Digital Transformation Enabling Next-Generation Public ...wincom.blob.core.windows.net/documents/Digital_Transformation... · May 2017, IDC Government Insights #US42509717 White Paper

May 2017, IDC Government Insights #US42509717

White Paper

Digital Transformation Enabling Next-Generation Public Safety and National Security

Sponsored by: Microsoft

Alan Webber

May 2017

IN THIS WHITE PAPER

The mission of public safety and national security (PSNS) organizations such as police, fire,

emergency medical services, and defense agencies is to keep the public safe. These organizations

exist at all levels — local, regional, national, and even international — and while this is a diverse and

eclectic group of organizations ranging from a volunteer fire department at one end to NATO at the

other, the one thing they have in common is that their success or failure is often a matter of life and

death.

There are new threats in the world that these organizations are on the front line of responding to,

threats that range from terrorist attacks to criminal gangs to natural disasters. These organizations are

chartered with keeping the public safe and preserving law and order including by not just responding to

incidents (e.g., a fire, an accident, a crime, or even a terrorist attack) but also preventing these

incidents from happening. But many of these organizations are trying to respond and stop these

threats using outdated technologies and approaches, with increasingly limited success. New and

evolving threats require new approaches. These new approaches include:

Share information faster and more efficiently. It is critical that PSNS organizations have the

ability and capabilities to gather, analyze, and share information. Capturing and sharing

information on paper once worked but is now an outdated process that does not support

mission optimization for PSNS organizations as paper is difficult to manage and share.

Unfortunately, there are several examples of communication breakdown that have led to

ineffectual response or worse, allowing a preventable act to happen because information didn't

reach the right stakeholders in time to act.

Better protect the data and information PSNS organizations have. Once they have the

information, PSNS organizations need to use the most advanced tools available to protect it.

Like the physical world, threats exist in the digital world as the cyberthreat landscape has

changed as well. Sophisticated cybercrime networks, nation states, and even third-party

actors all perpetuate increasingly sophisticated attacks and thefts of critical digital information,

and that means protecting data and devices from the edge in.

Take advantage of the evolution of technology. Just as the threats have changed, so has the

technology to combat them, specifically around cloud computing and devices. Where agencies

were once faced with purchasing clunky and hard-to-use single-application devices, newer

digital devices are available to PSNS agencies that support multiple uses and that can cover a

range of needs. These devices are often tied into cloud networks, facilitating the sharing of

information, and offer better protection of information than paper does.

©2017 IDC Government Insights #US42509717 2

IDC interviewed government technology and program managers and conducted additional research to

better understand the evolving maturity of the mobile government environment and how PSNS

agencies are adapting to this new environment. Through these interviews and additional research, IDC

was able to better understand the critical issues that government faces in adapting to a growing and

shifting mobile environment. IDC's research found that:

There is a blurring among device categories that are taking advantage of the continued

merging of desktop and mobile operating systems (OSs) such as in Windows 10. These new

devices enabled by ubiquitous operating systems allow a phone or a tablet to operate as a

desktop computer.

Devices continue to have a primary role. For example, smartphones and tablets excel at being

devices for consuming content, but devices with a keyboard and a mouse are still better for

creating content. Consumption devices are becoming more able to use input devices like a

keyboard and a mouse along with new input forms like handwritten content with an electronic

stylus, speech-to-text capabilities, and capturing video and photos because these capabilities

are now being built into device hardware and the operating systems. As a result, the new

generation of devices will truly become ubiquitous.

The cloud is reducing the dependency on the capabilities of a specific device. For example,

content creation or content review can be started on one device and finished on another. This

results in people having more than one device and those devices are connected, although the

security of those devices and operating system becomes more critical with the connectivity.

But devices still need to be able to operate while either connected or disconnected with full

capabilities.

Public safety agencies require multiple levels of security including device-based content,

application, and data-oriented security and management across multiple device hardware

types (e.g., small smartphone, tablet, laptop, and large format device) and ideally a single

operating system (or minimal OSs) to simplify both security and application development. In

this new environment, this will be a significant issue across both government-owned devices

and bring your own devices (BYODs).

