 2012 | 5

Australian organisations have backed away

from ICT sustainability initiatives, falling below

global standards in Fujitsu’s latest sustainability

reporting benchmarks.

The company’s third ICT Sustainability: The

Global Benchmark report comprised interviews

with 1200 CIOs and senior managers from

eight countries between April and July of this

year. Each was given an ICT Sustainability

Index (ITSx) score, with the global average

declining from 54.3 last year to 53.1 this year.

The index peaked at 56.4 in 2010.

Leading sustainability efforts in their various

categories were the USA (57.3), utilities/

construction/mining sector (56.5), and financial

services in the USA (66.8).

Australia’s score of 50.1 this year, represented

a decline from the 2011 score of 52.8 and 2010’s

score of 53.9 and put the country well behind

global averages. Australia was ranked second-last

on the ITSx scale, just ahead of China.

Fujitsu found a strong correlation between

sustainability efforts and formal programs

for tracking the cost of ICT power bills and

energy consumption. While just 23.1% of

those surveyed actually included the cost of

ICT power consumption in their budget, those

that did scored nearly twice as high on Fujitsu’s

sustainability benchmarks than those that did

not – an average ITSx of 67.6 versus 34.8.

Australian organisations were

acknowledged as having improved their

consideration of power bills in ICT planning –

less than 1% did this last year and 8.7% have

done it this year – but this is well behind the

23.1% overall average. Japan led on this metric,

with 38.5% factoring in power bills.

Australia also lagged in terms of the

number of ICT departments with control of

budgeting and managing power consumption

– 8.7%, compared with 17.7% of ICT

departments in the UK and 30% in India.

Fujitsu reported general ITSx declines

across many industries, noting also that

Australia’s relatively low environmental

management score (46.2) regulation wasn’t

producing higher ITSx scores; the US, with less

rigorous environmental standards, scored 55.6.

Australian government bodies’ ITSx was

53.7, making it the best-performing industry

in the country and the only sector to beat the

global average ITSx of 53.1. Yet Australia’s

government sector was still beaten by the

governments of New Zealand (60.0), Canada

(59.5), UK (59.3), and US (58.1).

Read the full story at bit.ly/Sw0M2o.

Government leads Australia on ICT sustainability but lags globally

Government agencies must push towards

the adoption of IPv6 even harder than private

corporations, a senior domain-name executive

has warned, to ensure they continue to build on

early momentum around adoption of the next-

generation protocol.

Speaking via teleconference link to the

recent Australian IPv6 Summit, American

Registry for Internet Numbers (ARIN) president

and CEO John Curran said governments

needed to lead the pack when it came to

upgrading their networks to support IPv6.

“It’s crucial that government be a lead

adopter of IPv6,” he explained. “We have

pushed that very hard, because the government

is slow. By starting early, they have a chance of

finishing with everyone else.”

A number of governments have pushed

hard for adoption of the technology, which

dramatically expands the pool of available

Internet addresses and is seen as essential

to ensuring the continued smooth operation

of the Internet as the current supply of IPv4

addresses are exhausted.

That point was reached last year within

the Asia-Pacific region and will be reached

in ARIN’s North American jurisdiction next

year, with name registries and ISPs are

carefully apportioning the last remaining

blocks of addresses after they were

allocated. ARIN is one of five regional

Internet registries, with Australia served by

APNIC (Asia-Pacific Network Information

Centre). (APNIC offers a range of IPv6

resources here).

The Canadian government has moved

to embrace the technology, while the US

government has been a major proponent and

is close to having all government Web sites

IPv6 enabled.

Within Australia, AGIMO has laid down

an aggressive strategy that is expected to

see IPv6 implemented across the Federal

government by this December.

The public Internet is now IPv4 and IPv6. If

someone puts a server on the Internet to serve

data and they only set it up with IPv4, they are

not reaching the entire community; they’re

short-changing themselves.

Even if they aren’t running an IPv6 stack

exclusively, organisations must make sure

they have a dual-stack configuration – which

enables servers to be reached using either

current IPv4 or new IPv6 addresses – on

existing and planned servers.

