Bring Your Own Device

What business can learn from the feds about BYOD

There's a new Federal directive laying out guidelines on how to manage the BYOD trend in cost effective, productivity-boosting and secure ways.

It sounds counterintuitive, but taking lessons from the Federal government about saving money and making constituents (users) happy might not be a bad idea - in some cases.

That's because there's a new Federal directive laying out both guidelines and case studies on how to manage the fast-growing Bring Your Own Device (BYOD) trend in cost effective, productivity-boosting and secure ways.

Good advice from a government agency? We're not making this up.

And, apparently, neither are the feds who have a number of success stories about BYOD to tell. Among them:

  • The Department of the Treasury's Alcohol and Tobacco Tax and Trade Bureau (TTB) which rolled out a virtual desktop that allowed a BYOD program with almost no policy or legal implications;
  • The U.S. Equal Employment Opportunity Commission (EEOC), which was among the first of several Federal agencies to launch a BYOD pilot that let employees to "opt out" of the government-provided mobile device program and install third-party software on their own personal smartphones for official work, and
  • The state of Delaware, where the current governor, Jack Markell, was one of the founders of wireless pioneer Nextel. The state jumped on the BYOD bandwagon early and reaped significant cost savings by having employees turn in their state-owned devices in favor of a personally-owned one, which may wind up saving the state approximately half of its current wireless expenditure.

Despite these cost savings and the flexibility BYOD gives workers, the Feds haven't ordered all agencies to embrace the practice. But they do caution their IT leaders not to fight the fast-moving shift among workers to abandon employer-issued devices in favor of ones they prefer.

Going along with a user-initiated practice doesn't have to mean IT loses control over either hardware or data contained on it. The feds guidelines lay out a BYOD policy that's supposed to enable users and protect the organization from rogue access of its networks by employees.

They caution that BYOD isn't right for every agency (translate: every business unit). They recommend three important criteria that need to looked at before moving ahead:

1. BYOD is about offering choice. Programs should be able to deliver flexibility that helps workers balance work and personal lives, improve productivity by expand opportunities to work outside the office and while on the move. 2. BYOD can and should be cost-effective, so a cost-benefit analysis is essential as the policy is deployed. The two big factors to examine: How BYOD can increase employee productivity and the potential cost shifts it will allow. 2. BYOD poses security, policy, technical, and legal challenges that involve both internal and external relationships. The data users are accessing and working with may belong to your organization or it may be the data of your customers or clients.

The directive lays out three high-level means of implementing a BYOD program:

  • Virtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device;
  • Walled garden: Contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data;
  • Limited separation: Allow comingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied.

Your organization may not be ready to tackle a BYOD program, but it's fairly certain your users are. Some of them have probably already launched their own, ad-hoc practices that could put your data and your network at risk.

The feds directive lays out an exhaustive list of things you'll need to consider when determining whether a BYOD program is a good idea. Running through that list with your leadership team and your IT staff could be a time-consuming and tedious process.

Which is likely why most government programs take so long and involve metric tons of documentation and official signatures. Business can streamline the process. But IT leaders need to take serious note of all the angles the feds point to before the organization dives into BYOD waters.

You can check out the feds directive online at http://www.whitehouse.gov/digitalgov/bring-your-own-device.

Valerie Helmbreck is a noted journalist with numerous accolades and awards. She writes for Progressive Business Publications as editor-in-chief of The Information Technology Advisor.