Shifting to digital is valuable to the organization. Capturing information and assets digitally

leads to more complete case files. For example, using a digital device to capture typed or

handwritten info with "digital ink" including sketches, diagrams, and notes as well as digital

photos, digital voice recordings (e.g., witness statements), and other information allows it to be

immediately added to a case file and shared with trusted individuals, agencies, and groups

instantly. This can result in greater efficiency and effectiveness across the organization.

When devices are appropriately configured, digital information can be more secure than paper

files. For example, a device with modern security software can be wiped remotely if lost or

stolen. The data on the device will be encrypted while stored on the device and when it is

transmitted.

SITUATION OVERVIEW

Introduction

We have become a society dependent on technology, and many consumers are shifting to mobile

digital technologies that operate within an increasingly digital-enabled society. Whether we are buying

coffee at Starbucks with an app, choosing what restaurant to eat at and what movie to see, or looking

up recipes at home, most of us have one or more mobile devices with us that we can use to access


email, text messages, the internet, other apps, and more. For example, according to the January 2017

Mobile Technology Fact Sheet from the Pew Internet Project, 95% of American adults have a cell

phone, 77% of American adults have a smartphone, and about 50% of American adults have a tablet

computer. We are increasingly becoming a global society dependent on digital technologies as a way

of communicating, interacting, and receiving information in our personal and professional lives. And

this is carrying over into our work lives as more and more employees are bringing personal devices

into work and using them for work purposes such as email, collaboration, and remote work. This

movement not only has changed the expectations of the value that digital technologies can add to the

workplace but also has forced IT departments to transform from a desktop mindset to a more mobile

and dispersed IT operating environment mindset.

Governments, and specifically public safety and national security agencies, are no different from the

private sector in that the IT department is being forced to transform often by forces outside of its

control. The first era of digital government, or Gov 1.0, was the era where government employees

began to adopt email, connecting them to each other and to the public for the first time via digital

means. This was also the era of the early static government websites that matched what was available

in print. The second era of digital government, or Gov 2.0, saw the introduction of additional online

services, the use of multimedia and multichannel communications, and true transactions happening

across a digital platform. Gov 2.0 also saw the introduction of wireless capabilities, for both citizens

and government employees, including the introduction of telework. The current era, or Gov 3.0, is

focused on delivering broad and pervasive government services to citizens across multiple channels

and platforms. For government employees, it is employing digital platforms to move beyond telework to

the ability to work anywhere with the same resources, no matter the device that the job requires from

the office to the battlefield and anywhere in between.

Mobile technologies and mobile-centric applications are key components in what IDC calls the

"3rd Platform," a new generation of technologies and applications that include Big Data and analytics,

social business technologies, cloud, and mobile. As public safety agencies, including law enforcement,

ambulance/EMS, and fire services, evolve to become more efficient in their use of resources and more

effective in mission accomplishments, a critical technology will be mobile. Implementing mobile

technologies in public safety will provide a number of potential benefits. But implementing mobile

technologies in public safety agencies is not without its issues.

The Needs of Public Safety and National Security Are Different

Although many government agencies have special roles and missions that need to be accomplished,

the role of public safety is uniquely different from other types of government agencies and significantly

different from most roles in the private sector. Public safety agencies, including law enforcement,

border control and management, fire and rescue, emergency medical services and, in some cases,

national defense agencies, have a broad set of missions whose ultimate purpose is to protect life and

property whether on land or at sea. Because of the requirements placed on these agencies, often the

toolsets including IT resources, mobile devices, and connectivity are unique to the space and the role.

Some of the requirements that the public safety demands around data and devices are:

Access and handling of large amounts of data. Public safety missions can and often do require

the ability to access and handle large amounts of data from maps with multiple layers to files

of contacts and related information to detailed medical records. The ability for the devices and

platforms that public safety agencies use to be able to efficiently and effectively access and

handle large amounts of data is a critical requirement.


Unique sources of data. Data used in the public safety mission can come from a variety of

sources and formats including GPS data tied to maps and other records, still photographs and

images, recorded and live video feeds, and flat files. So whatever platform public safety

agencies use needs to have the applications necessary to be able to process and display the

data from current and future sources. For example, the ability to place a camera feed from the

security cameras both inside and outside a convenience store that is being robbed into the

computer of the responding police officers gives them critical information about what they are

up against and how to respond.

