With organizations poised to save big bucks by asking workers to use their own computers and phones at work, the “bring your own device” movement has exploded in the private sector.
Indeed, research firm Gartner calls BYOD “the most radical change to the economics and the culture of client computing in business in decades” and projects half of all companies will establish mandatory BYOD policies by 2017. So then why is it so hard to find a government enterprise that has a concrete BYOD plan?
It’s not as if the federal government is ignoring BYOD trends. A BYOD toolkit for federal agencies was created in August 2012, complete with best practices, policy guidelines and case studies for agencies to pick over. Yet one line sticks out three years after its creation: “Implementing a BYOD program is not mandatory.”
Even now, agencies face no BYOD mandate. In March, Brookings Institution researchers detailed in a blog post that one only agency — the Department of Veterans Affairs — even mentioned BYOD in its yearly strategic plans.
“The lack of strategic foresight when it comes to technological innovation in the U.S. federal sector is striking,” the researchers wrote. “Money is being left on the table.”
A number of mobility experts in the federal and private sectors agreed that the government is behind on BYOD due to a lack of internal policy and guidance, but things aren’t going to change in an instant.
“CIOs would love to see some sort of an overarching framework at the federal level so that there was a little less guesswork,” said Chris Roberts, public sector vice president for Good Technology. “The pilots that are being created, it’s around use cases and it’s individualized based on the [agency’s] mission. I think that most would like to have a framework so that the guard rails were clear across the government.”
Gary Monetti, a technology consultant who works with federal agencies, said a good place for agencies to start would be to follow two NIST guideline documents (800-124 and 800-164) that could establish best practices for securing the devices that handle and attach to government networks and data.
“A lot of the CISOs know that unprotected, unmanned devices are likely to expose an organization to risk such as unauthorized access and data leakage and so on,” Monetti told FedScoop.
But outside of NIST’s framework, some feel that more could be done from a policy perspective. Joe Paiva, the CIO for the International Trade Administration, told FedScoop the government needs to revise the way it handles mobile device security.
“We’re at a point in history where we find it necessary to completely lock down our desktops, but we send out our mobile devices with no security on them, and I think both are the wrong approach,” Paiva recently told FedScoop. “We need to find a middle ground for how we secure the information the device processes, and I think we have to do that in an appropriate way that maintains the usability of the device.”
Yet security its just one spoke of the wheel when it comes to BYOD policy. Roberts said any organization looking to move to BYOD has to weigh whether it makes sense for the organization and its employees.
“If it’s not going to save me money or increase efficiency and won’t increase employee satisfaction, then I think you have to re-examine if BYOD is the right thing,” he said.
Indeed, employee satisfaction is crucial, said Ojas Rege, vice president of strategy for MobileIron.
“If you go into BYOD straightly as a cost-saving mechanism, the chances of that program succeeding are pretty diminished,” Rege told FedScoop. “If you go into it with the mindset that this is about employees using the technology of their choice, that is the right way to enter these programs. The user experience comes first and security policies are there to support the user experience.”
Susie Adams, Microsoft Federal’s CTO, said her company went through BYOD growing pains. When BYOD was first put into effect, she and fellow engineers talked about bucking the system. However, after the company set a clear policy, people eventually settled in. Adams thinks the same lines could fit into federal BYOD plans.
“If it’s a government-owned device, then [the agency] should have purview to what’s on that device,” Adams tells FedScoop. “If it’s your own, they are going to say, ‘We are going to containerize our data and if you do leave, you wipe data from your device.'”
Rege said that instead of having it be a compromise between an agency’s IT department and its greater workforce, a BYOD policy needs to be embraced as a partnership that benefits everyone involved.
“This is the new world, this is a world of partnership,” Rege said. “The end user is not your minion, they are your partner. If they don’t like the agreement you are giving them, your adoption will fail.”
According to Rege, the best time to begin this partnership may be now. The private sector just underwent a “year of reckoning” with BYOD, and the government can use what industry has learned to guide its path.
“I think the federal government isn’t in the business of innovation,” Paiva said. “I think the federal government should take advantage of the innovations that come out of private industry. I think where we have to be is watching commercial industry and make better use of the type of things they do.”
Read more of FedScoop’s special report, “Focus on Mobility 2015.”