How CIOs Can Tailor BYOD Initiatives for the Public Sector
For all the buzz around mobility and BYOD, the entry of new devices into the network poses challenges for federal CIOs, who must tailor policies to address security and usage challenges.
By Kenneth Corbin
WASHINGTON — Many CIOs in the federal government have been loosening their policies to allow employees greater freedom in the devices that they use for work, though the extent to which BYOD will become the norm in the public sector remains very much in question.
Concerns around security, privacy and the open question of whether workers are willing to couple their professional and personal lives on a single device linger, experts said this week at a conference on mobility in the government hosted by Citrix.
But BYOD is gaining momentum, and, gradually, the feds are rewriting the rules for tech usage to accommodate more consumer-oriented smartphones and tablets that employees use in their personal lives.
“Mobile is the future,” declared James Miller, associate CIO at the Federal Communications Commission.
BYOD Coming From the Top
The push for more liberal mobility policies, like many other tech initiatives underway in the government, comes from on high, as agency CIOs have been tasked with evaluating what types of devices and applications could integrate into the work environment, and to what extent personnel should be encouraged or permitted to work remotely.
But government IT transitions don’t happen overnight, and technologists recognize that worries over data leakage or lost devices will slow the feds’ embrace of BYOD.
“Security’s always a big deal whenever you’re dealing with the federal government or even just a decent-sized company,” says Doug Roth, a Citrix architect with Encentric, a government contracting firm.
In some corners of the government that traffic in hyper-sensitive data, for instance — say the Pentagon or the CIA — BYOD might be a non-starter, at least at the highest levels of classification.
But there are ways that CIOs can shape a BYOD program to meet the security requirements of the government, Roth argues, such as encrypting the device, and ensuring that data traveling to or from it is encrypted as well.
Some BYOD policies prevent sensitive data from being stored on the device, and commonly include partitions between the work and personal sides of the smartphone or tablet. More sophisticated systems might automatically wipe the device if it leaves the country.
“There’s different levels of bring your own device,” Roth says. “I think it all depends on the agency, but I think the technology’s there that you should be able to come up with a solution they can tailor to whatever a client or an agency, whatever their requirements are.”
Should Mobile Worlds Collide?
But even if the security challenges are addressed to the agency’s satisfaction, BYOD isn’t for everyone. Some workers continue to resist the cohabitation of their work and personal lives on a single device for a variety of reasons, not the least of which being the privacy concerns associated with giving the IT department a window into their photos, emails and other content.
Others might take exception to the sudden influx of work data onto their personal device at a time when their carriers no longer offer unlimited data plans.
“You also have to sell this to the users as well,” Roth says.
BYOD programs also put more of the onus for managing and maintaining a device on the user, a responsibility that many workers could do without. Within Citrix, which began a BYOD program about seven years ago, more than half of the company’s employees still opt for a company-provided device, according to Trenton Cycholl, group director of business technology solutions at the company.
“There’s still the need [for enterprise-provided equipment] if someone doesn’t want to manage their own device,” Cycholl says, “because managing your own device brings a lot of accountability.”
Ultimately, in the public and private sector alike, CIOs must tailor BYOD policies around mission objectives, Cycholl argues.
“It’s not about mobilizing that device, it’s the device that enables that person to be mobile, and we sometimes lose track of that and we get so focused — especially as IT — we get really hung up on the technology because it’s really cool,” he says. “I think it’s back to the person and how do we make people mobile.”
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow Kenneth on Twitter @kecorb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.