“The public Internet is now IPv4 and

IPv6,” Curran said. “If someone puts a

server on the Internet to serve data and

they only set it up with IPv4, they are not

reaching the entire community; they’re

short-changing themselves.”

Read the full story at bit.ly/QZGRau.

“Slow” government agencies must take IPv6 lead: ARIN CEO

6 | GTR NOVEMBER 2012

Three security habits could prevent 85% of hacks: Defence ministerThe severity of cyber-security incidents

investigated by Department of Defence-backed

security teams has increase dramatically over

the past year, Defence Minister Stephen Smith

said while launching an education campaign he

hopes will encourage organisations to adopt

three effective anti-security habits.

In a speech to the Defence Signals

Directorate (DSD) Cyber Security Conference,

Smith – providing an update on the DSD’s

Cyber Security Operations Centre (CSOC) –

said the team had escalated 470 of the 1250

cyber incidents reported to it in the period

through the end of September.

By contrast, the team escalated just 310

of the 1260 incidents identified last year – and

there are still three more months to go before

2012’s figures are finalised.

Noting ongoing collaboration with US and

UK security authorities – under the auspices

of the 2009 and 2011 Australia United States

Australia Ministerial Consultations (AUSMIN),

and the 2011 Australia United Kingdom

Ministerial Consultations (AUKMIN) – Smith

said cyber security had become “a global

challenge, which we can only combat by

working together…..a cyber attack could in

certain circumstances trigger the consultation

mechanisms of the [AUSMIN] Alliance.”

The growing financial impact of security

compromises had heightened the importance

of effective countermeasures, Smith added,

noting Symantec figures that had put the cost to

Australia from cyber crime at $4.5 billion – more

than the cost of burglary and assault combined.

“This issue is one that impacts adversely

upon our economic interests and national well-

being, not just our national security interests,”

he continued. “The dangers come not just from

nation states, but also from non-state actors….

More than 65% of intrusions observed by

CSOC are economically motivated.”

Aiming to transform CSOC’s experiences

in its first three years into actionable education,

Smith launched an educational video – called

Catch, Patch, Match – “to draw attention to the

need to prevent cyber intrusions.”

The [CSOC] team escalated 470 of the

1250 cyber incidents reported through the end

of September. By contrast, the team escalated

Fallout continues as world economies

weigh their response to a US congressional

investigation that has blacklisted Chinese

equipment vendors Huawei and ZTE on the

grounds that they represent a security risk.

The determination, handed down in a

recent report by the House Permanent Select

Committee on Intelligence, has said that the

two companies “cannot be trusted” for critical

infrastructure systems given their relationships

with the Chinese government.

“We have serious concerns about

Huawei and ZTE, and their connection to the

communist government of China,” committee

chairman Mike Rogers said. “China is known to

be the major perpetrator of cyber espionage,

and Huawei and ZTE failed to alleviate

serious concerns throughout this important

investigation….We warn US government

agencies and companies considering using

Huawei and ZTE equipment in their networks to

take into account the affect [sic] if [sic] could

have on our national security.”

Private enterprises are encouraged to

use alternative suppliers, and the report

recommends that US government systems

exclude components from Huawei or ZTE.

The findings would seem to exonerate

the controversial determination, made earlier

this year, that Huawei would be banned from

supplying equipment for the government’s

national broadband network (NBN).

Huawei has pushed hard into the Australian

market in recent years and was hoping to use

its credentials in similar deployments overseas

to secure a chunk of the $35.9 billion cost of

that project.

The issue became political after

opposition communications minister Malcolm

Turnbull said he would reassess the ban if the

Coalition wins the next federal election – but

recently became a source of embarrassment

after Turnbull, who had previously claimed to

have never been briefed on the reasons for the

ban, admitted he had in fact attended an ASIO

briefing on the matter.

Meanwhile, both companies have reacted

with anger to the US Congressional report,

which contains five recommendations.