38 comments
Deadly Ernest
Deadly Ernest

What percentage of your organisation's staff actually NEED mobile device to access the Internet or corporate systems to do their work? It matters not what your organisation is it usually has all or most of the following units: - accounting, production, administration, maintenance, technical support, purchasing, logistics, warehouse, field techs, management, secretarial, records management, marketing. Some places may change the names, and some places may merge some, but that's the usual run for most organisations be them private enterprise or public sector. Now in most organisations the great bulk of the staff above work in the organisation's building or buildings and their work requires they use a desktop computer for the larger screen size to be really productive. The main exceptions will be field marketing - those who visit clients as against the ones who sit at desks and take called in orders all day, field support staff, logistic staff that do delivery to clients, senior managers who visit clients and suppliers. Some or all of these may need mobile devices for work like notebooks or tablets, such as logistics staff using a tablet to record deliveries and field techs using notebooks for manuals. They all need a phone to be accessible. However, do they have a REAL need to access their corporate emails or the corporate databases while in the field? This raises the question of how much does the organisation need a BYOD policy other than for a phone they prefer to use for the phone calls. Also, the phone service does NOT need to be able to access the corporate system at all. In the many different organisations I've worked in and with over the last 40 odd years, less than 1% of the staff need mobile devices, and even less need active access to the corporate while out and about. The majority of those who do need active access should be using a VPN with secure access protocols and log in, which usually means a notebook or ultrabook. I'll allow some businesses like brokers and marketing houses are very different with more mobile needs, but they are a small percentage of business overall. Given that the whole BYOD is revolving around such a small percentage of the work force, why is it taking up so much time and effort?

ionGrid
ionGrid

I couldn't agree more with the second #2 point regarding the challenges many companies (whether government or not) need to consider when debating whether or not to allow a BYOD program. Luckily for the readers of this article, there are a few solutions out there that minimize and nearly eliminate this risk, and I work for one of them, ionGrid. ionGrid's Nexus is an iPad and iPhone app that solves the virtualization, walled garden, and limited separation directives mentioned in the article. For more information on Nexus, other resources on dealing with BYOD or to try a trial version of Nexus visit www.iongrid.com You'll love what you find. Guarantee it.

mudpuppy1
mudpuppy1

This is rich. I'm still laughing. The Feds telling us how do be efficient and cut costs? Good one. This from a government with $1.5+ TRILLION deficits as far as the eye can see and a $16+ TRILLION National Debt that is growing by leaps and bounds every second. This from the same bunch that gave us that bloated monstrosity known as Obamacare (aka the Affordable Care Act) that nobody in Congress read before passing. Nothing "affordable" about it. Conveniently, most of the taxes for it don't kick in until AFTER the election next month. This from the same bunch that gave us $600 hammers and $800 toilet seats for the military. And the same bunch that sends Social Security checks to dead people and wonders why it's in trouble. The same bunch that allows BILLIONS in fraud, waste and abuse in the welfare system. The same bunch that refuses do do anything about illegal immigration that is sapping our resources. I could go on and on, but you get my point. Who knows, maybe they got it right for once. I would like to be pleasantly surprised.

CharlieSpencer
CharlieSpencer

I think it matters to the extent that what the organization does determines what percentage of the computer-using employees are paid a fixed salary (and possibly bonuses) and what percentage are paid an hourly wage. I submit that an organization that is predominately white collar has more salaried / bonus-eligible employees than a blue collar one. I further submit two reasons salaried employees are far more interested in BYOD than hourly ones. 1) They're more likely to want to work outside the workplace and 'normal' working hours (and to be allowed to do so). If they're going to have to lug a device around and spend extra time using it, I can understand a having a preference for a specific device. Hourly employees aren't getting paid to work at home or McDonald's, so having access to company resources on a personal device isn't a consideration. 2) Salaried employees are more likely to make enough money that they're comfortable spend it on a device that will benefit their employer. They're also more likely to be able to afford multiple systems, so working late at the office with their personal laptop isn't going to deprive the rest of the family its computer access. I work in a manufacturing plant. Desktops outnumber laptops 3 to 1. No hourly employee has ever asked to bring in his own computer, or tie his phone into the company e-mail. I assume the percentages of hardware platforms, pay methods, and BYOD-requesting employees are radically different in a financial firm, medical practice, warehouse, or government agency. I too question exactly what overall percentage of computer-using employees are asking for BYOD. I think it's coming from a small minority of users who happen to be at the upper echelons, able to make noise out of proportion to their percentage of the population.

