What Would You Do If Your Government’s Top Secrets Were Exposed Because Your Smartphone Was Exposed to Water…or Social Media?

You know that dread you feel every time you have to migrate your apps, files, and settings to a new smartphone? Multiply that by 10 – no, 100 – and you might be able to understand the feeling that government leaders and IT teams feel when employees’ consumer-grade work phones get wet, dropped, lost, or otherwise rendered unusable. These devices don’t have to fall into a puddle, pond, or toilet for the experience to be traumatic to the employee, either. Even a dead battery can be disastrous for an emergency responder, elected official or aide. 

That’s one of the reasons why I decided to leave the public sector and join Zebra in late 2021. I’ve been on both sides of this technology equation before. I know how much public sector professionals live and breathe by their devices. I also know how common it is for public sector procurement teams to default to familiar brands when choosing technology devices for agency employees.

At the Government Services Administration (GSA), I awarded and administered a wide range of contracts for products and services for the Department of Defense (DOD) and civilian agencies. Some of the GSA Schedules contracts/subcontracts I oversaw had business volume in excess of $2 billion annually. I worked with contractors like CDW, IBM, Grainger, and many others to ensure workers had what they needed to carry out agencies’ missions. 

In fact, I was one of those workers for many years.

I was a telecommunications specialist in the U.S. Army for six years, responsible for setting up and maintaining voice and data networks on several forward operating bases in Iraq. I was also a Law Enforcement Support Specialist for the Department of Homeland Security. I assisted Special Agents and Officers in criminal and non-criminal investigations, worked caseloads involving data analysis, interviewed subjects and engaged in asset tracking of personnel and property.

I’ve experienced what happens when technology fails either physically (due to a drop, dust or poor signal placement) or systematically. Though a broken device is never a good thing, a device failure that poses a security risk can literally be life threatening. The location of troops or protected witnesses can be revealed. Operations can be compromised. Vulnerabilities can be exposed. And that’s just the start. If you give someone in a Top Secret role a device that allows for open communications, it would be impossible to prevent data leaks. Many agencies require strong security and access controls to keep information from making its way on the internet. Agencies must also be able to maintain constant control over devices. Otherwise, a government employee’s lost or stolen device might be all a bad actor needs to do a lot of damage. 

Of course, it’s best if agencies are able to easily track owned devices. But at the very least, they must be able to trust they are secure at all times. It’s also why Zebra was my choice when I made my way back to the private sector.

Every product decision Zebra makes and every solution our engineers design prioritize seven things:

1. functionality
   
2. manageability
   
3. scalability
   
4. security
   
5. longevity
   
6. reliability
   
7. user experience (which includes safety)
   

Sure, aesthetics matter too. But even those are usually discussed in the context of form versus function or, more accurately, the form’s contribution to function.

When my team and I recommend a piece of hardware or software – or even a service – as a solution to a public sector customer, we know it must be built exclusively for people who are charged with protecting people. They may be responsible for collecting information about private citizens or collecting data about sensitive infrastructure systems, such as power grids, oil and gas pipelines, bridges, telecom networks and more. Or they could be building inspectors, fire marshals, detectives, and healthcare providers who manage confidential information. So, Zebra works to ensure they can trust their technology to protect the information they are being trusted with. We also go to great lengths to prove the security of our devices by completing the rigorous Common Criteria certification process each time we update our mobile computing portfolio and participating in other security compliance processes as requested by various government agencies.  

Editor’s Note:

Zebra recently received Common Criteria certification for over 30 new Zebra Android™ 11 mobile computers – less than 12 months after receiving Common Criteria certification of over two dozen Android 10 devices.)

At the same time, we know this technology must help protect users’ own personal safety and livelihoods. Will they be able to do their jobs and meet deadlines without making mistakes? Will they be able to move safely about a facility or feel comfortable using a rugged tablet in a hazardous location to retrieve work orders and manuals or submit reports? These are all questions decision-makers should – and do – ask.

While society benefits from technology, the public and private sectors truly benefit from technology built for their industry. And organizations will get the most benefit out of technology built specifically for their type of operation and optimized to solve their unique problems. 