Read the full story at bit.ly/Th8Vu6.

Governments weigh Huawei, ZTE bans after scathing report

just 310 of the 1260 incidents identified last

year – and there are still three more months to

go before 2012 figures are finalised.

“The cyber-threat has now reached an

unprecedented level,” the video’s voiceover

warns. Government and industry are being

threatened on a daily basis – and the effects

can be catastrophic.”

Read the full story at bit.ly/RkX1NG.

Story by ADAM TURNER

MOBILE DEVICES

There is no one-size-fits-all mobility solution -- especially since devices, resources and policies vary so widely. The push for Bring Your

Own Device (BYOD) programs can further complicate the issue. But one thing holds true for every government organisation: mobility has become impossible to ignore. The technological gatekeepers can no longer rule as the “Department of No” – especially when the mobility push within government is coming from the very top as well as staff on the front line.

Frustrated staff are already bringing their own devices to work, while remote access tools such as Dropbox are a “weed” creeping into Australian offices, warns Rhys Evans, enterprise information systems national practice manager with IT infrastructure consultancy Thomas Duryea.

“Users will inevitably bring their own devices and services into the office, trying to work around security restrictions using whatever mechanism they can,” Evans says. “It’s not nefarious. They do it because they want to use a device that enables them to best do their job.

Despite this, some government departments still see devices such as iPads as simply a way for people to slack off.”

“To be honest, unlike enterprise, we haven’t seen a big Bring Your Own Device push from government yet. At the moment, government mobility seems more focused on enabling staff to work offsite and at home. Government employers are recognising that flexible work arrangements can boost productivity and help retain talent. Implementing a wider mobility strategy also lays a solid foundation for a BYOD policy.”

MOBILES ATTACK!

THE MOBILE INVASION

IS UNDERWAY

virtualisation specialists Citrix and VMWare and networking players Cisco and Juniper to security vendors such as Symantec, Sophos and AVG.

Basic MDM features are rapidly becoming commoditised and advances in Microsoft’s ActiveSync may eventually kill off basic MDM offerings. Advanced MDM tools often distinguish themselves with extra features such as antivirus, device tracking and selective wipe options that can leave personal data intact.

Mobile device management features and security options are often restricted by the limitations of the device. When assessing the security capabilities of devices, government organisations should utilise references such as the Evaluated Products List, maintained by Australia’s Defence Signals Directorate (DSD) intelligence agency (see breakout).

“Hardening” mobile devices to address security requirements can involve restricting the ability to install third-party applications. Other limitations may include disabling access to cloud-based data sync and backup services.

Imposing and enforcing such restrictions naturally becomes more complicated when running a BYOD program, where end users value such functionality on their devices. Meanwhile, Microsoft and RIM’s all-or-nothing remote wipe options may also not be a good fit with some

BYOD policies, as they entail wiping personal data such as family photographs.

Users’ concerns about these capabilities are so strong that 86 per cent of respondents in a recent survey by MDM vendor Fiberlink said they were concerned or extremely concerned that their employers would delete personal pictures, music and email profiles.

A new paradigmWhile MDM and usage policies are important, the trend is to move away from managing end devices and instead focus on managing secure access to resources. Vendors such as Good Technology, Pinecone, Citrix, Symantec, and VMWare achieve this by creating secure encrypted containers that can be remotely wiped whilst leaving the rest of the device’s contents intact. They provide apps that run on a range of mobile platforms including iOS and Android.

Different services utilise this secure area in different ways. Good Technology’s apps are designed around the idea of running applications inside the secure container, which is isolated or “sandboxed” from the rest of the device. Citrix’s Receiver offers secure remote access to applications running on a server, with the ability to optimise the interface of desktop applications for small-screened mobile devices.

REASONS COMPANIES DENIED PERSONAL DEVICES FROM CONNECTING TO CORPORATE SYSTEMS.

Half of companies in a recent Strategy Analytics survey said they had denied personal devices from connecting to corporate systems for security reasons.

