Your SlideShare is downloading. ×

BYOD = Bring Your Own Device

748

Published on

Read more about this guide: http://www.govloop.com/profiles/blogs/new-govloop-report-exploring-bring-your-own-device-in-the-public-

Read more about this guide: http://www.govloop.com/profiles/blogs/new-govloop-report-exploring-bring-your-own-device-in-the-public-

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
748
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BY ODResearch Report
  • 2. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOR CONTENTSAbout GovLoop 4Executive Summary 5Summary of Survey Findings 6 Do You Have a BYOD Policy? 7 Should Your Agency Provide a Device for You? 8 Do You Use Your Personal Phone for Work? 9 How Important is Ease of Use and Functionality in Your Work Devices? 10 What Are the Benefits of BYOD? 10 Would BYOD Help to Recruit and Retain Employees? 12 What Are Your Roadblocks to Adoption? 12Challenges and Best Practices for Bring Your Own Device 13Challenge: Providing Employee Reimbursement 13Challenge: Maintaining Security in Diverse Network 14 Best Practice: Assess Network 15In Focus: How to Build Trust in Your Network 15Challenge: Anticipating Legal and Policy Challenges 16 Best Practice: Create Transparent Security Processes 17 Best Practice: Establish Ownership of Data – Silo Personal and Professional Data 17 Best Practice: Regulate User Applications 18 Best Practice: Provide Device Support Guidelines 19 2
  • 3. A RESEARCH REPORT FROM GOVLOOP AND CISCOIn Focus: Minneapolis App Store 19Challenge: Blurring Lines Between Personal and Private 20 Best Practice: Promote Work / Life Balance 21 Best Practice: Lead By Example 21GovLoop Resources 21Overview of White House BYOD Toolkit 22BYOD in Brief: Expert Insights with Cisco’s David Graziano 24Conclusion 26Top 5 Next Steps for BYOD at Your Agency 27 Step 1: Meet With Key Stakeholders to Develop Pilot Plan 27 Step 2: Meet with Legal Team 27 Step 3: Craft Internal Policy for BYOD 27 Step 4: Announce Program to Employees 27 Step 5: Iterate, Review Outcomes, Improve BYOD Strategy 27About the Authors 28 Pat Fiorenza:GovLoop Research Analyst 28 Lindsey Tepe: GovLoop Fellow 28 Jeff Ribeira: GovLoop Content and Community Coordinator 28 Vanessa Vogel: GovLoop Design Fellow 28 3
  • 4. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOR ABOUT GOVLOOPGovLoop’s mission is to “connect government to improve government.” We aim to inspire public sector profes-sionals by serving as the knowledge network for government. GovLoop connects more than 60,000 members,fostering government collaboration, solving common problems and advancing government careers.The GovLoop community has been widely recognized across multiple sectors as a core resource for informationsharing among public sector professionals. GovLoop members come from across the public sector; includingfederal, state, and local public servants, industry experts, as well as non-profit, association and academic partners.In brief, GovLoop is the leading online source for addressing public sector issues.In addition to being an online community, GovLoop works with government experts and top industry partnersto produce valuable resources and tools, such as guides, infographics, online training, educational events, and adaily podcast with Chris Dorobek, all to help public sector professionals do their jobs better.GovLoop also promotes public service success stories in popular news sources like the Washington Post, Huff-ington Post, Government Technology, and other industry publications. Thank you to our sponsor, Cisco, forsponsoring this research report.LocationGovLoop is headquartered in Washington D.C., where a team of dedicated professionals share a common com-mitment to connect and improve government. GovLoop 734 15th St NW, Suite 500 Washington, DC 20005 Phone: (202) 407-7421 Fax: (202) 407-7501 4
  • 5. A RESEARCH REPORT FROM GOVLOOP AND CISCO EXECUTIVE SUMMARYFor years, people have been using their own laptop, Public Sector at Cisco. Kimberly was one of the earlycomputer, or phone for work. Now, more than ever adopters of BYOD in the federal government, herbefore, people desire to work on the device of their perspectives in this report provides insights on thechoice, anywhere and at any time. In this mobile en- evolution and challenges of BYOD programs in thevironment, public sector agencies are challenged to federal government.find new and innovative ways to connect employeesacross multiple devices. Kimberly states, “The BYOD policy is our first to be issued and it will be revised as we evolve the program,With these new expectations, government agencies we are currently in a beta pilot. We started out withare challenged to manage multiple users, develop rules of behavior, privacy, and expectations for peoplepolicies, and retain security in a versatile and diverse who bring their personally owned device.”network. Additionally, public sector entities mustprovide the right IT infrastructure and support for This report is by no means a finished project. It isnumerous devices and operating systems. our sincere hope that after reading this report, you will work to improve how BYOD operates in yourThe GovLoop Research Report, Exploring Bring Your agency, drive innovation in government, and shareOwn Device in Government, will provide expert