Speed of data to information. Data is great, but to accomplish the public safety mission

requires turning the data into knowledge, and this often involves speed. For example, if there

is a fire, the data about that fire including location, size, materials involved, people in danger,

and any hazardous materials or conditions is necessary for the fire department to execute an

effective response. If the information is slow getting to the responding units or in a format they

can't use, it places the responding units at a disadvantage and may result in additional

property loss or loss of life.

Operate in harsh environments. Most public safety missions don't happen in a protected office

but out in environments that include freezing to boiling temperatures, rain and snow, and high

winds. Because of this, the devices that public safety professionals rely on need to be able to

operate in all these extreme environments, and at the same time, the network these devices

depend on needs to be able to operate in the same conditions. For example, coast guard units

around the world operate in some of the harshest environments at sea, including rescuing

boaters during hurricanes and typhoons, and the devices they use to get information and

communicate need to be able to operate under these conditions.

Security of information and devices. Much of the information that public safety agencies deal

with is at the minimum confidential and may include personally identifiable information. At the

upper levels, it may be secret and require significant protection. For example, the information

counterterrorist officers or anti-gang unit police officers require on their device could have

significant consequences for the officers and their investigations, families of affected parties,

and more if that data were to be compromised. It is critical that devices have built-in security;

for example, employing telemetry data to determine when and where events take place can

not only support the mission but also identify when there may be unusual behavior or a

security breach.

The Benefits of Adoption of a Digital Architecture for PSNS

The high adoption of digital architecture and the devices and platforms that enable it within public

safety agencies is driven by the benefits. These benefits come from two types of use —

supplementation and replacement allowing computing resources anywhere and across multiple

platforms. Supplementation is the use of mobile devices as a secondary platform to supplement the

primary work platform of a personal computer or a laptop. Replacement is the use of a mobile device

in lieu of a personal computer or a laptop. Currently, in public safety agencies, much of the adoption is

supplementation and, to a degree, replacement and is done with employee-owned devices because

agencies are either not providing the devices or not enabling them enough when they do provide them.

Some of the benefits that public safety and national security agencies and employees have found from

the use of personal or other mobile devices expanding a digital architecture while at work are:

Increased productivity. One of the largest benefits of a digital architecture is increased

efficiency and effectiveness. Whether looking up information in a meeting, reviewing

photographs and charts from a remote location, or simply returning an email, a PSNS

employee who has the ability to complete a task away from his/her primary computer gets


more work done. An example of this is the issuing of ruggedized tablets to police officers and

other law enforcement officers to use in their patrol cars, both providing better access to

information and allowing the officer to complete necessary paperwork away from the office.

Enhanced access. Closely tied to increased productivity is enhanced access to information

and applications. Whether through directed applications unique to the agency or general

applications like Google Maps, Yahoo Weather, or a web browser across devices, employees

can access additional applications and corresponding information when away from their desks

or in the field. For example, a social worker can access information about a current case and

background information along with potential resources while working in the field with a

homeless family.

Better collaboration. Outcomes improve through collaboration. Until recently, collaboration has

been limited to in person, on the phone, and back and forth via email. New devices and

applications are changing to increase the breadth of contexts that collaboration happens

across and the depth of the level of collaboration. Using different collaboration platforms, an

investigator can access records and files he/she needs as well as communicate and

collaborate with colleagues on the other side of the city or country quickly and easily thanks to

modern mobile technologies.

Better service to citizens. A digital architecture will allow public safety employees to deliver

better services to citizens more quickly by bringing the information stored in government IT

systems to the point of interaction and engagement. For example, a park ranger can

coordinate softball and soccer field use or quickly call for an ambulance if someone is injured.

