This week there is a lot exciting news surrounding government technology. Yesterday, Todd Park and Steven VanRoekel announced the Presidential Innovation Fellows, and also announced a BYOD tool kit for government agencies. The report is an important step to wider adoption of bring-your-own-device policies in government, and empowers leaders in government to explore if BYOD is feasible within their agency. The report has a few excellent case studies related to BYOD and template policies for BYOD implementation. The case studies and policy examples can be found below:
- Alcohol and Tobacco Tax and Trade Bureau (TTB) Virtual Desktop Impl…
- U.S. Equal Employment Opportunity Commission (EEOC) BYOD Pilot
- State of Delaware BYOD Program
- Sample #1: Policy and Guidelines for Government-Provided Mobile Dev…
- Sample #2: Bring Your Own Device – Policy and Rules of Behavior
- Sample #3: Mobile Information Technology Device Policy
- Sample #4: Wireless Communication Reimbursement Program
- Sample #5: Portable Wireless Network Access Device Policy
The BYOD toolkit is a great starting point for government agencies. As there are still a lot unknowns of how to create and manage a BYOD program, the report does an excellent job of outlining key areas, providing strategic guidance, and identifying that there is still a lot of work to be done.
Three months ago, Federal Chief Information Officer, Steven VanRoekel, released The Digital Government Strategy, which set out specific goals to redefine government and improve the way in which citizens engage and are delivered services. GovLoop has created an infographic, and also developed a guide, “Navigating the Digital Government Roadmap,” which outlines the goals of the Digital Government Strategy.
The BYOD toolkit states:
Implementing a BYOD program is not mandatory. This document is intended to serve as a toolkit for agencies contemplating implementation of BYOD programs. The toolkit is not meant to be comprehensive, but rather provides key areas for consideration and examples of existing policies and best practices. In addition to providing an overview of considerations for implementing BYOD, the BYOD Working Group members developed a small collection of case studies to highlight the successful efforts of BYOD pilots or programs at several government agencies. The Working Group also assembled examples of existing policies to help inform IT leaders who are planning to develop BYOD programs for their organizations.
The report also provides future milestones, such as the Mobile Security Reference Architecture which intends to inform agency considerations on BYOD. Further, the National Institute of Standards and Technology (NIST), is drafting guidelines specifically for mobile. The BYOD Toolkit states: “Guidelines for Managing and Securing Mobile Devices in the Enterprise; Security and Privacy Controls for Federal Information Systems and Organizations; and Personal Identity Verification (PIV) of Federal Employees and Contractors. Each of these documents should provide further insight into issues associated with the implementation of BYOD solutions.”
One of the more compelling sections of the report is when the authors identify the trends and business case for BYOD. The BYOD working group identified several characteristics. One of the first characteristics that the report mentions is “BYOD is about offering choice.” The report states:
By embracing the consumerization of Information Technology (IT), the government can address the personal preferences of its employees, offering them increased mobility and better integration of their personal and work lives. It also enables employees the flexibility to work in a way that optimizes their productivity.
There is an ongoing trend that people want to work on the devices they desire and are most comfortable with. This is an important development, people will be most productive, effective and potentially improved morale by working on devices they are most comfortable with.
A second characteristic is “BYOD can and should be cost-effective, so a cost-benefit analysis is essential as the policy is deployed.” The report is clear to identify that BYOD presents a shift of costs to employees. As less government devices are deployed, more services are being accessed on personal devices, in which the user is responsible for paying data fees. The report cites that this continues to be one of the challenges for BYOD. “Additionally, overall costs may significantly increase for personnel who frequently communicate outside of the coverage area of their primary service provider and incur roaming charges,” stated the tool-kit.
The report also acknowledges that security is a key challenge for BYOD initiatives. Stating, “Implementation of a BYOD program presents agencies with a myriad of security, policy, technical, and legal challenges not only to internal communications, but also to relationships and trust with business and government partners.”
Another interesting aspect of the report is that the toolkit clearly identifies three high-level means of implementing a BYOD program, virtualization, walled garden, limited separation. The report provides a brief description of each:
- Virtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device;
- Walled garden: Contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data;
- Limited separation: Allow co-mingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied.
Especially important for BYOD is making the business case for implementing a BYOD program. The report identifies the commonly stated reasons for BYOD adoption, reduce costs, increase efficiency/productivity, adapt to workforce, and improve user experience. The report also provides an extensive list of areas to approach while considering a BYOD plan. (Note: the report provides an even deeper look at each of the bullet points below, see complete list here)
- Technical approach
- Roles and responsibilities
- Incentives for government and individuals
- Education, use, and operation
- Ethics / legal questions
- Service provider(s)
- Devices and applications (apps)
- Asset management
This is a great example of how the Digital Government Strategy, and the leadership and vision by Steve VanRoekel, is helping to facilitate the improved use of technology in government, to deliver improved services to Americans. I was super impressed with this report. The report provides a fantastic roadmap for agencies to follow if they are considering BYOD. Although there are still some challenges to BYOD, this is a positive step in the right direction.