RE:WE SHOULDN'T HAVE TO GUESS. Why The Hush Around DISA's Mobility Award?
commentary (from last summer)
8/9/2013 11:18 AM
Defense Information Systems Agency's contract is already reshaping the playing field for federal mobile players. But the lack of program details is a disservice to the broader mobile market.
DISA's recent $16 million mobile device management (MDM) and mobile application store (MAS) contract award to a team led by Digital Management Inc. was generally greeted as welcome news around the beltway and to the IT industry at large. After all, the award by the Defense Information Systems Agency signaled the first massive, programmatic embrace of mobile technology by the U.S. government. The award also was seen as a potential jolt for future large-scale mobile deployments in a number of large, regulated private sector industries where mobile security remains a big concern.
In what should be a shining moment for federal mobility, it is unfortunate, though not unexpected, that those companies not selected are now crying foul. What is more curious, however, is how guarded DISA and DMI are being in discussing the details of the program, given the interest in it and the fact that the usual protest period has now lapsed.
The stakes among the relatively few mobile vendors competing for this award could not be higher. That's because DISA will be the central purchasing, hosting and deployment arm for the Department of Defense and perhaps a proxy for all of U.S. government.
Notionally, DISA will also likely control all subsequent deployments of small-form-factor devices including smartphones, tablets, and special-purpose devices that require management and protection across all branches of the U.S. military.
To the relatively small group of mobile cognoscenti around the beltway, DISA represented a mobility Holy Grail. Winning this award, it was thought, would make or break companies, catapult careers, justify hiring decisions, cement reputations and unmask pretenders to the throne.
DISA's decision could also mean the end for incumbent NOC (Network Operation Center) players such as BlackBerry whose technology is widely regarded as antiquated and whose market share has dwindled to the single digits. Although to be fair, BlackBerry's BB 10 platform is piquing the interest of long-time government BlackBerry customers at a number of sizeable and significant agencies.
More ominously, NOC-dependent Good Technology received a virtual smack down by the DISA deal for similar reasons, including questions concerning scalability, extensibility and performance -- as well as where Good's code is written and hosted. Truth be told, Good has been knocking around the IT world in some form or another since the late 1990's and has been sold several times. Good's technology distinction has been marred by the company's penchant for suing competitors ranging from BlackBerry to Microsoft, Motorola, AirWatch, MobileIron, LRW, and the list goes on and on.
Non-government players, and those who don't readily meet federal information processing standards (FIPS) or security technical implement guides, also took a hit here. DISA officials took great care in their selection process to cross their T's and dot their I's. One had to have the proper information assurance qualifications to even be considered.
This doomed many of the commercial commodity MDM players from the start. Knowing their weakness, many commercial MDM companies sought to bolster their solutions by partnering with the likes of Fixmo Inc., a company with an established record in the intelligence and defense communities. Fixmo is one of the few companies who offer both an AES 256/FIPS 140-2 secure container and advanced integrity and tamper protection on-device, which were key requirements in the DISA MDM/MAS request for proposal.
To DISA's great credit, the agency specifically said it was looking for "innovative solutions" to next-generation problems in a constantly changing marketplace. It is widely interpreted that "innovative" does not include NOC companies nor those lacking security qualifications. DISA even extended the deadline for RFP submission multiple times and broadcast responses to industry questions throughout the RFP submission process.
Despite the grumbling from some vendors, by almost all measures, DISA held an exceedingly thoughtful, fair and open competition. Given the massive scope of the award, its parameters and the uncertain future of the industry, DISA officials should be commended for their scrupulous investigation and willingness to think outside the box.
However, although the official protest window has come and gone with nary a cry from a single vendor or prime contractor, we are now seeing a curious absence of transparency about the program's implementation details. That's drawing unflattering questions about DISA's good judgment, given the importance of the DISA award.
It hasn't helped that the winner of the award, DMI, has been unusually reticent to talk about the component technologies that it chose and which represent the real stars of the DISA award. Even executives associated with the winning deal, who are respected as thought leaders in the mobile community, have been notably silent in discussing even the basic elements of the solution.
The DISA MDM/MAS award is a landmark decision for mobile transformation in government and industry. The hush surrounding its implementation serves to hamper progress elsewhere. It is strange that an innocuous and widely talked about award -- with widespread repercussions for worldwide mobile deployments -- would seemingly be under a press "gag order."
Even the National Security Agency publically publishes "mobility capability packages" on its website that specifically call out the necessary component technologies -- down to the precise cryptographic algorithms -- for government use. NSA even volunteers, "The approach that the NSA mobility program is taking closely aligns with the NSA Commercial Solutions for Classified strategy."
If the NSA can be that transparent for higher classification levels, why is DISA not similarly forthcoming about the real technology behind the DISA win?
https://www.informationweek.com/mobile/why-the-hush-around-disas-mobility-award/d/d-id/1111110