Improved cost efficiency. A digital architecture potentially improves the cost efficiency of

technology in two ways. First, the use of personal devices (BYOD) in a supplementation role

has been a cost-effective option for government because it increases the effectiveness of the

employee while only moderately increasing organizational IT support costs and hardware

costs. Second, the costs of managing devices, applications, and corresponding infrastructure

are generally lower for a single device than for multiple devices. Third, the long-term costs of

digitizing paper forms such as work orders or inspection forms are lower and drive efficiencies

by eliminating printing and shipping costs as well as labor costs associated with scanning

paper documents or the need to key in handwritten information from a paper form to a digital

format — which is also prone to transcription errors.

The Security Aspect in PSNS

For all the benefits that these new generation of devices can bring to PSNS agencies, there is a

significant issue in ensuring the security of the information and the networks. Each device is an

endpoint and an access point to the network, and adding devices, especially mobile devices, to a

government network significantly increases the potential attack surface that a threat may target. In

addition, each device becomes a mobile computer with data and access on it that can be misplaced,

lost, or stolen much easier than a desktop PC can be. Thus adopting mobile devices requires that

public safety agencies incorporate security planning from the beginning and take a broad look at

mobile security from hardware and software to technical requirements and user behavior.


In developing a digital architecture, public safety agencies need to address the following critical issues

in planning for security:

Enhanced monitoring and management. Given the nature of certain types of information being

exchanged across public safety devices, there is a need for enhanced monitoring and

management of the devices — the types and sources of information both stored and

exchanged on the devices, the applications available and used on the device, and the

operating system environment that is operating.

Protecting data at rest. Data and information stored on the device become significantly more

vulnerable if the device is lost or stolen than data stored on-premise behind the firewall.

Protecting data in transit. Another issue is how government data and information are protected

in transit. Most agencies will employ a commercial network, and government data traveling

across a commercial network is open to interception.

Trusted/measured boot and trusted/measured runtime. A vulnerability of mobile devices is that

they can be hacked through the introduction of an altered boot or runtime such as through a

virus. Securing against this requires a trusted boot accomplished through a hardware DRM

and a trusted runtime environment allowing only signed software to run. This includes an

operating system that has been secured by closing open ports, patching kernels, and

establishing defensive measures, including firewalls, intrusion prevention systems, and

intrusion detection systems.

To address these issues, public safety agencies need to implement the following critical components

to mobile security:

Mobile device management (MDM). Mobile device management solutions allow government to

effectively manage the mobile devices on its networks and address the need for enhanced

monitoring and management. This includes ensuring that the device is appropriately

provisioned and configured, controlling what software can be installed and how the devices

are used, ensuring that software patches are up to date, conducting remote backups, tracking

the device, and then securing that endpoint should the device be lost or stolen. MDM also

includes appropriate VPNs, secure email and messaging services, and other secure services

such as a secure browser as necessary.

User authentication. A second key component is user authentication to protect data at rest. At

the most basic level, this involves a username and a password. However, government is

moving toward multifactor authentication leveraging derived credentials and the adoption of

biometric and multifactor authentication using the device itself (via a Trusted Platform Module

[TPM] chip) as a factor.

Data encryption and information rights management. Given the nature of the data and the

potential impact of its loss, government data should be encrypted on any device to protect any

data at rest on the device and data in transit to and from the device and a VPN should be

employed to protect the data in transit. Data must also be protected, whether in a raw format

or in a document format, so that accidental or intentional distribution to non-authorized

recipients is prohibited.

Malware and virus detection. Malware and viruses are a threat to all types of devices including

those running Windows 10. The threat landscape is dynamic, and hackers will surely create

new threats that will require new and innovative changes to the operating system to remain

secure.


The Use Cases of Digital Transformation in Public Safety

Public safety agency adoption of the digital-enabled platform is being driven less by the IT department

and more by individual public safety employees who are using advanced digital devices at home and

bringing their personal digital devices to work so that they can check and respond to email from

anywhere, take notes in meetings that are then synchronized and shared with other employees

through the cloud, and access information via a web browser. These employees have recognized that

there is significant value in advanced digital technologies that take advantage of the digital

transformation of society and culture, and if the government won't provide them, then the employees

will provide their own. This has resulted in significant pressure on the IT department because the lack

of standardization in devices and applications brought into the agency under BYOD results in a

significant security risk to public safety agencies that often have sensitive, if not confidential,

information.