NickNielsen
NickNielsen

it's also the same bunch that funded the research that resulted in personal computers and the internet, that sent men to the moon, that provided the majority of the road system we use to get to and from work, and that makes it possible for you to vent as you did above. Not saying you're wrong in your assertions. Just saying there's more than one side to the coin. Oh, and I'm the guy that ordered the $10k bolt. That's a story in itself...

mckinnej
mckinnej

The deficit costs you're talking about came from our elected officials. Those are programs they rammed through and saddled taxpayers with. The "Feds" being mentioned in this article are not elected. They are working stiffs just like you and me. They don't make the rules, but they have to work with them. They have large workloads and limited budgets, which obviously do not mix well. They often have to be very creative and innovative to reconcile the two. (When I was active duty military I had my budget cut 75% in one year. How would you deal with that?) There are always some idiots that do bad things and squander taxpayer money like the recent GSA conference scandal, but in general the Feds are regular hard-working folks who get a bad rap because of a few bad actors. As for the hammers and toilet seats, that's a long topic that I'm not going to get into. In a nutshell, blame it on the massive tangle of government contracting rules. The government asked for a small quantity of very specific non-commercial items. The contractor can only spread the design and manufacturing costs across a few dozen items rather than hundreds of thousands of items like Craftsman. In addition, the government often publishes how much they expect to pay for items like this, which effectively sets the price. I know where you're coming from; we have a lot of problems. Your problem is you're blaming the wrong people. Remember that when you go vote next month.

HypnoToad72
HypnoToad72

You might want to look up "Romneycare", since Obama based his reform on Romney's plans... Romney has claimed to hate it, but he's also annoyed conservatives by bringing in Michael Leavitt (a supporter of "Obamacare") for if he wins the presidency... There are lots of convenient things you don't seem to be aware of... After all, can you provide details as to why the hammers cost $600? $800 toilet seats? I just did a web search using "$600 hammer government myth" and a few articles dispelling that myth came up... try using the same keywords and see for yourself. Both public and private sectors have made mistakes, been less than ethical, and everything else running the gamut... But since the government created the internet that some wrongfully and amusingly call "a corporate gift" for the rest of us, very little surprises me anymore...

CharlieSpencer
CharlieSpencer

You're rejecting the entire premise simply because of who's proposing it. Maybe you'd like to try getting past the messenger and taking a look at the message on its own merits.

gechurch
gechurch

Maybe the people that wrote this BYOD report aren't the same people that chose the $800 toilet seats for the military and set up Obamacare. And perhaps the validity of this report has nothing at all to do with the reason there's a 16 trillion dollar national debt. A crazy thought, I know! I don't live in America, but I'm guessing the number of people working in government jobs is at least in the hundreds of thousands. Using the term "they" doesn't actually make them the same people.

ddmcd
ddmcd

Did you read the article? I've been studying this area for a while, know folks who deal with these issues in both the public and private sectors, and I can assure you it makes a lot of sense. Dennis McDonald http://www.ddmcd.com

Deadly Ernest
Deadly Ernest

from the section about the types of units in an organisation and I made no claims there about what the organisation did or it's break up or who got paid at what rate. I'll agree a bit about the salaried people wanting to have their own devices, but disagree about how many of the white collar workers are in a position to make a beneficial use of them unless you let them choose what type of desktop the accounts and secretarial staff want to put on their desk. I also agree some of the salaried (ie managerial) staff will be working away from their desk, as I stated later in my original post. But I've worked in production facilities, both on the shop floor and in the admin area, and in large admin only type operations (federal public service being one) and the great majority of the white collar workers and even the salaried staff did NOT do any work involving the corporate computer systems away from their desk. Yes they were some, but very few and they had notebooks; even then they mostly used them to review or create documents copied to the hard drive, they didn't do remote access of the corporate systems due to the security not allowing it. I agree with your assessment it's a very small number of higher level people, which is why I started this sub-thread. One of the things about this whole BYOD thing that a lot of people seem to be ignoring is that the use of a wireless accessed device being given easy access to the corporate network is virtually the same (security wise) as installing a wireless point with no or little security on it. In the past many senior execs got sacked for doing that to make the sue of their office layout easier for them. Now we have people saying that's the way to go. It all seems very silly to me. For the senior execs who want easy access to their emails and calendar, as that's about all most need while out of the office, set them up something in Gmail they can access from their desk as well. Then they can anything they want and you don't have to worry about how it interacts with the network as it won't need to.

