Agency IT should focus on apps, not devices

Want to scare an agency IT professional? Ask if you can put your unlocked iPhone on the internal agency network, and chuckle as your victim ages before your eyes. Federal IT leaders are tearing their hair out trying to determine how to best manage the growing demand for personal devices on secure networks, also known as bring your own device or BYOD.

The collective freaking out over BYOD, while justified, misses the larger point: The fight between agency IT departments and end users isn't over devices. It's over the applications on those devices.

Federal workers rely on a variety of applications, from calendars to task tracking to productivity suites, to do their jobs, but those applications might not be available on their government-issued devices.

It's not just agency business workers either. Even government IT professionals are trying to get access to mobile apps to help them do their jobs more effectively.

Love the app, hate the device

It's called "bring your own application," or BYOA. By addressing it, agency IT teams can avoid the security snarl posed by BYOD. More than just giving end users what they want in the form of a wider choice of mobile apps, delivering on the promise of BYOA can also offer IT departments far more security and stability in their operations, especially in the face of BYOD chaos.

From a purely functional standpoint, BYOA is the same as BYOD, except for the fact that application management is far easier to implement than device management, especially on an ever-growing scale that includes multiple versions of Windows Mobile, iOS and every flavor of Android imaginable. Keep in mind that BYOA doesn't mean every application will be given a green light. Instead, only those that have a measurable business use and can meet agency IT security criteria will be allowed.

BYOA, however, is easier said than done. How does an agency embrace customized mobile business apps while keeping rogue devices at bay? Some federal entities are already using one emerging strategy of an app store coupled with simultaneous control of the server-side applications to which the users' apps connect.

DIY enterprise applications

Agency app stores, similar to the General Services Administration's apps.USA.gov or the Defense Department's pending storefront, would feature agency-approved applications that are either created internally or, more likely, delivered by third-party providers for agency use. That allows for end-user customization while making agency IT professionals' lives that much easier, at least in theory.

With almost every BYOA client application on a mobile device, there will be a server-based, agency-monitored app that controls authentication and access to the data. That client/server relationship makes it easy to add layers of access control to specific apps, which are managed on the agency side via secure authentication and authorization technologies.

Go Web, young man

For agencies that are too concerned about security to readily engage bring your own anything, an alternative (maybe BYOA-Lite) could be the adoption of another emerging trend: mobile-friendly Web applications. Rather than focusing on client/server applications, agency IT professionals could begin directing users to secure, mobile-friendly portals for standardized apps, much like they already do for tasks such as email.

Personal devices would be treated like any non-standard device, and additional security layers could be added via a secure token or fob. That would eliminate a potential "app of the week" scenario while still giving agency IT teams continuous control over their app ecosystem.

Even in the private sector, BYOA adoption is very much in its infancy. But given the struggles that BYOD has brought about, agencies need to stop fighting over devices and start embracing a wider swath of mobile applications, and perhaps even solve a few additional IT headaches along the way.