in- your newfound knowledge on GovLoop. In doing so,sights from those in the trenches of BYOD policy. you will help facilitate knowledge sharing across theThis report also provides a summary of a recent survey public sector, helping colleagues tackle similar BYODconducted by GovLoop in 2012, administered to 103 challenges they are facing.members from the GovLoop community. In today’s mobile environment, BYOD is becomingFor this report GovLoop Research Analyst, Pat Fio- more and more a reality. Now is the time for agenciesrenza, recently spoke with Kimberly Hancher, Chief to embrace BYOD, and learn how to make BYODInformation Officer (CIO) at the U.S. Equal Employ- work at their agency. “Stop talking and start doingment Opportunity Commission (EEOC) and David it, you can talk about it forever, you just need to getGraziano, Director, Security and Unified Access, US started,” stated Kimberly. 5
  • 6. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOR SUMMARY OF SURVEY FINDINGSThis section provides an overview and key findings FEDERAL 62%from GovLoop’s online survey. Throughout the re-port we have addressed several of the key challenges LOCAL 20%of bring your own device initiatives identified fromthe survey. The GovLoop survey was conducted from STATE 18%June 8 to July 2, 2012, and had a total of 103 par-ticipants. The survey was developed to explore com- WHAT LEVEL OFmon trends regarding BYOD from the GovLoop GOVERNMENT DOcommunity, with the goal of better understanding the YOU WORK FOR??common challenges and roadblocks for BYOD in thepublic sector.Survey respondents were predominantly from thefederal level of government (62%) with the rest of therespondents being closely divided between the state(18%) and local (20%) levels. Respondents repre-sented public sector entities across all levels of gov-ernment, and many different kinds of municipalitiesacross the United States, including City and Countyof Broomfield, WA; City of Coral Gables, FL; the De-partments of Commerce, Energy, and Defense; andseveral other federal agencies or departments. 6
  • 7. A RESEARCH REPORT FROM GOVLOOP AND CISCO DOES YOUR CURRENT ORGANIZATION HAVE A BRING YOUR OWN DEVICE POLICY? NO 80% YES 20%The survey questions asked respon-dents to answer several multiple-choice questions as well as rankstatements on a scale of 1 to 5, with5 representing the highest score and HOW DESIRABLE1 representing the lowest. WOULD A BRING YOUR OWN DEVICE POLICY BEDO YOU HAVE A BYOD FOR YOUR AGENCY?POLICY? 1 12%Results indicate that the majority 2 5%of respondents’ organizations donot currently have a BYOD policy 3 17%(80%), while only 20% stated their 4 19%agency currently has a policy. 5 43%When asked how desirable a BYODpolicy is at their agency, 62% of re- NOT APPLICABLE 5%spondents indicated that it wouldbe desirable or extremely desirable. Please use a 5-pointOf the remaining respondents, scale, where 5 is Extremely Desirable17% selected 3, 12% selected 1, and 1 is Not Desirable.5% selected 2; 5% responded thatthis question was not applicable. 7
  • 8. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTORIS IT NECESSARYFOR GOVERNMENT TOPROVIDE A DEVICEFOR EMPLOYEES? 56%44% HOW IMPORTANT IS IT FOR AN ORGANIZATION TO PROVIDE YOU WITH A DEVICE? 1 9%NO YES 2 14% 3 23% 4 24%SHOULD YOUR AGENCY 5 27%PROVIDE ADEVICE FOR YOU? NOT APPLICABLE 3% Please use a 5-pointRespondents were asked if it is nec- scale, where 5 isessary for government to provide a Extremely Desirable and 1 is Not Desirable.device to employees. 56 percent ofrespondents said “Yes,” and 44 per-cent said, “No.” Below are some examples from re- Additionally, respondents wereExpanding upon their answers, par- spondents who do not believe gov- asked to rank how important it isticipants who responded “yes” gave ernment should provide a device to for their organization to provide de-these specific reasons: employees: vices to employees. The majority of participants (51%)of government supplied IT equip- use my personal device” responded with a 4 or 5. Of the re-ment” maining respondents, 23% chose a device suitable for government 3, 14% chose 2, 9% chose 1, and work” finally, 3% indicated the questionavailability” was not applicable. there should be a limit as to howthat could arise with bring your much an employee must be askedown device” to contribute” 8
  • 9. BY A RESEARCH REPORT FROM GOVLOOP AND CISCO DO YOU USE YOUR PERSONAL PHONE FOR WORK PURPOSES?41% 33% 35% 30% 21% 13%YES- EMAIL YES- SOCIAL YES- ENTERING YES-READING & NO OTHER NETWORKS TIME/EXPENSES/ WRITING RELATED BUSINESS FUNCTIONSDO YOU USE YOURPERSONAL PHONE FORWORK?Survey participants were asked (21%); entering time, expenses and calls, occasional emails and texting,how they use their personal phonerelated business functions (13%); and receiving business-related noti-for work purposes, with the op- and reading and writing (30%). fications from customer mobile ap-tion to check all responses that plications. The same question wasapply and report additional uses.Thirty-three percent (33%) of re- asked regarding tablets, with the spondents reported they do not majority of respondents stating theyRespondents indicated that they use their personal phone for work do not use their personal tablet forutilized their personal phones functions. For those who reported work. For those who do, the mainfor email (41%); social networks additional uses, they listed phone reason was for reading and writing. 9