mudpuppy1
mudpuppy1

are blowing my feeble attempt at humor way out of proportion. No slight of the honest hard working Federal employee was intended (I know they are out there as I have dealt with them). The fact remains that we have a bloated bureaucracy that grows larger and more inefficient all the time. It's not the lower-level employees that are the problem. I'm not blaming them. I try to keep my comments short so a lot goes unsaid, which results in misinterpretations. It's the upper management empire-builders and of course, the elected officials (who haven't passed a budget in what, 3-4 years?) that are the problem. As for the hammer thing, I am well aware of the economies of scale that dictate the final costs. Enough with that one. When I was in the military, I had a job for a few years where I was involved in procurement and dealing with contractors. Many of those unelected employees write regulations that have the force of law and cost all of us more money in taxes. Shouldn't that be Congress's job? Anyway, it is commendable that a Federal agency says it wants to do things efficiently. Most of the time it doesn't work out that way regardless of intentions.

mudpuppy1
mudpuppy1

The article is about a Federal program so Romneycare is not relevant, although I get your point. I'm aware of a lot more than you think I am. There isn't room enough in the comments to list it all and still expect it to be read. I already addressed the $600 hammer comment. I know the private sector makes mistakes, but again, that was not the focus of the article. Any organization that gets to be large is going to have efficiency and waste issues, public or private. That's why smaller business and smaller government just works better. You can deal with a wasteful business by taking your business elsewhere. We don't have that choice with the government.

mudpuppy1
mudpuppy1

I was in the military when that story hit. Even I knew it was an exaggeration. I just threw that in there so people wouldn't think I was just picking on one side.

mudpuppy1
mudpuppy1

I rejected it. The opportunity was just too good to pass up. For a government agency to put out something like this is actually a good thing. Living up to it is another matter entirely. Their track record is not that good.

mudpuppy1
mudpuppy1

the number of people working in the US government is in the millions. In my experience, with a few notable pleasant exceptions, the bureaucratic mindset is alive and well so the term "they" is entirely appropriate.

Marc Jellinek
Marc Jellinek

Is like publishing your confidential corporate data on the front cover of the NY Times... or having someone do it for you. I love BYOD. God knows my personal computers, tablets and phones are more capable that what most employers will supply. But until the security holes in iOS and Android are reliably plugged and end-users take infosec seriously, this is just an advertisement for consumer device vendors and the retail outlets that sell the devices. I find it odd that no one points out the obvious conflict of interest with the Governor of DE... as a founder of Nextel, it's not a stretch to say he's probably got a butt-load of Sprint stock. He absolutely stands to directly benefit.

mudpuppy1
mudpuppy1

it didn't make sense. Did you read the last two sentences of my comment? Our government is known for its fraud, waste and abuse of our (taxpayer's) resources. Yes, I read the article and even took a peak at the referenced Web page. I don't comment on articles I haven't read. I was just trying to illustrate the irony of it all.

Deadly Ernest
Deadly Ernest

how some people would prefer to be using a device they prefer, but it opens huge problems with regards to data security and in most countries it creates major cost issues in regards to the cost of the use as individuals can NOT get the reduced wireless data rates that companies can get. In most countries wireless is paid for by the MB and is NOT cheap.

Charles Bundy
Charles Bundy

were about the Federal govt. with the implication that their waste was so egregious that they aren't credible with regards to efficiency. I'll just leave it at "we agree to disagree" on how egregious their waste is.

mudpuppy1
mudpuppy1

the article is about a Federal agency so that is what I limited my comments to.

