The Department of Veterans Affairs on Sept. 30 will award a contract for its long-awaited mobile device management system to support more than 100,000 devices, including smart phones and tablets. That includes VA-owned devices as well as the personal devices of employees and medical students.
See Also: Don't Be The Next OPM: Recognizing Risk
The contact for the system, which is essential to ensuring security when using mobile devices to access the VA's clinical information system, is one of several VA IT contracts that will be awarded before the end of the federal fiscal year, says VA CIO Roger Baker.
The dollar value of the MDM purchase is not the largest of the IT awards that will be announced, says Baker, who, in a news media conference call Sept. 26, declined to provide details about the other contracts being awarded. "There are a fair number [of other contracts] that are larger in dollar amount," he says.
However, the MDM procurement and other IT contracts that will be awarded on Sept. 30, when added to some other contracts previously awarded this month, will total about half a billion dollars, he says.
The award will come after a lengthy delay. Last October, Baker predicted that a mobile device rollout, including the MDM, would take about 18 months (see: VA CIO: Personally Owned Devices OK).
Last month, Baker said the VA had been gearing up to issue a request for proposal for the MDM and was still analyzing feedback from a request for information from vendors (see: VA Mobile Device Rollout: An Update.)
The rollout for the MDM system is expected to take about a year, Baker says. In recent months, the VA has been testing a smaller MDM supporting about 1,500 devices.
The new MDM will support "in excess of 100,000" devices, including those from a variety of vendors. "I wouldn't know what to standardize on," he says. "Even my family is device agnostic," he joked.
As for the VA purchasing mobile devices, Baker said there will not be any awards announced Sept. 30 for "mass" purchases; however there could be smaller contracts.
The VA's various business units, such as individual facilities, will need to determine "whether there is a business case" for them to allow BYOD, Baker says. The VA's central IT organization will provide the MDM and other related services to support those devices. "Our major role is enforcing information security for applications on the devices," he says.
Among BYOD users that could be supported by the enterprise MDM are the 100,000 medical students who work at the VA, he says. Those students "could use BYOD under the MDM if they sign up for the legal restrictions" that VA requires, he says.
Baker says those requirements include agreeing to allow the VA to:
- Remotely wipe off information from a personal device if any VA data is at risk;
- Deny network access if a device was "jail broken" or had security settings removed;
Baker says he expects a majority of potential BYOD users would agree to sign up for "the rules of behavior."
Last month, Baker confirmed that the VA will take a much more cautious approach to allowing staffers to use personally owned mobile devices on the job than originally planned. Last year, in announcing ambitious plans for a shift to mobile devices, Baker said the VA expected to accommodate a mix of government-owned and personal mobile devices to help hold down costs.
Baker noted last month that the VA no longer plans to be a trailblazer and will use the best practices that are being recommended to all federal agencies tackling BYOD.
On Aug. 23, the Federal Chief Information Officers Council issued a BYOD best practices guide . "I'm looking forward to incorporating that in what we do," he said about the new guide. "We've just got to be careful with [BYOD]; there are pros and cons. VA has thankfully gone from being a leader in the discussion of BYOD to a follower, and I am really happy with that. It's a complex area."