  • 10. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTORHOW IMPORTANTIS FUNCTIONALITYAND EASE OF USE OFDEVICE? 3 5% 4 24% 5 70% NOT APPLICABLE 1%Please use a 5-pointscale, where 5 is Of the provided responses, 71%Extremely Important believed that “allowing people toand 1 is Not Important. work on most comfortable device,” was the greatest benefit, followed by improved productivity (58%), and cost savings (55%). Respon- dents submitted additional benefits such as not having to carry multipleHOW IMPORTANT IS EASE WHAT ARE THE BENEFITS devices, more modern equipment,OF USE AND FUNCTION- OF BYOD? facilitating telework, and improved usability.ALITY IN YOUR WORK When asked what the benefits ofDEVICES? BYOD, respondents were able to The survey also found other benefits select all that applied from cost sav- for BYOD policies. For instance,When asked how important func- ings, allowing people to work on the survey finds that 79 percenttionality is and the ease of use of de- the most comfortable device, and of respondents believe that BYODvices, respondents overwhelmingly improved productivity. Respon- could have a positive impact onselected 5 (70%), followed distantly dents were also provided the oppor- employee satisfaction, productivityby 4 (24%) and 3 (6%). tunity to report additional benefits. and employee engagement. 10
  • 11. A RESEARCH REPORT FROM GOVLOOP AND CISCOWHAT ARE THEBENEFITS OF BRINGYORU OWN DEVICE? 71%55% 58% 29.7% 29%COST SAVINGS ALLOW PEOPLE TO WORK IMPROVED OTHER ON MOST COMFORTABLE PRODUCTIVITY DEVICESRespondents elaborated on their many ways to look at how BYOD employee standpoint, I think thatanswers by stating: can potentially save costs within an smartphones and tablets have be- agency. come an extension of an individ- ual’s personality and personal pro-and satisfaction for those who have Our survey found that 55 percent ductivity.more current devices that they can of respondents believed cost sav-use in lieu of the federally-provided ing was a benefit. Generally, cost One of the benefits is that if a per-equipment. Those who do not will savings can be found reduced de- son is very proficient on a device,most likely be angrier at the change vice costs, shared data plans, and they should take that proficiencyin policy and disparity in equip- increased productivity. By allowing into the workplace, rather thanment” employees to work on their desired learning how to be minimally profi- platform, they will become more cient with the government providedto perform work wherever they efficient using the tools they know device. I can’t overemphasize howwanted” best. Employees may use a PC for important personal productivity is - across the enterprise.”aids productivity” sonal use. By allowing the employee to select which tool to use, they are Similar to efficiency, by enabling - able to work on systems they are employees to work on the tool theybility initiatives” most comfortable in. feel most comfortable with, em- ployees will be able to accomplishThe three core benefits, cost sav- Kimberly Hancher stated in an in- tasks quicker and easier since theyings, efficiency and productivity terview with GovLoop Researchare typically contested. There are Analyst, Pat Fiorenza, “From an they are using. 11
  • 12. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTORWHAT IS THE LARGEST ROADBLOCK DO YOU BELIEVE THAT BRINGYOU HAVE SEEN TO IMPLEMENTING YOUR OWN DEVICE CANBRING YOUR OWN DEVICE WITHIN SERVE AS A RETENTION ANDYOUR AGENCY/DEPARTMENT? RECRUITMENT TOOL?57% 55% 56% 47% 44% 19% LACK OF NO IT INFRASTRUC- COSTS OTHER ORGANIZATIONAL TURE TO SUPPORT SUPPORT MULTIPLE DEVICES NO YES WHAT ARE YOUR WOULD BYOD HELP TO ROADBLOCKS TO RECRUIT AND RETAIN ADOPTION? EMPLOYEES? Finally, when asked what the largest or challenges for implementing When asked if they believed a roadblocks to developing a BYOD BYOD. Respondents commonly BYOD policy could serve as a re- policy were, respondents were able stated “security” as a concern. Fur- tention and recruitment tool, 56% to select all that apply from the fol- ther, some respondents cited laws of respondents said, “Yes.” and 44 lowing options: lack of organiza- in their home states, in which any percent said, “No.” Survey par- tional support, no IT infrastructure device used for work purposes be- ticipants commented, “This is too support, or costs. comes part of the public record and small an issue to make the difference subject to disclosure. if someone chooses to work here or The biggest roadblock was per- not;” “It may appear that agencies ceived to be lack of organizational One respondent summed up these are shifting costs to employees”; support (57%), followed by no IT roadblocks by listing, “lack of pol- “This is especially true for millen- infrastructure to support multiple icy, no clear way to reimburse staff nials and teleworkers”; “increased devices (55%) and costs (19%). for data plans on own devices, [and] Respondents also had the oppor- inconsistent IT policies to support that “It shows your office is forward tunity to submit other roadblocks personal devices.” thinking, savvy, and efficient.” 12