Charles Bundy
Charles Bundy

There is also waste in the private sector and state government. The universe will not allow us to break even, thus even at its most fundemental the universe has waste. On the other hand there are a lot of positive things going on. I believe that most folks try to do the right thing no matter what sector they are working in.

Deadly Ernest
Deadly Ernest

Microsoft in charging people for the code to design apps for Win 8, then charging them to join the list of those approved to sell apps through the Microsoft STore, then charging them to sell any of those apps through the store? That does sound a lot like charging people to enter the door before they can do any sales. It's just the medium of exchange is a little different.

mudpuppy1
mudpuppy1

you may have a point (with some corps anyway), but I haven't seen any of them charging slips of latinum just to get in the door (yet). :)

NickNielsen
NickNielsen

are pretty tame compared to some of what corporate America wants.

mudpuppy1
mudpuppy1

Some regulation is necessary or else people's baser desires take over and we all get screwed. That's why we need governments. The trick is to not overdo it, but that is difficult to do. Without some regulation, we would be Ferengi.

NickNielsen
NickNielsen

Too often in my recent experience those complaining about government regulation want to do away with all regulation.

mudpuppy1
mudpuppy1

Some regulation is necessary. Safety regs on cars is a good thing. The DOT bumpers added to the lower parts of big-rig trailers is also a good idea. They prevent cars from sliding underneath and decapitating drivers Many other regs are worthy. I never said (nor implied) that we get rid of all regs.

NickNielsen
NickNielsen

Some amount of regulation is necessary. Yes, there is overreach. Yes, economic factors should be considered when drafting regulations. But where is the line? Should we stop regulating automobile safety because it adds $4k to the cost of the car? Should we stop regulating drug safety because it adds thousands to the average American's medical bill? Should we stop monitoring food safety because of the added costs? A lack of regulation led to Love Canal and most of the other environmental Superfund sites. A case can be made that deregulation allowed both the S&L debacle and the securities collapse after the housing bubble burst. We already know that getting anything substantial through Congress is almost impossible. We also know that Congressmen don't read most of what they vote on. Do we want to add thousands more pages for them to not read?

gechurch
gechurch

That figure doesn't surprise me at all. In the state where I live (non-US) 1/3rd of the state are in government jobs, and 1/3rd are on welfare. That's two thirds of the state living on tax-payer money (either earnt, or gifted). And we wonder why the state's in financial trouble! I still don't agree with the use of "they". In my experience, most people use that word to polarise opinion and paint the 'other side' as an enemy.

mudpuppy1
mudpuppy1

but many of them write regulations that have the force of law. Congress has been abdicating some of its responsibilities. I agree that Congress is the opposite of progress. I've said that for years.

NickNielsen
NickNielsen

The bureaucracy does not pass the laws that allow the fraud, waste and abuse or that require the military to purchase the $600 toilet seats and $800 hammers. That honor falls to Congress (the opposite of progress).

Marc Jellinek
Marc Jellinek

What they haven't embraced is quality control and SLAs. Our unemployment systems and MVC (Motor Vehicle Commission) systems were outsourced by Gov Corzine, who had such wonderful experiences with outsourcing at Goldman Sachs (huge fines for regulatory compliance related to missing data) and MF Global (hundreds of millions of dollars that no one can find). The results of unemployment systems outsourcing? People who legitimately should be receiving checks don't; people who shouldn't be getting them (the recently hired) keep getting them with no way to return the money. The results of MVC outsourcing? I regularly get letters demanding that I pay tickets that I got (and paid) 15+ years ago under threat of having my drivers license revoked. I paid them (again) in order to assure my license would remain valid, but I demanded that the money be returned. A few trips down to the MVC to work things out were fruitless. A registered letter sent to the Governors office, cc'd the Administrator of the MVC and the Newark Star-Ledger finally got my money back and a resolution in writing (in case it happens again). By all means, please outsource and offshore more. I love chasing my tail at taxpayer expense.

HypnoToad72
HypnoToad72

Until everything gets automated, following private industry's lead of automation (and offshoring) but at least the private industry gets propped up at taxpayer expense more readily...