When it comes to using popular smartphone devices, Roger Baker has set himself a deadline to stop being the CI-“NO” at the Veterans Affairs Department.
Baker, the assistant secretary for information and technology and chief information officer, said by Oct. 1 employees will be able to connect to VA’s network using popular mobile devices.
Baker would not say which specific devices would be approved in a few months.
“In general, we are focusing on a particular set of very popular devices for Oct. 1. We haven’t named the list of exactly what will be on that Oct. 1 list,” he said. “But long term, our goal is to be able to say bring your own viewer. We will have a list of what those can be and it likely will be a moderately long list.”
Apple’s iPhone and iPad, devices running Google’s Android operating system, and Research in Motion’s BlackBerry smartphones are the most likely.
“There are two approaches here. The main approach is to allow those devices to view information through our applications from inside the VA as well as from external sources,” Baker said in a conference call with reporters Thursday. “An authenticated user with one of those devices will be able to access VISTA information but not store it on the device. That will be the predominate approach. You’d call it using the device as a thin client.”
He said the second approach is similar to the innovation pilot VA is running where the clinician can store and view data on their smartphone device.
“You can expect that information to be strongly encrypted inside that application as you can email that would be on that device,” Baker said. “We will be highly confident that anything that is storing information on the device has encryption we are satisfied with and in all other cases we will be satisfied that the authenticated user is able to view the information but not download onto the device.”
Baker said VA will decide by Oct. 1 which approach is best as well as how to get the smartphones into the hands of their employees.
Employees would have to let VA monitor the software on the phone and what they are using it for in the agency.
“It’s possible we would have a large scale acquisition of those devices but those things can be a lot more problematic,” Baker said. “And it may well be that as fast as these devices move that by the time we were able to get a contract awarded, it would be time for the next generation of devices.”
He said eventually the agency will have to ask itself whether they want to be in charge of buying them or just tell employees they can use them, but where they get them is not the agency’s business.
No matter the approach VA eventually decides, Baker said securing the data on the devices is of utmost importance.
“We will have two abilities. One is when the device connects to the network, we will review the software on it and verify there is nothing we believe to be a threat before we allow connectivity,” he said. “We will also have it set so if the device is lost, we can wipe it clean.”
VA also will have to address several security concerns, which other agencies who are testing mobile devices are dealing with. For instance, the Defense Department disables WiFi, Bluetooth and other features it believes are too risky.
“Part of what we are doing between now and Oct. 1 is looking at all the policies that have to be there from a broad standpoint and making sure they are all in place before we turn it loose,” he said.
Among those updates is VA’s mobile computing policy. Baker said the current document only covers BlackBerry devices.
“Moving forward this will open it up,” he said. “We know what we are doing has to be generic around a variety of mobile devices for access.”
VA, in many ways, already is preparing to bring the new mobile devices on its network. Baker said about a month ago VA turned on a network capability to let employees view data virtually.
“You have to view mobile devices much the way you do anything else that is not government furnished equipment that you can’t take complete control over,” he said. “I would put them in the same class with folks’ home computers and the variety of other things they may want to look at the information, but we don’t want the information stored on that device.”
Baker said he expects the Oct. 1 deadline to be like the Oklahoma land rush of 1889 where employees will be racing to get their devices approved and on the network.
“It’s pretty rewarding to be able to say ‘yes’ when everyone had taken book in Vegas that you would say ‘no,'” he said. “I much more enjoy saying ‘yes,’ than I do ‘no’ along topics along those lines.”