The first challenge for agencies is to clearly define what the need is and what the use case is for a

digital transformation. For example, a police officer using a smartphone or tablet to take pictures at a

traffic accident is a different use case from a community health nurse who is doing in-home

assessments, collecting private information and medical information that are then uploaded into a case

management system. To better meet the needs of agencies and employees, agencies must identify

the needs and develop appropriate use cases.

The need for digital transformation in public safety and national security can be examined across a 3 x

3 matrix that then can be used to identify an appropriate use case (see Figure 1). The x-axis is the

need for the ability to exchange information that is not bound by a specific technology or by a location.

This is segmented as a high need, meaning that the role requires the employee to be in the field or

away from the office more than 75% of the time and it is critical that the employee has the ability to

exchange information; a moderate need, meaning that the employee is away from the office more than

25% but less than 75% of the time or has only a moderate need to exchange information while mobile;

and a low need, meaning that the employee is seldom away from the office or when he/she is away,

there is no need to exchange information. The y-axis is the sensitivity of the information that the role

requires, which is broken down into three categories: public information, confidential and personally

identifiable information, and secure information such as around a law enforcement investigation.


FIGURE 1

Matrix of Government PSNS Digital Technology Use Cases

Source: IDC Government Insights, 2017

Selecting the Appropriate Technology for Public Safety

Government is one of the few industries that has the need and the capability to fund and create its own

technology solutions. This is often tied back to the unique needs of public safety agencies and whether

these needs can be met with a BYOD strategy, a direct commercial solution (COTS), a modified

commercial solution (MCOTS), or a government unique solution (GOTS) that is often employed in

specialized or highly unique environments (see Figure 2).

As an agency moves up the continuum from BYOD to GOTS, there is an increase in the cost to

procure, maintain, and manage the device, the applications, and the corresponding infrastructure.

So procuring and deploying as far down the continuum as is viable as defined by the use case is

generally the best solution set for government.

High need Medium need Low need

Highly secure Senior executives, leaders, and managers in law enforcement, security, and prosecutorial roles

Mid-level managers in law enforcement, security, and prosecutorial roles

Administrative staff in law enforcement, security, and intelligence spaces

Secure Middle-level managers and field personnel in organizations dealing with confidential information such as law enforcement, security, and medical roles

Middle-level managers in organizations dealing with confidential information and/or personal information

Non-field personnel and administrative staff in organizations dealing with confidential and personal information

General Field personnel in non–law enforcement, non- security, and non-medical roles

Mid-level and some senior-level managers and executives in non-military, non–law enforcement, and

non-security roles

Administrative and back-office personnel in non-military, non–law enforcement, and non-security roles


FIGURE 2

Government Technology Continuum

Source: IDC Government Insights, 2017

FUTURE OUTLOOK

Public safety agencies are beginning to look beyond the ruggedized laptop and traditional BlackBerry

to expand the capabilities of employees and provide better services to citizens. From police officers

who have tablets in their cars synced with the smartphone on their person to the fire inspector using a

tablet to capture photos of code violations and to reference digital building plans to public health

agency workers who use mobile devices to input digital notes directly in the electronic case file, access

electronic medical records, and track patient health and outcomes, public safety agencies are

becoming more mobile, bringing tremendous value to the government organization, to the community,

and to the citizen.

There are still some challenges to be overcome around a variety of devices, primarily around security

and device management, for them to be fully adopted by public safety agencies, but the number of

available solutions for agencies is growing every day. Agencies that want to deploy mobile devices for

the first time or continue to deploy additional devices should consider the following for selecting an

integrated OS and hardware solution:

Manageability of the devices, OS, and network through a native or third-party MDM solution

including remote lock and wipe

BYOD

Bring your own device is allowed with some

constraints and modifications, such as

for use with job-specific productivity

applications

COTS

Commercial devices procured and issued by government with some modifications

such as installed productivity

applications and restrictions on other

apps that can be loaded

GOTS

Devices specifically designed and

procured for use within environments

unique to public safety

MCOTS

COTS devices that are moderately or

heavily modified such as by disabling or

removing the camera, primarily for

security purposes and for use with

classified information

No devices

No devices are allowed or used by agency personnel


Comprehensive security of the device at FIPS 140-2 or equivalent minimum

AES-256 or equivalent encryption of data in transit and at rest

Comprehensive application permission management

Enterprise control of update deployment

Restrict or remove access to hardware such as Bluetooth, camera, and GPS

Managed WLAN connectivity

Durability of the hardware according to use and role

Minimal device churn

Simplified and sustainable training

Availability of government and enterprise applications and manageable stores

OVERVIEW OF THE MICROSOFT ECOSYSTEM FOR PSNS

Microsoft has built a portfolio of software, services, and devices that will help government agencies

accomplish their mission more efficiently and effectively while keeping government information secure.

This portfolio ranges from hardware such as the Surface Pro tablet to software platforms such as

Windows 10, including Windows 10 mobile, to collaboration and productivity tools like Office 365.

Benefits of the Evolution of the Microsoft Windows Platform

The Windows platform is almost 30 years old and has come a long way since Windows XP. It has

become more user-friendly, easier to integrate with and develop applications for, and easier to

manage. The current Windows 10 platform is making inroads into the public safety sector because of

its many security enhancements, but most PSNS customers around the globe are still running earlier

versions of Windows.

For those public safety agencies that have adopted Windows 10, the evolution of Windows toward a

single converged platform has demonstrated the following benefits:

Significant security enhancements. Windows 10 represents a dramatic change from previous

versions of Windows, especially in the ways it focuses on better improved security by:

Securing identities. Windows Hello requires two or more factors of user validation, such as

biometrics (fingerprints) and a device, to set up the credentials that will be used for

authentication. This can make it harder for an attacker to compromise the devices a team

uses. Behind the scenes, Credential Guard protects the user access tokens that are

generated once users have been authenticated. So even if a device is compromised, the

credentials are not available to the attacker.

Securing information. Windows Information Protection separates personal and business

data and encrypts data per policy.

Securing the device. Windows 10 employs a number of technologies to secure a device

and protect the network:

Device Guard can help protect the Windows system core and helps prevent untrusted

apps and executables from starting. Device Guard uses hardware-based isolation and

virtualization to help protect itself and the Windows system core from vulnerability and

zero-day exploits.


App-specific VPN access helps maintain the integrity of a device and the

organization's platform by determining trustworthiness using Unified Extensible

Firmware Interface (UEFI) and Trusted Platform Module. This helps ensure that only

authorized apps can communicate across the VPN — and that malware on the client

won't propagate to the organization's network.

Windows 10 ensures trusted boot by closing off the pathways that allow malware to

hide. With Windows trusted boot, used in combination with UEFI Secure Boot, it

makes sure that the PC boots more securely and that only trusted software can run

during start-up.

Hardware-based cryptographic processing (i.e., TPM) creates keys, signs sensitive

data, and assists in integrity validation.

Windows 10 uses virtualization to make use of hardware-based technologies so that

they can move some of the most sensitive Windows processes into containers that

can prevent tampering, even if the Windows kernel has been fully compromised.

Threat detection and response. Windows Defender ATP works behind the scenes to

detect threats on the network and helps a security team investigate and remediate data

breaches. Windows Defender ATP is a new cloud-powered agent, built into Windows. It

runs side by side with any antivirus software or other security solution that is deployed.

The agent is designed to collect behaviors from the onboarded Windows 10 endpoints and

send them to the cloud, where all the magic happens — security machine learning, data

correlation, and looking for suspicious activities observed from the machine that are used

to identify potential threats.

Universal security management. Another benefit of Windows 10 is the ability to manage

Windows phones and tablets security with the same management tools that are used to

manage desktops. This means that government agencies can leverage and extend their

existing desktop security tools, skills, and policies to manage tablets and phones.

Conversely, Windows 10 devices can be managed by third-party mobile device

management tools (this includes Microsoft's own MDM tools), which means that even the

laptop form factor will be able to be managed in the way a customer has previously only

been able to manage a phone or a tablet. The result is that agencies can realize increased

flexibility and an increased return on their existing security investments.