  • 13. A RESEARCH REPORT FROM GOVLOOP AND CISCO CHALLENGES AND BEST Practices for Bring Your Own DeviceAlthough there are many potential benefits to BYOD, coverage and related expenses has been shifted to thethere are also challenges to fully leverage these ben- employee. If government employees are using theirefits. Guided by the results of the GovLoop survey, personal phone for work purposes, there should be anthis section will serve as a roadmap to help you navi- expectation that they are not personally incurring thegate through common challenges while considering cost of increased data usage from work related activi-implementing a BYOD policy. ties.CHALLENGE: PROVIDING EMPLOYEE Currently, the federal government has provided little direction on how best to reimburse government em-REIMBURSEMENT ployees for their mobile device. Kimberly stated, “I would love to be able to offer some kind of reimburse-One of the main cost drivers to provide a cell phone ment for business use for their personal device, butis the cost of data plans. Kimberly Hancher stated, there is no precedent for that. This should be done on“With government provided devices, the cost is voice a government wide scale, to help agencies understandand data. With regard to BYOD program, we are how to provide a reimbursement to employees.”looking to reduce these government costs.” -As more and more agencies are looking to implement zick provides one insightful solution for employeeBYOD, decreasing costs is the core goal of the initia- reimbursement, “One way to address this issue is totive. One of the areas of concern for BYOD is that by look at other ways in which government reimbursesfacilitating work on personal devices, the cost of data its employees. For instance, many agencies already 13
  • 14. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTORreimburse or defray the cost ofusing public transportation forwork-related travel. Could BYODdetermine the average cost of anemployee voice and data plan -both on the enterprise and personallevels - and include an allowance foremployees to cover the cost of usingtheir own device while reducing the CHALLENGE:MAINTAININGagency’s expenses?” SECURITY IN DIVERSETerry Hill also stated on GovLoop, NETWORK“We could build on what manyagencies already do for teleworkers With an increase in the number have a history of dealing with theand share the cost of services for and variety of devices available to appropriate risks.”phone, internet, and e-mail up to consumers, agencies with a BYODa maximum of $50 a month or so. policy are challenged to identify and Cisco has many great resources andThis is less than agencies are typi- retain security in a more diverse net- case studies addressing how to pro-cally paying just for the blackber- work. To manage the proliferation vide security with a diverse networkries (about $70) a month, for a net of personal devices being utilized on their BYOD Smart Solutionsavings of $20 per month per em- for work functions, BYOD poli- page. The resources provide someployee. Additional savings would cies have moved to the forefront for best practices and strategies for get-be in eliminating landline phones IT professionals. Users want seam- ting started with BYOD.and Ethernet systems. I don’t think less access to corporate resources,there is much risk in using personal no matter which device they use or As smartphones continue to be-smart phones for calls and for e- where that device is connected. In come more commonplace, the usemail/internet. That way, agencies addition, users are connected wire- of a work phone and personal phonewould not feel they have to block lessly to numerous network devices; has become blurred. The desire foraccess to sites and monitor usage. printers, fax machines, and copy a seamless work experience has ledAgencies would focus on keeping machines that can be accessed from many to using phones for both per-their operational systems secure employees’ personal devices. sonal and work. With this phenom-and would no longer have to worry ena happening, agencies need toabout office software upgrades.” At the top of the list for the EEOC train employees on the cybersecu- is retaining security. “Security is at rity threats that can compromise anUltimately, BYOD reimbursement the top of our list that is why we agency’s mission and educate themis something an agency will have to are still doing a pilot. We will con- on how to protect themselves anddevelop, working closely with the tinue to pilot until we feel we have the organization while using mul-legal team. the appropriate level of security and tiple devices. 14