For example, even though rugged tablets are necessary both inside and outside the four walls, the type of rugged tablet a retail store manager needs for functions like mobile point of sale or merchandising is not going to be exactly the same as what a law enforcement officer or power plant manager is going to need. Likewise, it’s fairly common for standards or regulations to guide technology decisions in healthcare, supply chain and even hospitality environments. Yet, certified compliance with government mandates is non-negotiable for technology providers. If you want government entities to use your hardware, software or services, you must meet strict security and safety requirements, among other things. 

But I want to point out that government certification does not mean a technology is automatically suitable for use by public sector employees. Making the right choice is not as simple as checking a few boxes on a requirements list.

The Risks and Liabilities of Going with “What You Know”

The Zebra team has spent years proving the value of rugged, enterprise mobile computers, tablets and scanners to governments agencies around the world. We’ve even commissioned total cost of ownership (TCO) calculators from unbiased third-party analysts, articulated the tangible differences between consumer and enterprise-grade devices, and drilled down into the most minute design and performance considerations. 

Why? 

Choosing the right mobile device is a mission-critical decision in the public sector. Well, that’s true of any sector, but government agencies have greater liabilities than many private sector organizations. They are held more accountable for data breaches, privacy violations and oversights. People don’t just lose their jobs. Entire cities, counties and countries can lose power, access to clean water, and economic stability.  

Yet, somehow, the decision to continue giving first responders, infrastructure managers, building inspectors, intelligence officers, and military servicemembers consumer-grade devices is still deemed acceptable by government leaders. Or maybe it’s not. Maybe, this is a case of limited oversight at the agency or departmental level. Perhaps top officials would be appalled to hear their operations are at risk of being compromised every second of every day because someone with a government p-card or warrant decided that giving the agency’s entire workforce the most popular consumer smartphone would be best…because that’s the only name they really recognized from the list of mobile computer choices. 

And, yes, any government operation reliant on a consumer-grade device is at risk of being compromised in some way. 

I realize there are consumer technology companies that receive Common Criteria certification for their devices and that you feel that should inspire confidence in your decision to give government workers consumer devices. After all, the whole purpose of Common Criteria is to prove that IT products satisfy the high security standards set forth by the world’s most data-sensitive agencies. 

However, unless that smartphone or tablet you give your employee is working optimally every second of every day – meaning there is zero lag in computer processing, no delay in operating system (OS) or security updates, a steady and strong wireless connection, and a healthy battery – then there’s a risk your agency’s operation will suffer. (These things aren’t always easy to ensure with consumer devices because they weren’t exclusively built for government or enterprise use. Consumer devices typically don’t offer the same level of configuration, and manageability as enterprise devices.) 

There is also risk in giving an employee a consumer device to use at work if that device proves to be a distraction, either because it allows for unfettered access to social media apps or because every time it gets wet or the sun comes out, the user has to locate a bag of rice or a shady spot.  This underlines the importance of enterprise-grade configuration and manageability.

The consequences will vary depending on the employee’s role and the time sensitivity of the action/operation. But you can imagine a situation when a first responder can’t find the scene or a utility crew can’t find the source of the outage quickly. Similarly, if you send disaster relief teams to assess an area with a consumer device and they can’t send images or status reports back in real time, the consequences could be dire for millions of people. 

I could sit here all day listing out reasons why “enterprise grade” should be a minimum criterion for all public sector procurement officials when buying technology or why “rugged enterprise grade” should be mandated for hardware specifically. But I would rather sit down with you – or have someone on our government and field service team sit down with your team – to discuss the importance of purpose-built technologies in the context of your mission, operational scope, system architecture and physical environment. 

So, let’s talk…before something happens that puts anyone’s safety, security, reputation or well-being at risk. 

###

Related Reads:

• Ask the Expert: “Which Mobile Devices are More Secure: Android™ or iOS?”  

• Ask the Experts: Zebras Android® 10 Devices Just Received Common Criteria Certification. How Could That Impact Organizations' Mobility Solution Buying Decisions?