Consistent user interface (UI) across device types. A benefit for public safety agencies to

deploy a Microsoft solution is the ability to integrate, consume, create, and share information

across multiple sources and systems in a way that employees are already familiar with. Right

now, within governments across the globe, there are a wide set of choices of devices and

hardware platforms from laptops and PCs to ruggedized tablets to low-cost tablets to secure

tablets — all of which run the same OS and have close to the same UI or user experience (UX).

Common application platform. Another benefit is that in Windows 10, under an integrated

platform is a universal application platform that will improve application development and

management because it allows government organizations to create, deploy, manage, and

support one application and deliver that application on any form factor — phone, tablet, laptop,

PC, or 84in. wall-mounted device.

Continuous innovation. Windows as a service refers to a new way to build, deploy, and service

the Windows operating system. Each part of the process has been redesigned to simplify

installation and maintenance while maintaining a consistent Windows 10 experience. These

improvements focus on simplifying the deployment and servicing of Windows client computers

and leveling out the resources needed to deploy and maintain Windows over time while adding

new features and functionality more rapidly than the previous "versions" model. It also means


that there are more frequent updates to respond to changes and improve security while still

giving organizations full control on when, how, and even if a new update is applied.

Hardware Solutions Using the Microsoft Platform

Hardware solutions that employ the Microsoft platform and run the Windows 10 operating system now

stretch across the complete continuum of devices, from portable devices such as phones to laptops to

desktop PCs including the Microsoft line of Surface 2-in-1 devices that convert from a tablet to a laptop

with a detachable keyboard. These devices include those developed by both Microsoft and OEM

hardware providers that take advantage of the capabilities in Windows 10 like special-purpose laptops

such as the Dell XPS 13, the Panasonic Toughpad, and the Lenovo ThinkPad Yoga convertible laptop.

For example, the HP Elite x3 is a phone that takes advantage of the Continuum feature in Windows 10

that allows it to effectively act like a desktop top PC when connected wirelessly to a monitor, a

keyboard, and a mouse. Windows 10 is enabling new devices such as HoloLens, a self-contained

wearable holographic device enabling mixed reality for the user. The result is that government

agencies now have access to a very broad range of devices that can be used to meet mission needs.

Benefits of Deploying Microsoft in a Modern PSNS Environment

The Windows platform along with the Microsoft Office suite is pervasive across IT environments

around the globe. Because of this ubiquity, deploying a Microsoft solution has a unique set of benefits,

including:

Integration with the government enterprise. Numerous government agencies and programs

are already using one or more components of the Microsoft stack, including Microsoft Office,

SharePoint, Active Directory, Exchange, and Dynamics CRM. Mobile devices that use the

Windows 10 OS already easily integrate with these applications and others. In addition, a very

high degree of application compatibility from Windows 7 or Windows 8/8.1 to Windows 10, as

well as the ability of Windows 10 tablets, 2-in-1s and laptops, and PCs to run x86 desktop

programs, means that Windows mobile devices can run most legacy desktop programs in

addition to modern touch-first apps.

Right tool for the job. There is a broad range of devices from hundreds of OEMs, ODMs, and

Microsoft itself. The result is there is a spectrum of devices that cover form factor (rugged up to

MIL-STD-810G rated to sleek high end to low cost), size, and features across a range of price

points. As Windows has converged to a single OS that can run on a range of devices including

the small "Internet of Things" (IoT) devices, this means it can run on small IoT and embedded

system devices, single-purpose handheld devices, phones, phablets, tablets, 2-in-1s, laptops,

desktops, all-in-ones, and large format devices such as the 84in. Surface Hub. This gives the

government a great deal of flexibility when it comes to hardware choice.

Familiarity with the platform. The Windows Mobile platform is a familiar user interface and user

experience to most PC users. Given the near-identical nature of the platform in Windows 10

and Windows 10 mobile, public safety users have the same applications and capabilities

across all devices from mobile to desktop, complete with the familiar applications and

interfaces that they have come to know. The existing familiarity of users with the Windows

platform across OEM and Microsoft devices including small and large tablets, 2-in-1

convertibles, laptops, desktops, and all-in-ones should reduce the training time needed to

become familiar with the platform and the applications. The result is a reduced learning curve

for employees changing devices or even roles within or across organizations.