  • 15. A RESEARCH REPORT FROM GOVLOOP AND CISCO To properly assess the network,Best Practice: Assess Network one strategy agencies can employ is to profile devices as they enter the and visibility to assess risks.Government agencies should start network. By profiling devices onby identifying what devices already the network, agencies will be able when security incidents do occur .access their network, as well as the to make better decisions on secu-rights, privileges, and the informa- rity, identify issues, and understand trust, visibility, and resilience in thetion of each device. what protocols they need to make network. for certain devices accessibility.This will provide valuable insights Cybersecurity is often cited as onefor the organization on what kindof information is readily available to I N F O C U S : H O W T O B U I L D of the main concerns for organiza- tions, the Cisco report states:network members, and how to pro- T R U S T I N Y O U R N E T W O R Ktect the most critical information. “The uses of multi-vector attacks Cisco published a fascinating white are growing. Cyber criminals re-Further, agencies should not show paper entitled, Cybersecurity: Build main intent on targeting legitimatepreference to certain devices and Trust, Visibility, and Resilience, websites, with strategically timed; - that addresses security issues across multi-vector spam attacks in orderible with different makes and mod- the Internet, and what government to establish key loggers, back doors,els, as well as diverse platforms for leaders and IT staff need to know and bots. Criminals plan their mal-devices. in order to keep systems safe. The ware to arrive unannounced and report focuses on five areas: stay resident for long periods. Re-Being agile also means agencies gardless of your market sector, theshould have all the latest software threat is growing.”installed to protect the network. of risks. 15
  • 16. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOR P A S S W O R D sure policy compliance and risk re- have a conversation with your agen-To address this concern the report duction cies attorneys. Enabling employeespays particular focus to “trust,” - to use their personal phone maywhich Cisco says is typically over- sign and feature application com- open Pandora’s box for the legalused in cyber security discussions bined with best practices to create team. Here are some questions youbut is a fundamental practice that a threat-resistant and risk-tolerant should be working through withneeds to be established within an infrastructure agency attorneys:organization. Cisco asks pointedquestions about trust, including: This is an important white paper to view. By implementing a BYODnetwork? program, your agency is opening lost equipment, and periodic main- the door to more threats and needs tenance?connected to your network? to prepare by taking the proper se- curity precautions. occur on devices?exposed to unnecessary risks?Cisco then provides three steps to CHALLENGE: equipment’s software?provide trust within your network: - ANTICIPATING LEGAL AND stalled on the device? If this is a per- - POLICY CHALLENGES sonal device, what kind of controlment: Validating user and device does the employer have?identity at the system point of entry There are a handful of legal andand maintaining a state of trust policy challenges that arise from be banned from use? BYOD. For managers and execu- -Remediation: Identifying miscon- tives in government, the best place era to take photos or record video,figuration and vulnerability so that to start with BYOD is crafting your when and where?corrective actions can occur to as- policy, and prior to publishing, 16
  • 17. A RESEARCH REPORT FROM GOVLOOP AND CISCO and data files in case the device is lost or stolen and a full wipe needs to be performed. One of the key elements to having a transparent security policy is engag- ing key stakeholders from the very beginning of the process. In doing so, an organization will be able to gather feedback, understand needs; addresses concerns, and build sup- simple password settings on many port for BYOD initiatives.policies, i.e., social media? devices can easily be adjusted to accommodate more complex pass- Kimberly Hancher stated, “IncludeThe answers to some of these ques- words. Required length and charac-tions may seem obvious, but ad- ter variety should be consistent with key stakeholders, legal support,dressing them in your agency’s general user policy. Guidelines for your HR group and your end users.BYOD policy is necessary. While the frequency of password changes I put together an advisory groupthinking through what works best should also be provided. Depend- of legal, HR, finance, and also putfor your agency, these best practices ing on security needs, devices may together an end user group to givemay guide your thinking. feedback of features and what their also be equipped with biometric reactions are to security measures security. Although expensive, voice we set up, to make sure that BYODBest Practice: Create Transpar- recognition or fingerprint scans can is really usable.”ent Security Processes be installed on smart devices. Best Practice: Establish Owner-As most users have experienced,mobile devices are often lost or sto- devices to be equipped with re- ship of Data – Silo Personal andlen. For users on the go, therefore, mote wiping capability. As Kim- Professional Datathe convenience of access to privateberly Hancher from the EEOC toldinformation on personal devices re- Chris Dorobek on the DorobekI- While the personal device mayquires additional security measures.NSIDER, “[the EEOC] enforce[s] belong to the employee, they will password complexity and history not own all data on that device. ToFirst, personal devices should have [...], and we also have a policy avoid potential ownership issues, itpassword settings enabled if they where if a phone is lost or stolen, we is important to establish ownershiphave access to work-related in- have the ability to do a full wipe of upfront, and make sure there is aformation. Guidelines should be the device.” Kimberly recommends clear process for removing agencyprovided for password length. The that users back up their personal data from the device that is differ- 17
