Can mobility escape the security snare?

The incorporation of mobile devices into agency work has continued to expand, but its main challenge is one that has lingered since the technology began gaining traction in the federal government: security.

Rick Holgate, assistant director and CIO at the Bureau of Alcohol, Tobacco, Firearms and Explosives, says that agencies are taking diverse approaches to incorporating mobility, but can't shake some common worries.

“As you look across various agencies, there’s a lot of disparity in the way how people think about their IT infrastructure, how they might expand that mobile environment and secure it,” Holgate said.

In the last 12 months, federal agencies have started to address the security issues, whether it’s updating or drafting new policies or creating new security controls, he said. Taxonomy is also catching up, noted Holgate, who serves as co-chair of Advanced Mobility Working Group at the American Council for Technology and Industry Advisory Council.

“We’re starting to see more common vocabulary and framework to even have a conversation about security issues,” he said. “Beyond that, it’s a matter of looking at federal agencies and their various levels on risk tolerance as it relates to security.”

Risk tolerance, indeed, spans a broad range. Some agencies, such as the General Services Administration and the Agriculture Department, by nature have entirely different risk levels than departments dealing with sensitive or classified information. Law enforcement agencies have a risk tolerance that’s “much, much lower,” which can be seen in how they pursue something like cloud computing opportunities, Holgate said.

But all agencies have to assess their vulnerabilities and have an understanding what mitigations to put in place before considering a mobile move.  “Agencies are now starting to get more specific in trying to categorize solutions that meet the different levels of risk tolerance,” Holgate said.

Three months after the Office of Management and Budget released the digital government strategy, U.S. CIO Steven VanRoekel announced new guidance for "bring your own device" that highlights case studies and best practices for BYOD. The document was created by the Digital Services Advisory Group, of which Holgate is a member, and the Federal CIO Council.

The challenge of BYOD, he said, again boils down to risk. But the risk is compounded because the agencies have little or no control over devices owned by individual employees. 

The willingness of agencies to allow BYOD varies widely. The Defense Department, for example, “pretty much wants nothing to do with: BYOD, he said, whereas other organizations have moved more aggressively with providing their employees capabilities that enable remote work.

Good policy can go a long way toward making BYOD less risky for agencies. It also covers other concerns, such as whether agencies are able to pick up the mobile device and service tab entirely, partially or not all, he said.

“People are looking for the next-generation information on BYOD to come from the OMB that will address issues around reimbursement and the changing nature of the employee relations that BYOD means,” Holgate said. “There’s a cultural aspect as well – there are implications for what the organizations’ expectations are for employees who are now connected 24/7.”

[Related: Keeping work and life balanced in a BYOD world]

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1986, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group