Source: Strategy Analytics 2011

Mobile governance in general 33%

Other 5%

Incompatibility with IT systems 9%

Security 50%

Regulatory issues 3%

Device knowledgeAs with most IT projects, Evans says the key to a successful mobility strategy is to begin by focusing on requirements rather than specific devices and technologies. Once they assess their requirements, some government agencies may find their existing technology infrastructure is capable of supporting the new wave of handheld devices – whether they be work-issued or BYOD.

Smartphones and tablets running the latest versions of Apple’s iOS and Google’s Android offer support for Microsoft Exchange and the remote management tools incorporated into ActiveSync. It’s worth noting that some ActiveSync features require an Exchange Server Enterprise Client Access License.

At the same time Research In Motion’s (RIM’s) BlackBerry PlayBook OS 2.0 update supports ActiveSync, as does the upcoming BlackBerry OS 10. While these Blackberry devices can now work with Microsoft infrastructure, the introduction of BlackBerry Mobile Fusion allows BlackBerry Enterprise Server to support the influx of devices running iOS and Android.

RIM’s move to embrace ActiveSync within the secure BlackBerry environment grants government organisations the ability to support a wider range of devices while still addressing security requirements, says RIM senior director for enterprise Jeff Holleran.

“As organisations look to leverage a range of devices they need to determine how they’re going to establish common policies across different devices,” Holleran says.

“What we’re doing, in a nutshell, is providing security for ActiveSync. This enables organisations to leverage their existing BlackBerry investment – in devices, infrastructure and expertise – whilst bringing BlackBerry security to other devices.”

Managing the influxThe growing reach of BlackBerry and ActiveSync make it possible to enforce policies on a range of consumer-grade devices. These policies include mandatory password-protection as well as the ability to remotely lock and wipe lost devices.

The push to do more with mobile devices has sparked the rise of specialist third-party mobile device management (MDM) providers. Key players include the likes of Good Technology, LRW’s Pinecone, Sybase, AirWatch and MobileIron. A wide range of existing technology players are also targeting the MDM space, from

GTR NOVEMBER 2012 | 9

For its part, Symantec’s Endpoint Management Suite lets IT managers set up corporate ‘app stores’ offering limited access to apps that it encapsulates inside a wrapper that enables password-protected access, encryption of data and the ability to stop employees copying data out of the app. Both Good Technology and Citrix Receiver offer the ability to support third-party applications and services within their secure environment.

This secure container approach to mobility gives government agencies greater control without simply relying on the security capabilities of the end device, says Jim Watson, APAC vice president and corporate general manager with Good Technology.

“To address today’s security risks, agencies need to go beyond basic MDM and adopt solutions that allow IT departments to set policies, control access and prevent data loss at an application and data level,” Watson says.

“By focusing first on security and control at the application level, government agencies can more readily embrace mobility and even BYOD without compromising policies or the user’s experience.”

Focusing on managing access rather than managing devices can be particularly important when it comes to BYOD programs, adds Nabeel

Youakim, APAC vice president of products and the Microsoft Alliance with Citrix.

“The ability to remotely manage access to secure resources, while limiting the amount of data stored on the device, creates a better foundation for BYOD policies than all-or-nothing remote wipe features,” Youakim says.

“You don’t own the device, so you can’t just remotely blow the device away in terms of user content such as photos if the device is lost.”

Virtualisation is seen by some as the long-term future of mobile security, although there are hurdles to overcome. One approach is to run a virtual device within an app that mimics separate hardware.

Known as a Type 2 hypervisor, this approach is commonly used by desktop software such as Parallels or VMWare Fusion to run Microsoft Windows within a window on a Mac desktop. VMware’s Horizon mobility platform deploys a Type 2 hypervisor on Android devices, but it’s still in the pilot phase and can’t be downloaded from the public app store.

