ExecTech
“The biggest issue to this day is legal. Who pays for it? Do I get to keep my phone number? What rights do I give up if I agree to a government BYOD policy?”
— TOM SUDER, MOBILEGOV
Next steps
Some agencies might determine that BYOD is not appro- priate, but that doesn’t mean IT leaders should consider the matter closed. Instead, it means the agency should formulate a policy that states why BYOD isn’t appropri- ate and details the expectations for how employees treat government data.
“I would want to be clear with my employees that we do not allow BYOD, we do provision for people in these kinds of jobs, and that’s it. Or we do allow BYOD and here are the rules,” Hancher said.
“It’s critical to be clear with employees what you do and don’t allow under certain circumstances,” she added. “I don’t think most agencies have done the proper due diligence and made employees aware of what the policy is.”
And although the focus of much of the debate has been smartphones, it’s worth noting that the discussion extends to tablets and laptops as well. In general, Suder said, agencies that want their employees to have a tablet or other mobile tool, such as the Surface Pro 4, are provid- ing those devices. He cited the departments of Defense and Agriculture as examples.
“On the tablet side, Microsoft is doing well because the Surface Pro 4 is really the next generation of your laptop as you can also use it as tablet,” he said. “I see a lot of those, but of course, a lot of folks are still using the iPad for its ideal form factor.”
Whatever the device, managers and employees must know what the expectations are, even if BYOD isn’t allowed. There is too much critical information at stake to ignore the issue. n
Derek Walter is a freelance writer based in California.
BYOD program is voluntary, and NASA will not compen- sate employees for the costs associated with using their personal devices for work. Furthermore, participating employees must use lockout code protection and keep their devices up-to-date with the latest security patches.
Although a key appeal of BYOD for agencies are the savings that come with not buying devices, the endeavor is hardly cost-free.
“It saves money if you replace a company phone, but it’s not a cost of zero,” Suder said. “You still have the licens- ing fees from mobile device management, the company doing the containerization and any costs that come from additional security measures.”
The challenge for IT leaders is determining whether or not to embrace BYOD and, if so, how to craft a policy. BYOD doesn’t make sense for every agency. But the fact that so many employees are creating their own shadow networks means that all levels of government should have some type of policy that explicitly states the expectations.
Hancher, who helps federal agencies craft BYOD poli- cies, has a three-part test that should serve as the founda- tion for any BYOD initiative:
1. Does your agency deal with classified data?
2. Do you have sensitive personally identifiable informa- tion? This is usually less secure than classified information but can include important details such as Social Security numbers.
3. Does your agency, as part of its mission, handle infor- mation critical to the infrastructure of the country? This could include data about the energy grid, water sources or other information that terrorist organizations would deem valuable.
A “yes” answer to any one of those questions can compli- cate the task of crafting a workable approach, Hancher said.
28 July 15, 2016 FCW.COM