Matt Sexton is Director of Cybersecurity at VMD Systems Integrators, Inc. He has more than 18 years experience in U.S. Government Civilian and Defense industries. He holds an MBA from James Madison University’s College of Business.
Sexton spoke with WashingtonExec about hybrid apps, BYOD, mobile concerns/trends, infrastructure issues, IT innovation, and more.
WashingtonExec: How do you think the development of hybrid apps, where users can create their own applications will impact the mobile market?
Matt Sexton: I think that user developed “apps” are fine for personal use; however, individual users should not be allowed to develop apps that access enterprise resources – this will introduce unnecessary risks into an organization. Building on this thought, too many people entrust mobile app stores to thoroughly examine their consumer mobile apps, but the reality is malware is not the only risk that users face; for example, several legitimate apps have intentionally targeted the data generated or stored from other applications. Advances have been made to isolate or test (i.e. sandbox) application data. However, given the numerous variants of mobile phone software and hardware available in the public domain, it is a serious challenge – if not impossible – to test mobile apps under all possible use-case scenarios. In other words, there is no silver bullet that will protect all these devices.
WashingtonExec: Does VMD have its own “Bring Your Own Device” (BYOD) policy?
Matt Sexton: We do allow staff to bring their own devices, for which VMD provides access to corporate email and messaging services. Our corporate Blackberry devices are hardened and we are exploring options to secure both Android and Apple devices. As we better secure our mobile ecosystem, we will explore greater access to company resources.
WashingtonExec: Some have said the largest issue with going mobile is not in regards to a technological advancement but more of a cultural one. Do you agree?
Matt Sexton: Technological advancements have enabled the mobile workforce technologically as well as culturally via ease of access to social networking and communication anywhere and anytime. Without the technological advancements in areas such as processing power, display screens and storage, I do not think we would be where we are at today. Having once used the shoe-sized Motorola phones, I did not really embrace mobility until the form and size factor made devices truly portable. Smart phones have further advanced the going mobile trend, as the capabilities of such devices have started to eclipse what we can accomplish on a laptop. Consequently, Smart phones have enabled technologically a culture change in the way we not only play but also work, study and live.
WashingtonExec: What would you say some of the infrastructure issues are that the US will have to address when implementing secure mobile devices?
Matt Sexton: The infrastructure is our medium for communication. Mobile security has evolved from the first-generation AMPS, which provided limited security and was more focused on preventing cloning vs. securing your data/voice communications. The 3G and 4G cellular networks offer more robust communication security; however, the carriers may not implement all the controls available. Security must address the areas where mobility is most vulnerable – the device and network levels). At the device level, this means: physical and local control access. At the network level, this means: cellular, WLAN, WiMAX, Bluetooth, and wireline.
WashingtonExec: Do you see mobility as a long-term investment for your company?
Matt Sexton: Yes, mobility is an enabler for greater productivity, real-time decision making, mass communications [via social media]and more. Innovations will continue to focus and advance mobile technologies as this market continues to grow.
WashingtonExec: What do you see as the next big IT innovation for the 21st century workforce?
Matt Sexton: I see three major innovation areas that may occur simultaneously – instead of one major innovation – that together will comprise a major cultural, technological and security change for society. Portability, power, and overall device capability will continue to advance and will drive the next big IT innovation. First of all, the continuous charging of mobile devices over wireless technologies will finally unchain us from power plugs. Second, devices will also continue to be integrated into our day-to-day activities as an all-in-one solution to help manage life. Third, security will continue to mature – probably similar to how we evolved with laptops. This means that we will overcome the vast diversity of mobile hardware and software combinations and develop common controls (perhaps something similar to the Trusted Platform Module) to address device integrity, application/data isolation and information protection.
WashingtonExec: Do you think the current pace of technology is in step with federal acquisition and procurement standards? (If you could change ONE thing about acquisition and procurement with the federal government, what would it be?)
Matt Sexton: No, I believe that technology is moving at a faster pace. Federal acquisition and procurement standards have not historically allowed procurement cycles to take place fast enough to allow the government customer to take advantage of the lifecycle of the product. A simple change that would greatly improve Federal acquisition would be to mandate that Contracting Officers communicate with industry throughout the development of an acquisition, and also use their position to facilitate interaction between Government technical points of contact and industry. The more communication there is, the clearer understanding the Government gets on how to describe its needs in ways that industry can clearly understand and respond to. Clarity in RFPs lowers risk, and lowered risk reduces cost. Far too many Contracting Officers shut down communication even before RFPs are released, when Government-industry interaction can make better solicitations. This suggestion is completely independent of the technology or service being acquired.
WashingtonExec: What is your favorite app?
Matt Sexton: My favorite app to pass the time is Apparatus or Kunundrum.