  • 18. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTORentiated for diverse circumstances. it is recovered, just the business data work security. There are three waysLikewise, a best practice is to “silo” would have been eliminated.” to mitigate this risk:personal and professional data. In the event that an individual leaves 1) Employee EducationWork information accessed and the organization, there should be astored on a personal device clearly process laid out for wiping enter- Helping users understand the datastill belongs to the organization, prise information from that device. risks created by downloading andnot the individual. Personal devic- Agencies should carefully consider using questionable applications ises are also used, however, to store their policy for remote wiping in the most effective method to man-music, photos and other personal the event that an employee leaves age applications. While policiesdata that is created or purchased unexpectedly. may set parameters for what typesby employees. This combination of of applications users can downloadpersonal and private data can create Jerry Rhoads on GovLoop stated, and forbid some outright, educat-issues in the event that a device is “Technically speaking, the govern- ing employees about security riskslost or stolen, if there is a security ment should, in my opinion keep will result in a higher level of com-concern, or when an employee exits the biz side of the phone separate or pliance.the organization. “siloed out” from the “Angry Birds” part of the phone.” Jerry continued 2) Application StoreOne approach to dealing with the to provide more insights, stating,blurring of personal and private - To moderate what kinds of ap-data is containerization. This ap- digm of managing the user/device plications users download, someproach to data management would and change to managing the user’s agencies have set up an applica-enable users to compartmentalize tion store with company-approvedpersonal and work data, utilizing at work, put the smart phone into applications. This approach to ap-virtual desktop infrastructure and “work” mode, when on a break or at plication management allows agen-cloud computing. home --switch to personal mode.” cies to choose specific work-related Best Practice: Regulate User Appli- applications for employees to use,If data is separated along these lines, cations and can also be utilized to approvecontainerization of data can allow personal applications if an agencyfor a selective wipe to specifically Best Practice: Regulate User decides to strictly regulate personaltarget work-related information. Applications apps.As Kimberly Hancher from the 3) Acceptable Use Agreements There are a steadily increasing num-EEOC explained to Chris Dorobek ber of applications available for us-on the DorobekINSIDER, “[The ers of any device, and keeping upEEOC is] experimenting during Acceptable Use Agreements (AUA) with these applications is a daunt-this phase of the pilot with some- for employees regarding social me- ing task. It is important for an agen-thing we’re calling selective wipe dia use. An organization’s BYOD cy to think through their policywhich means that it removes only policy for social media applications toward work-related and personalthe business portion of the data should be consistent with existing applications, as all device applica-from the device. So if, for example, AUAs. tions may have an impact on net- 18
  • 19. A RESEARCH REPORT FROM GOVLOOP AND CISCOBest Practice: Provide Device document for government owned for BYOD services and support.Support Guidelines mobile devices, to be able to dis- (City Website Source) tinguish between two sets of rules ifWith employees purchasing their you are given a government owned The city offers Apple users two ser-own devices and service plans, it device. We clearly outline what the vice packages to accommodate theis necessary for organizations to expectations and the guidance that needs of users.decide whether or not they will we give you, so that way people canprovide service and support. Some see what the differences are.” This iscompany software may require in- a great best practice to help clarify provides access to work email, cal-house tech support, but issues with any uncertainty about what kind of endar, tasks and contacts. There iscall service, reception, and connec- support will be provided to employ- no cost associated with the basiction most likely should be left for ees. service, and is available to all em-service providers to address. Less ployees.technically savvy employees may be I N F O C U S : M I N N E A P O L I Sless inclined to use their own devic- A P P S T O R E -es for work if they are aware of their vides access to work email, calendar,responsibility for any problems or tasks and contacts, as well as accessrepairs. to VPN, CityTalk and City net- the way as early adopters and sup- work drives and folders. porters of BYOD. They have inno-Kimberly Hancher and the EEOC vated a unique approach to supportcreated two working documents Apple products. The Premiere Service also offers ac-to clarify how employees can usegovernment commissioned phones While an ideal BYOD policy would Store, which offers work-relatedand personal devices under BYOD, support a variety of products, in- productivity apps and training ma-“Along with the BYOD rules of be- cluding Android devices, this exam- terial. There is a one-time enroll-havior, we also created a separate ple provides a possible framework ment fee of $100 for this service. 19
