happens if there is data spillage on a personal device and by policy I have to destroy the device? Who pays for it? Do I get to keep my phone number? What rights do I give up if I agree to a government BYOD policy?”
Such issues must be spelled out in a policy, he added. If they’re not, employees might be reluctant to allow critical information to be stored on their devices.
He said containerization solutions such as Samsung Knox and Good Secure EMM Suites can segment the government data from the rest of the phone. Another option is Hypo- ri, a startup that uses virtualized app technology to access sensitive infor- mation without actually storing it on the device.
Some agencies are issuing guide- lines that set boundaries and tell employees what they are allowed to do with sensitive information and how to access work email on their personal devices. NASA, for example, is man- aging several projects that will facili- tate the use of personal devices for varying levels of network and system access, according to an agency spokes- man. Although those projects have not reached the user testing or trial stage, employees are allowed to use person- al mobile devices to connect to the agency’s email system via Microsoft’s Exchange ActiveSync, where a set of security requirements are applied.
“NASA’s mobility vision...states that NASA personnel ‘will be able to securely and seamlessly access and share any authorized information, anyplace, anytime, using any device,’” Enterprise Applications Service Execu- tive John Sprague wrote in a newslet- ter published by NASA’s Office of the CIO in late 2013. “The aim of NASA’s mobility vision is to provide services while protecting sensitive data.”
“I don’t think most agencies are really undertaking the effort and due diligence to address BYOD policy.
They’re just sort of letting people do whatever they can get away with, and very few agencies have actually put formal policies in place.”
— KIMBERLY HANCHER, DEEP WATER POINT
He added that participation in the
July 15, 2016 FCW.COM 27