It sounds counterintuitive, but taking lessons from the Federal government about saving money and making constituents (users) happy might not be a bad idea – in some cases.
That’s because there’s a new Federal directive laying out both guidelines and case studies on how to manage the fast-growing Bring Your Own Device (BYOD) trend in cost effective, productivity-boosting and secure ways.
Good advice from a government agency? We’re not making this up.
And, apparently, neither are the feds who have a number of success stories about BYOD to tell. Among them:
- The Department of the Treasury’s Alcohol and Tobacco Tax and Trade Bureau (TTB) which rolled out a virtual desktop that allowed a BYOD program with almost no policy or legal implications;
- The U.S. Equal Employment Opportunity Commission (EEOC), which was among the first of several Federal agencies to launch a BYOD pilot that let employees to “opt out” of the government-provided mobile device program and install third-party software on their own personal smartphones for official work, and
- The state of Delaware, where the current governor, Jack Markell, was one of the founders of wireless pioneer Nextel. The state jumped on the BYOD bandwagon early and reaped significant cost savings by having employees turn in their state-owned devices in favor of a personally-owned one, which may wind up saving the state approximately half of its current wireless expenditure.
Despite these cost savings and the flexibility BYOD gives workers, the Feds haven’t ordered all agencies to embrace the practice. But they do caution their IT leaders not to fight the fast-moving shift among workers to abandon employer-issued devices in favor of ones they prefer.
Going along with a user-initiated practice doesn’t have to mean IT loses control over either hardware or data contained on it. The feds guidelines lay out a BYOD policy that’s supposed to enable users and protect the organization from rogue access of its networks by employees.
They caution that BYOD isn’t right for every agency (translate: every business unit). They recommend three important criteria that need to looked at before moving ahead:
1. BYOD is about offering choice. Programs should be able to deliver flexibility that helps workers balance work and personal lives, improve productivity by expand opportunities to work outside the office and while on the move.
2. BYOD can and should be cost-effective, so a cost-benefit analysis is essential as the policy is deployed. The two big factors to examine: How BYOD can increase employee productivity and the potential cost shifts it will allow.
2. BYOD poses security, policy, technical, and legal challenges that involve both internal and external relationships. The data users are accessing and working with may belong to your organization or it may be the data of your customers or clients.
The directive lays out three high-level means of implementing a BYOD program:
- Virtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device;
- Walled garden: Contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data;
- Limited separation: Allow comingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied.
Your organization may not be ready to tackle a BYOD program, but it’s fairly certain your users are. Some of them have probably already launched their own, ad-hoc practices that could put your data and your network at risk.
The feds directive lays out an exhaustive list of things you’ll need to consider when determining whether a BYOD program is a good idea. Running through that list with your leadership team and your IT staff could be a time-consuming and tedious process.
Which is likely why most government programs take so long and involve metric tons of documentation and official signatures. Business can streamline the process. But IT leaders need to take serious note of all the angles the feds point to before the organization dives into BYOD waters.
You can check out the feds directive online at http://www.whitehouse.gov/digitalgov/bring-your-own-device.
Valerie Helmbreck is a noted journalist with numerous accolades and awards. She writes for Progressive Business Publications as editor-in-chief of The Information Technology Advisor.