Mobile device management: A prerequisite for BYOD
When it comes to mobile devices in the workplace, government agencies might be adopting the motto “If you can’t fight them, join them.”
Most government agencies that plan to increase their mobile spending in the next year are likely to encourage employees to use their own mobile devices at work — a practice that is commonly called bring your own device (BYOD). That finding, from the 1105 Government Information Group’s 2012 survey, masks the big picture, though: Government adoption of BYOD lags behind that of private industry.
“There is strong interest within the federal government for implementing BYOD, but it will likely lag the earlier and broader adoption we are seeing within industry,” says Chris Smith, formerly CIO at the U.S. Department of Agriculture and now U.S. federal chief technology and innovation officer at Accenture Federal Services.
“Organizations have figured out that they can’t stop people from bringing mobile devices into the workplace, so they might as well try to embrace it,” notes Phil Simon, a frequent speaker and author of “The Age of the Platform: How Amazon, Apple, Facebook and Google Have Redefined Business.”
To date, few government agencies have adopted BYOD, though several don’t bar employees from using their own smart phone or tablet at work. The vast majority of survey respondents indicated that their agencies provide devices to employees; just 12 percent of the respondents encourage a BYOD program (see Figure 1).
BYOD advocates cite many advantages for agencies that adopt such a policy, including the obvious device cost savings, increased productivity of employees using devices they already have and the reduced training costs, among others.
However, allowing employees to use their own devices for work-related tasks does have a cost. What if an employee with critical information on a mobile device forgets to back up the device? Suppose an employee loses a device with critical information on it or leaves the department suddenly?
These concerns are completely valid. The best way to ensure that these issues don’t damage the organization, the state or the country is by developing a comprehensive mobile device management strategy that includes not only policies and procedures but technology to back them up. There are many types of tools on the market:
• MDM (mobile device management) solutions focus on securing the devices themselves.
• MAM (mobile application management) solutions secure applications used on mobile devices.
According to the survey, the most important parts of a mobile device management strategy are:
• Enabling network access from mobile devices via a secure virtual private network.
• Developing policies on which applications and data can and can’t be accessed by employee mobile devices.
• Enabling the IT department to remotely wipe only agency apps and data from a device (leaving personal data alone).
Other best practices include requiring employees to use a screen-lock passcode, enabling the IT department to audit devices for security compliance, encrypting all user data, and creating containers (sometimes called sandboxes) within devices that hold only agency data.
As important as these measures are, they can backfire if not done in a thoughtful and effective way. In fact, the survey found that by imposing too many security features and making it too difficult to use the devices, more than half of employees are deterred from wanting to use their own mobile devices for work (see Figure 2).
“One of the biggest challenges is how to put enough controls and security around sensitive data on a mobile device while still making them accessible and useful to employees,” says Smith. “Doing it right means having clear, thoughtful policy discussions.”