Security and BYOD concerns move closer to resolution as the trend toward greater use of mobile devices picks up speed.
The use of mobile devices in the government got a boost in 2012 when the Obama administration made mobility a central element of the Digital Government Strategy. President Barack Obama’s re-election ensured that the push from the top will continue.
It is not just a top-down effort, however. The proliferation of mobile devices also has a bottom-up impetus. Employee demand, in fact, is the prime mover behind the bring-your-own-device trend.
There’s no question that the government’s future — and indeed, much of its present — lies in mobility. “There is no holding back the tide here,” said Warren Suss, president of Suss Consulting. He and other experts agreed that 2013 is likely to see a significant expansion of mobility as an integral part of acquisition and agency policy-making. And BYOD will spread.
And yet, challenges remain. Security and privacy are harder to ensure on mobile devices, especially on those that the agency doesn’t own.
“People are struggling on the security side,” said Tom Suder, president and founder of Mobilegov and industry chairman of the Advanced Mobility Working Group at the American Council for Technology–Industry Advisory Council. “Enterprise mobility is a lot more complex than citizen services.”
Still, the initial mobility strategy that followed on the heels of the larger Digital Government Strategy marked a turning point, Suder suggested. “We really got our arms around the issues” in 2012, he said. “We’ve galvanized the government to get things together.”
The Agriculture Department and the Department of Veterans Affairs each awarded mobile device management contracts in 2012, he added, and most agencies have at least a draft BYOD policy. In 2013, he expects both trends to accelerate.
BYOD makes the security situation more difficult, but the government is working toward solutions. Because agency and personal data are mingling on devices that are not under the agencies’ full control, concerns persist.
One common security measure is to allow no data at rest, or persistent data, on mobile devices. Government employees could use their own devices to interact with data stored on an agency server, and when they finish their work, no data would remain on the mobile device.
There's no holding back the tide here. -- Warren Suss, Suss Consulting
But there’s a significant disadvantage to that approach, said Bryan Pagliano, special adviser to the Bureau of Information Resource Management at the State Department. It means that employees cannot work off-line. For State’s Foreign Service officers stationed in remote parts of the world, connectivity is not always ensured. Other federal employees, including the military, operate in similar conditions.
At State, one solution is to provide agency-issued BlackBerrys that are allowed to store data, he said, but that approach undercuts the advantages of BYOD.
Nevertheless, the security approach is evolving, and 2012 saw the beginnings of a new focus on applications that should continue to expand in 2013, said Brian Duckering, senior manager of Symantec’s Enterprise Mobility Group.
“We realize there may be 50 or 100 apps on a device, but there may be only three or four that actually have the ability to access and transmit the data we’re concerned about,” he said. If the agency can control those apps, it can secure the device more effectively than trying to apply mobile device management to employee-owned devices.
State is expanding its Global OpenNet mobility program, Pagliano said. “We’ve continued to adapt that platform so it can be used on more devices,” he said. Originally called OpenNet Everywhere, the next iteration now under development might be called iGO, a play on Apple’s naming convention and the G.O. acronym for Global OpenNet.
BYOD is likely to take center stage in State’s 2013 mobility efforts, he said. “We’re trying to find out where’s a reasonable amount of risk to accept to do a BYOD program,” he added.
Among the department’s goals for the year is creating a system in which an employee can use a single device, such as a tablet computer, to log in from home, from the office or from a meeting with the same level of access and functionality at each point.
“Since our foreign services officers rotate every one to three years, there is a lot of overhead in transferring data,” he said. “To have a single profile to follow [one’s whole] career through the State Department, that would be very interesting.”
But widespread adoption of BYOD isn’t a given, he added. “Can you make a business case? Users might like to carry just one device, but would two really be a hardship? What our leadership is interested in is, if we do BYOD, what savings do we find? What is the cost?”
NEXT STORY: Interior secretary to step down