  • 20. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTORThe city has also innovated an ap- support is provided. CHALLENGE: BLURRINGplication store where work-related -productivity applications can be neapolis app store include: LINES BETWEENfound. The applications are avail- PERSONAL AND PRIVATEable with the premiere service, and -enable users to access and manipu- ware to connect to the City net- The lines between personal and pri-late documents. work vate lives have progressively blurred as technology has evolved. Imple-This approach to application man- to the City network, this tool fa- menting a BYOD policy allows em-agement provides several advan- cilitates browsing drives ployees to access their work fromtages. The applications employees any location. While this can be lib-utilize to access the network and and edit .pdf documents erating for some, it also means thatmanipulate documents are provid- unanswered work emails and voiceed by the city, which allows for ad- office productivity tool mails, uncompleted tasks and to-doditional data security. lists, and unfinished documents are With this range of applications, readily available. As employees areThis also simplifies tech support by iPads have the same utility as a bringing their own devices homeselecting the best applications for desktop computer or laptop. Ex- as well, with BYOD it is no longereach process. Establishing software panding this model to support all possible to physically leave work atsupport parameters is also clear- tablets will increase the appeal and work.er – if an application is available effectiveness of their BYOD poli-through the City app store, user cy. (Source Interview) 20
  • 21. A RESEARCH REPORT FROM GOVLOOP AND CISCO GOVLOOP RESOURCES How Do You Retain Security With BYOD? BYOD and Beyond EEOC Cuts Costs With BYOD Pilot Program What Would You Put in a Bring Your Own Device Strategy Trends on Tuesday: Smartphone Separation AnxietySince work is readily available, it is tions will benefit from establishing not during the organization’s hoursimportant to establish expectations clear expectations regarding work of operation.and boundaries. Without an orga- hours. While 24/7 responsivenessnization-wide approach, employ- can sound appealing in theory, in Best Practice: Lead By Exampleees may feel pressure to do more at practice this often leaves employeeshome. feeling less satisfied with their work The best-intentioned organization and less productive in the long run. can still fail to create an environ-Having guidelines that accommo- ment that promotes work/life bal-date a work/life balance is impor- Organizations can benefit from ance if leadership does not modeltant, but just as important is setting establishing a culture that values these behaviors. If managers arean example from the top down. time off and respects the work/life texting and sending emails time- balance of employees. Establishing stamped at 1:00 a.m., employeesBest Practice: Promote Work/ this kind of work culture involves may feel pressure to work aroundLife Balance discouraging unnecessary after- the clock as well. For managers who hours emails, phone calls, and text have adopted BYOD, it is impor-Constantly having a device con- messages. Also, agencies should set tant to consider the impact yournected to work may allow for great- reasonable expectations regarding work hours may have on organiza-er responsiveness, but organiza- response time for communication tional culture. 21
  • 22. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOROVERVIEW OF WHITEHOUSE BYOD TOOLKITRecently, the White House an-nounced a BYOD tool kit for gov-ernment agencies. The report is animportant step to wider adoption ofbring-your-own-device policies ingovernment, and empowers leadersin government to explore if BYODis feasible within their agency. Thereport has a few excellent case stud-ies related to BYOD and templatepolicies for BYOD implementa- lining key areas, providing strategic curity Reference Architecture thattion. guidance, and identifying that there intends to inform agency consid- is still a lot of work to be done. The erations on BYOD. Further, theThe case studies and policy exam- BYOD toolkit states: National Institute of Standards andples can be found below: Technology (NIST), is drafting “Implementing a BYOD program is guidelines specifically for mobile. Alcohol and Tobacco Tax and not mandatory. This document is in- The BYOD Toolkit states: “Guide-Trade Bureau (TTB) Virtual Desk- tended to serve as a toolkit for agen-top Impl... cies contemplating implementation U.S. Equal Employment Op- of BYOD programs. The toolkit is Security and Privacy Controls forportunity Commission (EEOC) not meant to be comprehensive, but Federal Information Systems andBYOD Pilot rather provides key areas for con- Organizations; and Personal Iden- State of Delaware BYOD Pro- sideration and examples of exist- tity Verification (PIV) of Federalgram ing policies