Security and cultural issues are among many challenges government CIOs face in implementing mobile device management and BYOD strategies.
By Kenneth Corbin
WASHINGTON — With the advancement of a government-wide digital strategy that puts a premium on mobile computing, telecommuting could become a reality for a greater share of federal workers, though agency CIOs face a stout set of challenges before the federal government becomes home to a truly mobile workforce.
Here at a conference hosted by the Mobile Work Exchange, a group that champions the adoption of technology and policies to enable remote work, experts from within the government and leading contractors described the challenges and opportunities of overhauling an IT infrastructure to mobilize the workforce.
Federal Employees Must Buy-In
Employee buy-in is critical to ensure a successful transition, according to Tonya Schreiber, deputy chief administrative officer at the Federal Emergency Management Agency, which has begun a major restructuring of the agency’s operations that involves consolidating offices, tearing down cubicle walls and adopting a “hoteling” policy where workers float with no permanent workstation.
“I’ve basically been charged with changing the culture of FEMA,” Schreiber says.
“Culture is key,” she adds. “You only have one opportunity to change the culture of your agency and get it right with your people.”
As FEMA scales down from eight leased buildings in the D.C. metro area to three, a transition planned to be completed by 2016, the agency is aiming to mobilize more of its employees and operations, bringing the remote capabilities that disaster responders use in the field into the regular workflow.
Schreiber says that as recently as six months ago, just 5 percent of FEMA’s employees regularly worked remotely, but the agency has been working to ratchet up that figure.
With that roadmap, FEMA is heading down a similar path as other government agencies, which are all operating under a series of IT directives from the Obama administration involving cloud computing, data-center consolidation and mobile computing. Just as in the private sector, those initiatives come in service of the familiar goals of cutting costs and carbon emissions while increasing agility and productivity.
The Mobile Work Exchange, the organizer of Tuesday’s conference, is focusing much of its efforts on the federal government, and recently wrapped up its annual Telework Week. From April 4-8, some 136,000 global employees pledged to work remotely, which translated into an estimated savings of $12.3 million commuting costs and nearly 8,000 tons of carbon emissions, according to the group.
The federal government accounted for 82 percent of those pledges, with federal participation up 66 percent from last year, a reflection of the gathering interest in mobile computing at the highest levels of the bureaucracy.
Federal Guidance for Security, BYOD
The Federal CIO Council has convened an inter-agency working group to offer guidance on implementing the mobility aspects of the administration’s digital strategy. That group is now working in partnership with officials from the departments of defense and homeland security, as well as the National Institute of Standards and Technology, to develop a framework to address the security concerns that come in tow with BYOD and other mobile policies.
From a security standpoint, the work on developing mobility standards begins with the understanding that in an operation as large and diverse as the federal government, the requirements for mobile computing will be correspondingly varied, with some remote personnel handling highly sensitive or classified data, others who are tethered to a workstation and use little more than basic office productivity apps, and everything in between.
“We couldn’t ignore the broad number of use cases that are out there,” says Robert Palmer, director of information assurance for the Enterprise System Development Office at the DHS office of the CIO. “IT needs to enable those missions, and that’s really what we’re talking about — that underlying infrastructure that will enable all those different use cases.”
“We have to talk about that first — what is our requirement,” Palmer adds.
Federal officials are slated to release guidance for the next milestone in the administration’s Digital Government Strategy, which relates to mobile security, in May.
That document will endeavor to address, at least in part, the security considerations and the related legal challenges that have been a significant barrier to the government’s adoption of BYOD policies.
Siva Prakesh Yarlagadda, director of CSC’s federal mobility division, pointed to the oft-cited example of how a security team might respond to the loss of a user’s personal device that contained sensitive agency information.
For a standard, government-issued BlackBerry, the protocol might call for a remote wipe of the device, but when the compromised equipment also holds an employee’s personal content–family photos, etc.–the prospect of simply erasing all of that data poses additional challenges.
“It has a huge impact,” Yarlagadda says of the security concerns. “That’s one of the reasons why every agency doesn’t have it today. There are challenges.”
Yarlagadda recommends that government agencies contemplating BYOD policies or the broader question of a mobile device management framework adopt a “core infrastructure” for mobile activity that would include security features like encryption and permissions-based access, as well as an enterprise app store that would serve as a central hub for business-related applications that have met the necessary security stipulations.
“This is how your employees discover your apps. This is how you distribute your apps to your employees,” Yarlagadda says.
As for BYOD, which many businesses have been adopting in response to the growing expectation of employees that they be allowed to use their own devices for work, Yarlagadda says of the government: “There are compelling reasons why you would want to use that, but the enterprise architecture is not ready.”