Another approach to virtualisation is to run two virtual devices side-by-side on the same handset using a “bare metal” Type 1 hypervisor which mimics two physical devices. This approach is already common on servers using tools such as Microsoft’s Hyper-V, VMware ESX Server and

MOBILE DEVICES

Citrix’s XenServer. Bare metal hypervisors offer greater security and separation between devices but require hardware support, which limits their deployment on handheld devices.

The people factorWhile mobility strategies present technological challenges, it’s important to keep in mind that you’re also dealing with people. Disabling key features in the name of security and the management of personal data are two issues that Evans says highlight the importance of detailed Acceptable Usage Policies (AUPs) to accompany technological security measures.

A mobility AUP must spell out exactly where jurisdiction over work-issued and BYOD devices starts and ends. This includes hardware, as well as voice and mobile data costs, particularly when it comes to excess data charges incurred for work or personal purposes.

Keep in mind that allowing staff to make hardware purchases can mean losing out on the benefits of volume pricing and the flexibility of business telecommunications plans. A BYOD program also should consider whether consumer-grade warranties, service and support are appropriate. Devices in need of repair or replacement could see staff left in the lurch for days or weeks. It may also be necessary to return devices to the manufacturer even if they contain sensitive data.

While security concerns are obviously an important aspect of any government agency’s mobility plans, Rhys Evans says it’s important to make a realistic assessment of their security requirements so as not to unnecessarily limit devices or hinder their usefulness.

“One of the key issues I’ve encountered with mobility projects is that there’s always one overzealous person who wants to lock these devices down so hard that it defeats the purpose of having them,” Evans says. “Mobility is about flexibility and convenience – so you need to keep an open mind.”

WHICH MOBILE IT POLICIES DO YOU

REQUIRE ON INDIVIDUALLY LIABLE DEVICES?

Companies utilise a range of IT policies to secure mobile devices.

Source: Strategy Analytics 2011 End User Research

0% 20% 30% 40% 50% 60% 70% 80% 90% 100%10%

Device memory encryption

Applications restricted

Some internet domains restricted

Internet access restrictions

Lock for lost or stolen devices

Wipe for lost or stolen devices

Password enforcement

Individually Liable Devices

Corporate Liable Devices

32%52%

39%65%

34%56%

27%42%

40%68%

39%63%

50%74%

10 | GTR NOVEMBER 2012

securely.• The only way to elegantly and securely implement BYOD.• You no longer need to think 'optimal user experience' Vs 'security'. Achieve both with Good • Prevents risk of agency data leakage to non-secured applications or cloud services• Encrypts agency data at all times• Protects 3rd party, and your internal mobile applications

Now agency data goes mobile—

Contact us for a complimentary BYOD best practices guide

©2012 Good Technology Corporation and its related entities. All rights reserved. Good, Good Technology, the Good logo, Good for Enterprise, Good for You, Good Dynamics, Secured by Good, Good Connect, Good Mobile Manager, Good Share and Good Dynamics AppKinetics are trademarks of Good Technology Corporation and its related entities. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. Good's products and technology are protected by U.S. patents and various other foreign patents. Other patents pending. All Rights Reserved. iPhone, and iPad are trademarks of Apple Inc., registered in the U.S. and other countries. All rights reserved. Screen images simulated.

Good named a leader in two mobility Gartner Magic Quadrants

Good's mobile application platform secures agency data onevery employee's iOS, Android and Windows Phone.

email GoodAU@good.com or call 02 6169 4031

Secure your Agency's mobile data today

C

M

Y

CM

MY

CY

CMY

K

GTR_297mmx210mm_CS5_v2.pdf 1 11/1/2012 2:28:09 PM

12 | GTR SEPTEMBER 2012

MOBILE DEVICES

M A C Q U A R I E P U T S H O S T E D S P I N O N M D M

Given the difficulties that organisations are having in trying to keep track of their mobile devices, service providers are experimenting with a range of different ways to put appropriate mobile device management (MDM) tools into the hands of IT organisations that need them.

One of the latest to enter the fray is Macquarie Telecom, which recently launched a MDM managed service called Mobility Manager. This service offering is run from Macquarie Telecom’s Sydney data centre, eliminating the implementation issues for customers that just want to get a grip on their mobile devices.

