Streamlined Application Management
The Intersection of Cloud and Mobility
Anil Karmel
Deputy Chief Technology Officer
National Nuclear Security Administration
There is a perfect
storm of
disruptive
.
technology on
the horizon that
will enable a
leaner, smarter
government
Cloud
Computing
Big Data/
Analytics
Mobility
Social
Computing
2
People
Processes
Technology
Architecture
Cybersecurity
Operations
Policy
3
DOE IaaS Business Use Cases
Rapid
deployment
of servers
to scientists
Security
controls
based on
data
sensitivity
Calculating
energy
savings
Disaster
Recovery
Capital
Expenditure
Reduction
DOE SaaS Business Use Cases
Social
Computing
Web
Conferencing
Instant
Messaging
Enterprise
Mobility
A Cloud of Clouds approach brokering any organization, through any device, to any
service respectful of site autonomy; powered by the innovation of the National
Labs
DOE Cloud
On-Premise
Cloud
NNSA Cloud
Other Gov’t
Agency Cloud
Public Cloud
INSIGHT
FEATURES
• Green & Business
IT Smart Meters
• PortfolioStat
• Enterprise
Architecture
• Data Center
Consolidation
DOE Federal
Users
Services Broker
* Powered by
General Public
Users
developed by LANL
Laboratory &
Plant Users
Other Gov’t
Agecy Users
Support
Contractors
• Virtual Desktops &
Servers
• Enterprise
Application Store
• Enterprise
Certification &
Accreditation
Services Broker Enclaves
Organization: DOE Customer
SITES
On Premise Cloud
Public Cloud
DOE Cloud
Public
Websites
CFO
Hypervisor
Shared
Services
Open Science
Network
VDI
Compute
Remediation
Storage
Delivering a comprehensive platform for
on-the-go worker capabilities
MOBILITY
Challenge
 Deploying modern wireless technology is incredibly difficult
within government
 Multiple federal approvals are required that slow speed to
impact or block progress all together
 Customers demand devices they are most familiar with yet
show little interest in devices we are comfortable with
securing
 True wireless automation and a connected government are
years, if not decades away
To make mobility real…
Data must be
available
everywhere
while limiting where it goes
Rethink Mobility
Data
 There are two main strategies for
data security: Virtualization and
Containerization. Secure the
data not the device.
Location
 Employees must be able to work
how they want, where they want,
on the device of their choosing.
Transport
 You don’t truly understand your
risk until you understand your
transport.
National Lab Case Study
• Why Enterprise Mobility?
– Problems we need to solve
• RIM Blackberry
– Security Posture
– Accomplishments and Statistics
• Apple iPad and Google Android
– Good Mobile
– Other Use Cases
• Key Takeaways & Considerations
Why Enterprise Mobility?
Where’s the right balance?
• Key Issues
– Malware
– Application Architecture
– Mobile Content Delivery
• Key Considerations
– Corporate vs. Personally owned devices
– Help Desk Support
National Lab Case Study: Blackberry
Current Environment
• Security
– Secured with DISA/DoD Secure Technical
Implementation Guide
– Transmissions & Data fully encrypted (FIPS
140-2 compliant)
• Devices
– Blackberry with no camera or WiFi
• Ability to remotely wipe a Blackberry if it
is lost or stolen
National Lab Case Study: Blackberry
Deployment Security Posture
• Blackberry can’t connect to a foreign wireless network (no
WiFi)
• Only a Lab-supplied SIM can be used on the device
• No third party applications allowed
• USB port and microSD card slot disabled
• Blackberry “Home” Screen locked on all smartphones
• Web Traffic routed through Lab infrastructure
• 24/7 phone number to call if Blackberry is lost or stolen
Apple iPad and Google Android
Consumer-Oriented devices in the Enterprise
End users demand functionality – IT requires security
How does IT deliver solutions and yet
secure consumer-oriented devices?
National Lab Case Study: Good Mobile
Apple iPad and Google Android
• Enterprise-class Email, Calendar & Contacts
 Consistent feature set across all platforms
 Message indicators for reply/forward, high importance,
meeting invites, etc.
 Accept/Decline meeting requests from Inbox and view
conflicts
 Access to Global Address List (GAL)
• Launcher Bar
 Provides quick access to apps
National Lab Case Study: Good Mobile
Security Posture
• Security
– Secured with DISA/DoD Secure Technical
Implementation Guide
– Transmission & data fully encrypted (FIPS 140-2
compliant)
• Devices
– Android and Apple iOS Devices
• Secure Enterprise Container
– IT keeps corporate data secure
– End users get to keep their personal apps
– Ability to remotely wipe the application / data if it is lost
or stolen
Apple iPad
Additional Use Case
Remote access to
your Desktop
• Virtual Desktop
Interface availability
• Remote Desktop
Client for iPad
(Physical Desktops)
People
Change How
People Behave
 Bring Your Own Device  Collaboration
 Mobile/Virtual Worker  Mobile Applications
 Enterprise Mobility Policy
 Risk Management Framework
 Enterprise C&A and Procurements
Technology
Evolve our
Capabilities
Processes
Change How
We Do Things
 802.11 everywhere
 App Store
 VDI and
Containerization
 Mobile App
Management
Key Takeaways &
Considerations
• What’s Your Security Posture?
• Create Cross-Functional Teams
– Technical
– Customer
• Manage User Expectations
– Give users new features rather than take them away
– Start small, scale quickly
Anil Karmel
Deputy Chief Technology Officer
NNSA
Anil.Karmel@nnsa.doe.gov