The Security of Windows 10 in a PSNS Environment

Security is a key issue for government including the ability to leverage existing investments. In addition

to the security improvements highlighted previously, Microsoft has addressed this issue and others

through Windows 10 by increasing the number of security APIs, employing federated authentication,

protecting data at rest through BitLocker, improving the ability to connect to enterprise VPNs, and

easily switching to enterprise WiFi while controlling access to external WiFi points.

These security enhancements appear to be resonating with PSNS organizations. In November 2015,

the chief information officer of the U.S. Department of Defense (DoD) issued a memo to the DoD

leadership with the subject of "Migration to Microsoft Windows 10 Secure Host Baseline." The first

sentence in the publicly available, nonclassified memo says, "It is important for the Department to

rapidly transition to Microsoft Windows 10 in order to improve our cybersecurity posture, lower the cost

of IT, and streamline the IT operating environment" (see the memo and updates to the memo at

http://iasecontent.disa.mil/stigs/pdf/U_DoD_CIO_Memo_Migration_to_Windows_10_Secure_Host_Ba

seline.pdf).

In recognizing the increased ubiquity of Apple and Android devices, Microsoft has developed Intune, a

cloud-based mobile device and application management tool, as well as cloud-service versions of its

Active Directory and Rights Management services — all three can better manage the security of

Android, Apple iOS, and Windows devices. In recognition of the need to manage and secure devices

and applications, manage identities, and protect information, as well as the reality that most personnel

have multiple devices, these three services have been packaged into the Enterprise Mobility Suite.

Because of its synergy and seamless interoperability (e.g., identity and email client) with Office 365,

the Enterprise Mobility Suite is a very good option for PSNS organizations that are currently using

Office across devices running various operating systems.

PARTING THOUGHTS

The digital technology requirements for government, whether devices, operating systems, platforms, or

applications, are different from the private sector because of the specific needs that government has

when it comes to operability, viability, resilience, and security. Within government, public safety and

national security is an even more specialized and specific niche that has additional and more stringent

requirements along these same areas.

To be successful, PSNS IT organizations need to match the digital technology they procure with the

unique requirements they have while thinking long term about the evolving mission in the face of

technology needs, organizational culture, and security that will provide a technology architecture that is

ultimately effective, secure, controllable, and scalable. These same platforms also need to provide a

user experience that is comparable with the consumer experience that employees have outside of the

office.

While taking these issues into account, decision makers must also be aware of long-term budgets and

efforts being made that reduce implementation costs and training costs and that leverage existing

infrastructure and investments. A solution that addresses the evolving security needs of government,

that is scalable, that takes advantage of technology familiarity to reduce training and implementation

costs, and that builds upon legacy investments goes a long way in meeting the needs of government.

About IDC

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory

services, and events for the information technology, telecommunications and consumer technology

markets. IDC helps IT professionals, business executives, and the investment community make fact-

based decisions on technology purchases and business strategy. More than 1,100 IDC analysts

provide global, regional, and local expertise on technology and industry opportunities and trends in

over 110 countries worldwide. For 50 years, IDC has provided strategic insights to help our clients

achieve their key business objectives. IDC is a subsidiary of IDG, the world's leading technology

media, research, and events company.

Global Headquarters

211 North Union Street, Suite 105

Alexandria, VA 22314

USA

571.296.8060

Twitter: @IDC

idc-insights-community.com

www.idc.com

Copyright Notice

Copyright 2017 IDC Government Insights. Reproduction without written permission is completely forbidden.

External Publication of IDC Government Insights Information and Data: Any IDC Government Insights information

that is to be used in advertising, press releases, or promotional materials requires prior written approval from the

appropriate IDC Government Insights Vice President. A draft of the proposed document should accompany any

such request. IDC Government Insights reserves the right to deny approval of external usage for any reason.

Documents

Digital Transformation Enabling Next-Generation Public ...wincom.blob.core.windows.net/documents/Digital_Transformation... · May 2017, IDC Government Insights #US42509717 White Paper