Anil Karmel Deputy Chief Technology Officer

National Nuclear Security Administration

Streamlined Application ManagementThe Intersection of Cloud and Mobility

2

There is a perfect storm of disruptive technology on the horizon that will enable a leaner,

smarter government

Cloud Computi

ng

Mobility

Social Computi

ng

Big Data/Analytics

.

leaner, smarter

government

3

People Processes

Technology

Architecture

Cybersecurity

Operations

Policy

Rapid deployme

nt of servers to scientists

Security controls based on

data sensitivity

Calculating energy savings

Disaster Recovery

Capital Expenditu

re Reduction

DOE IaaS Business Use Cases

DOE SaaS Business Use Cases

Social Computing

Web Conferenci

ng

Instant Messaging

Enterprise Mobility

Laboratory & Plant Users

Other Gov’t Agecy Users

Support Contractors

DOE Cloud On-Premise Cloud

NNSA Cloud Public Cloud

* Powered by developed by LANL

Services Broker

A Cloud of Clouds approach brokering any organization, through any device, to any service respectful of site autonomy; powered by the

innovation of the National Labs

Other Gov’t Agency Cloud

General Public Users

DOE Federal Users

INSIGHT• Green &

Business IT Smart Meters

• PortfolioStat• Enterprise

Architecture• Data Center

Consolidation

FEATURES• Virtual Desktops

& Servers• Enterprise

Application Store

• Enterprise Certification & Accreditation

Services Broker Enclaves

SITES

On Premise Cloud DOE Cloud Public Cloud

Organization: DOE Customer

Remediation

CFO

VDI

Public Websites

Shared Services Open Science

Hypervisor

Network

Compute

Storage

MOBILITY

Delivering a comprehensive platform for on-the-go worker capabilities

Challenge Deploying modern wireless technology is

incredibly difficult within government

Multiple federal approvals are required that slow speed to impact or block progress all together

Customers demand devices they are most familiar with yet show little interest in devices we are comfortable with securing

True wireless automation and a connected government are years, if not decades away

To make mobility real…

Data must be

available everywhere

while limiting where it goes

Rethink Mobility There are two main

strategies for data security: Virtualization and Containerization. Secure the data not the device.

Employees must be able to work how they want, where they want, on the device of their choosing.

You don’t truly understand your risk until you understand your transport.

Data

Location

Transport

National Lab Case Study

• Why Enterprise Mobility?– Problems we need to solve

• RIM Blackberry– Security Posture– Accomplishments and Statistics

• Apple iPad and Google Android– Good Mobile– Other Use Cases

• Key Takeaways & Considerations

• Key Issues– Malware– Application Architecture– Mobile Content Delivery

• Key Considerations– Corporate vs. Personally owned

devices– Help Desk Support

Why Enterprise Mobility?Where’s the right balance?

National Lab Case Study: BlackberryCurrent Environment

• Security– Secured with DISA/DoD Secure

Technical Implementation Guide– Transmissions & Data fully encrypted

(FIPS 140-2 compliant)

• Devices– Blackberry with no camera or WiFi

• Ability to remotely wipe a Blackberry if it is lost or stolen

National Lab Case Study: Blackberry Deployment Security Posture

• Blackberry can’t connect to a foreign wireless network (no WiFi)

• Only a Lab-supplied SIM can be used on the device• No third party applications allowed• USB port and microSD card slot disabled• Blackberry “Home” Screen locked on all

smartphones• Web Traffic routed through Lab infrastructure• 24/7 phone number to call if Blackberry is lost or

stolen

Apple iPad and Google AndroidConsumer-Oriented devices in the Enterprise

End users demand functionality – IT requires security

How does IT deliver solutions and yet secure consumer-oriented devices?

• Enterprise-class Email, Calendar & Contacts Consistent feature set across all platforms Message indicators for reply/forward, high

importance, meeting invites, etc. Accept/Decline meeting requests from Inbox

and view conflicts Access to Global Address List (GAL)

• Launcher Bar Provides quick access to apps

National Lab Case Study: Good MobileApple iPad and Google Android

• Security– Secured with DISA/DoD Secure Technical

Implementation Guide– Transmission & data fully encrypted (FIPS 140-

2 compliant)

• Devices– Android and Apple iOS Devices

• Secure Enterprise Container– IT keeps corporate data secure– End users get to keep their personal apps– Ability to remotely wipe the application / data if

it is lost or stolen

National Lab Case Study: Good MobileSecurity Posture

Apple iPadAdditional Use Case

Remote access to your Desktop

• Virtual Desktop Interface availability

• Remote Desktop Client for iPad (Physical Desktops)

People

Processes

Technology

Change How People Behave

Enterprise Mobility Policy

Risk Management Framework

Enterprise C&A and Procurements

802.11 everywhere

VDI and Containerization

App Store

Mobile App Management

Bring Your Own Device

Mobile/Virtual Worker

Collaboration

Mobile Applications

Change How We Do Things

Evolve our Capabilities

• What’s Your Security Posture?

• Create Cross-Functional Teams– Technical– Customer

• Manage User Expectations– Give users new features rather than take them

away– Start small, scale quickly

Key Takeaways & Considerations

Deputy Chief Technology Officer

NNSA

Anil.Karmel@nnsa.doe.gov

Anil Karmel