The software-as-a-service (SaaS) platform is device- and network-agnostic, offering what Christopher Greig, telco business group executive with Macquarie Telecom, called “an essential building block for organisations looking to pursue a BYOD strategy….Organisations must address concerns around security and privacy before they can take full advantage of BYOD and broader business mobility.”

Mobility Manager is part of the firm’s managed telecommunications service offering, which also includes tools for monitoring service usage, price, and data access. – David Braue

For all the column-centimetres being dedicated to the complexities of bring your own device (BYOD) strategies, you’d be forgiven for thinking there

was no way it could be done properly. But BYOD is going swimmingly at the federal Department of Sustainability, Environment, Water, Population & Communities (DSEWPaC), for which BYOD is just the latest in a series of steps to improve employee mobility and flexibility.

Over several years, DSEWPAC has been working to improve its 2500 employees’ access to key corporate systems from a range of devices using virtual-desktop technology. A large Citrix deployment has seen around 80% of desktops virtualised, with a few exceptions for special-use cases.

Given prior efforts to decouple desktops from the desktops they were running on, CIO Al Blake and departmental executives were conceptually prepared to embrace BYOD practices as the trend caught on.

BYOD PART OF THE ENVIRONMENT

AT DSEWPACBYOD MAY BE CAUSING

ANGST FOR MANY

ORGANISATIONS, BUT ONE

FEDERAL GOVERNMENT

ALREADY HAS IT COVERED.

D S D ’ S E V A L U A T E D P R O D U C T S L I S T

The Evaluated Products List (EPL) details ICT products certified for use in Australian and New Zealand government agencies.

The EPL is maintained by the Defence Signals Directorate (DSD) and judged against the internationally-recognised Common Criteria. DSD offers guides on locking down various devices to satisfy various security levels. The agency also produces the Australian Government Information Security Manual (ISM) governing the security of government ICT systems.

The EPL currently includes Apple’s iOS platform, along with several versions of Blackberry and Windows Mobile. Google’s Android and Microsoft’s Windows Phone are yet to be added, although it’s worth noting that Apple’s iOS was only added this year; DSD cleared iOS for use with classified material up to PROTECTED (but not CONFIDENTIAL, SECRET or TOP SECRET).

Beyond PROTECTED, agencies must undertake a risk assessment following the guidance in the ISM and obtain appropriate approval for any non-compliance. BlackBerry PlayBook OS 2.0 and BlackBerry OS 7.1 for smartphones are also certified for classified material up to PROTECTED.

The DSD is currently evaluating Apple’s iOS 6 but advises users to upgrade due to “notable security enhancements” and to continue to abide to the security guidelines for iOS 5.1.

While the DSD hasn’t added Android to the EPL or issued guidelines for making it more secure, resources for improving Android security are available from sources such as the US Department of Defence. The National Security Agency has also publicly released “SE Android”, a secured version of Android based on SELinux.

BYOD was naturally popular amongst employees who often “didn’t actually like the devices they were issued with,” Blake explains. “We were previously using BlackBerrys a lot, and they were very locked down because of government security requirements. This meant that many users had two devices: a personal one in their pocket, and one that was their work device they had been given and didn’t like to use.”

DSEWPAC’s BYOD program started several months ago with a few key executives, for whom the IT department began administering smartphones with carefully managed application installations as the department moved away from BlackBerry devices. However, this full-service model quickly ran out of steam as numbers grew, and it was clear that rolling out a BYOD program across the department would require a much less resource-intensive approach.

Whereas many IT executives try to manage mobiles by controlling access to the devices, DSEWPAC took a different approach by focusing exclusively on protecting departmental data. Eighteen months spent planning a mobile device management (MDM) strategy had led to the implementation of Good for Enterprise, a MDM solution from Good Technology, which provides an app through which employees can access their email and calendaring information, and access corporate systems.

The app is designed as a secure ‘container’ that isolates the business systems and data from