Federal CIOs Still Say No to BYOD

Government IT leaders who oversee sensitive or classified information require firm device-management policies to address security concerns before they will even consider allowing workers' personal smartphones and tablets behind the firewall.

By Kenneth Corbin
Fri, March 01, 2013

CIO — WASHINGTON -- As federal CIOs develop new strategies to support an increasingly mobile workforce, they will inevitably have to decide whether or not to adopt a bring-your-own-device policy, just as a similar challenge confronts their counterparts in the private sector.

BYOD security

For some agencies, the answer is a hard "no."

"I'm not doing BYOD," says Coast Guard CIO Rear Adm. Robert E. Day Jr., who also serves as director of the Coast Guard Cyber Command.

[Related: Embrace Consumerization of IT and Stop Saying No]

Day, speaking at a federal IT conference hosted by the media group FedScoop, explained that many agencies dealing with sensitive or classified information are sticking with government-issued devices in the absence of clear policies for the use of personal equipment in the workplace.

The fear of losing sensitive data has kept many federal CIOs from adopting BYOD policies. It's not necessarily that the devices themselves are insecure, according to Day, but if a worker's personal phone with work data stored on it is lost or stolen, and security protocols would normally dictate that the device be remotely wiped, would the agency IT staff then be compelled to erase all the contents of the phone?

"There's the issues of what if I wipe your device and you lost all the pictures of little Susie and little Johnny and they weren't backed up? We're going to have to have some policies that go into place with this and figure that piece out," he says. "Having full MDM (mobile device management) capability across the device is absolutely key."

[Related: 10 Mobile Device Management Apps to Take Charge of BYOD]

"We're going to have to have some limitations on a personal device and then, again, the documentation that you are going to sign over saying that if I blow your device away with all your financial data and all your pictures that you did not back up, I'm not responsible for that," he adds. "I think we're going to get there, but until I get those security pieces put into place it's going to take a bit."

BYOD Security Biggest Concern

Security, more than any other factor, is the greatest concern for CIOs like Day, who worry that loose management policies would open the door to intrusions into the device that could compromise sensitive government or enterprise data.

"What about a keyboard logger being installed on your private side of the device, and it's not the part that I'm managing?" he asks.

Federal CIOs' stance on BYOD, which varies from agency to agency, remains a work in progress, as is the gradual shift to the cloud and other government IT priorities that the Obama administration has outlined.

Continue Reading

Our Commenting Policies