GovWin
B2G is moving!
Blogs posted after May 22, 2015 will be located on Deltek's central blog page at www.deltek.com/blog.
Just select the "B2G Essentials" blog to continue to receive this valuable content.
To BYOD, or not to BYOD, That is the Question

At the Telework Exchange Town Hall Meeting last week, it was apparent that a paradigm shift is underway in most federal agencies about the value and inevitability of mobility as a standard enterprise means of delivering capabilities to users. The cloud will figure prominently in enabling mobility. Most agencies are moving more quickly to embrace both telework and, more broadly, mobility, than other emerging technologies in the past. Perhaps the biggest question still remains the practicality of the “bring your own device” (BYOD) approach.
Driven by high consumer adoption of smartphones to manage our lives and the desire to avoid device proliferation, federal agencies seem to be moving toward BYOD, at least in initial pilots. Many have taken the agency perspective when evaluating BYOD policies, citing concerns about security of agency networks when a multitude of disparate personal devices are allowed to access government networks. Another major concern is privacy, both the privacy of the personal data on a federal employee’s own devices and the privacy of citizen data that might find its way onto a federal employees device since agencies have a high level of accountability to protect personally identifiable information (PII).
 
However, at the Town Hall, Casey Coleman, the CIO of GSA, which currently has a BYOD pilot going on with couple of dozen people, noted that it might actually be federal employees that reject BOYD policies. This despite employees’ current active use of their own devices on their agencies’ networks in the absence of a formal policy (NextGov reports that 60% respondent to a recent survey said there are no restrictions on what types of personal mobile devices can access their agencies' networks). Coleman pointed out that policies such as who takes responsibility for support of devices, consent of employee for their own devices to be agency managed and monitored, and a policy to wipe their devices of clean data if lost, may actually inhibit employees from opting to use their own devices.  Who would want their personal contacts and family pictures automatically deleted, without even an attempt to recover the device, if lost. Security experts say that loss of smartphones is actually one of the biggest security challenges. Partitioning personal data from government data on personal devices and wiping only the government portion might help some in that regard. The more likely scenario, Coleman believes, is that agencies will only take advantage of safer “opportunistic instances” to allow employees to use their own devices, such as allowing them to only viewing a doc on the network, but not downloading it to their own personal device.  
 
Allowing access to email and web-based applications is feasible, but panelist made it clear that connecting personal devices to internal secure networks is clearly the greatest challenge and risk. FCW reported that at GSA’s Federal Systems Integration and Management Center, before a personal device can be connected to GSA’s network, the agency requests that the employee sign several agreements, including one allowing remote wiping of the device. Only about 10% of the employees have opted to sign the agreement for network access for their devices due to the remote wiping policy.
 
Peter Tseronis, the CTO of the Department of Energy said that his agency is allowing BYOD with role-based segmentation; in other words, it is being allowed only for certain roles of functions. He also noted the need for agencies’ general counsels to be involved up front in the discussion on BYOD policies.  However, the most likely role type—executives—are likely the very ones who are the targets of security threats from foreign agents or hackers.
 
One of the most forward looking panelists at the Town Hall meeting, Dr. Sasi Pillay, the CTO at NASA, assumes that BYOD will be the way agencies will have to eventually go in the future given demands of users and the speed of technology advancement.  However, most likely by that time security advances will need to have also been made.  Former White House cybersecurity adviser Richard Clarke recently said of the growing BYOD trend, “this is the newest and largest vulnerability now.”      
 
The White House is working on a government-wide mobility policy, the Federal Digital Strategy (former the “Federal Mobility Strategy”), which should provide policies for cost-effective, standards-based adoption of mobility that relies on common principles of security, manageability, and device and application deployment for all agencies.  It will be very interesting to see if they issue government-wide policies related to BYOD or leave it to the discretion of agencies.

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)