Can mobility escape the security snare?

The incorporation of mobile devices into agency work has continued to expand, but its main challenge is one that has lingered since the technology began gaining traction in the federal government: security.

Rick Holgate, assistant director and CIO at the Bureau of Alcohol, Tobacco, Firearms and Explosives, says that agencies are taking diverse approaches to incorporating mobility, but can't shake some common worries.

“As you look across various agencies, there’s a lot of disparity in the way how people think about their IT infrastructure, how they might expand that mobile environment and secure it,” Holgate said.

In the last 12 months, federal agencies have started to address the security issues, whether it’s updating or drafting new policies or creating new security controls, he said. Taxonomy is also catching up, noted Holgate, who serves as co-chair of Advanced Mobility Working Group at the American Council for Technology and Industry Advisory Council.

“We’re starting to see more common vocabulary and framework to even have a conversation about security issues,” he said. “Beyond that, it’s a matter of looking at federal agencies and their various levels on risk tolerance as it relates to security.”

Risk tolerance, indeed, spans a broad range. Some agencies, such as the General Services Administration and the Agriculture Department, by nature have entirely different risk levels than departments dealing with sensitive or classified information. Law enforcement agencies have a risk tolerance that’s “much, much lower,” which can be seen in how they pursue something like cloud computing opportunities, Holgate said.

But all agencies have to assess their vulnerabilities and have an understanding what mitigations to put in place before considering a mobile move.  “Agencies are now starting to get more specific in trying to categorize solutions that meet the different levels of risk tolerance,” Holgate said.

Three months after the Office of Management and Budget released the digital government strategy, U.S. CIO Steven VanRoekel announced new guidance for "bring your own device" that highlights case studies and best practices for BYOD. The document was created by the Digital Services Advisory Group, of which Holgate is a member, and the Federal CIO Council.

The challenge of BYOD, he said, again boils down to risk. But the risk is compounded because the agencies have little or no control over devices owned by individual employees. 

The willingness of agencies to allow BYOD varies widely. The Defense Department, for example, “pretty much wants nothing to do with: BYOD, he said, whereas other organizations have moved more aggressively with providing their employees capabilities that enable remote work.

Good policy can go a long way toward making BYOD less risky for agencies. It also covers other concerns, such as whether agencies are able to pick up the mobile device and service tab entirely, partially or not all, he said.

“People are looking for the next-generation information on BYOD to come from the OMB that will address issues around reimbursement and the changing nature of the employee relations that BYOD means,” Holgate said. “There’s a cultural aspect as well – there are implications for what the organizations’ expectations are for employees who are now connected 24/7.”

[Related: Keeping work and life balanced in a BYOD world]

About the Author

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.


  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.