and best practices. In Employees and Contractors. Each Sample #1: Policy and Guidelines addition to providing an overview of these documents should provide of considerations for implementing further insight into issues associatedDev... BYOD, the BYOD Working Group with the implementation of BYOD Sample #2: Bring Your Own De- members developed a small collection solutions.”vice – Policy and Rules of Behavior of case studies to highlight the suc- cessful efforts of BYOD pilots or pro- One of the more compelling sec-Technology Device Policy grams at several government agencies. tions of the report is when the au- Sample #4: Wireless Communi- The Working Group also assembled thors identify the trends and busi-cation Reimbursement Program examples of existing policies to help ness case for BYOD. The BYOD Sample #5: Portable Wireless inform IT leaders who are planning working group identified severalNetwork Access Device Policy to develop BYOD programs for their characteristics. One of the first organizations.” characteristics that the report men-The BYOD toolkit is a great starting tions is “BYOD is about offeringpoint for government agencies. The The report also provides future choice.” The report states:report does an excellent job of out- - 22
  • 23. A RESEARCH REPORT FROM GOVLOOP AND CISCOBy embracing the consumerization kit. The report also acknowledges reasons for BYOD adoption, re-of Information Technology (IT), that security is a key challenge for duce costs, increase efficiency/pro-the government can address the BYOD initiatives. Stating: ductivity, adapt to workforce, andpersonal preferences of its employ- improve user experience.ees, offering them increased mobil- “Implementation of a BYOD pro-ity and better integration of their gram presents agencies with a myri- The report also provides an exten-personal and work lives. It also en- ad of security, policy, technical, and sive list of areas to approach while legal challenges not only to internal considering a BYOD plan.work in a way that optimizes their communications, but also to rela-productivity. tionships and trust with business (Note: the report provides an even and government partners.” deeper look at each of the bulletThere is an ongoing trend that points below, see complete list here)people want to work on the devices Another interesting aspect of thethey desire and are most comfort- report is that the toolkit clearlyable with. This is an important identifies three high-level means ofdevelopment, people will be most implementing a BYOD program,productive, effective and potential- virtualization, walled garden, lim- individualsly improved morale by working on ited separation. The report providesdevices they are most comfortable a brief description of each:with.A second characteristic is “BYOD access to computing resources socan and should be cost-effective, that no data or corporate applica-so a cost-benefit analysis is essential tion processing is stored or con-as the policy is deployed.” The re- ducted on the personal device;port is clear to identify that BYOD This is a great example of how thepresents a shift of costs to employ- corporate application processing Digital Government Strategy, andees. As less government devices are within a secure application on the the leadership and vision by Stevedeployed, more services are being personal device so that it is segre- VanRoekel, is helping to facilitateaccessed on personal devices, in gated from personal data; the improved use of technology inwhich the user is responsible for government, to deliver improvedpaying data fees. The report cites mingled corporate and personal services to Americans.that this continues to be one of the data and/or application processingchallenges for BYOD. on the personal device with poli- I was super impressed with this re- cies enacted to ensure minimum port. The report provides a fantastic“Additionally, overall costs may security controls are still satisfied. roadmap for agencies to follow ifsignificantly increase for personnel they are considering BYOD.who frequently communicate out- Especially important for BYOD isside of the coverage area of their making the business case for imple- Although there are still some chal-primary service provider and incur menting a BYOD program. The re- lenges to BYOD, this is a positiveroaming charges,” stated the tool- port identifies the commonly stated step in the right direction. 23
  • 24. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOR ? BYOD in Brief: Expert Insights with Cisco’s David GrazianoDavid Graziano, Director, Security cies operate. Although the benefits organization create a simple userand Unified Access, US Public Sec- are clear, there are numerous best experience. David states:tor, Cisco, recently spoke with Pat practices that David highlighted forFiorenza of GovLoop on the state of agencies to consider. “You need to create a simple userBYOD in the public sector. experience. This involves guest ac- He advised that agencies must start cess and on-boarding, this meansDavid provided expert insights on by embracing BYOD, and accept potentially allowing people accesshow to best manage, control and that BYOD is a trend that they who do not work for you and limit-implement a BYOD program for a must act upon, “Embracing BYOD ing information they can access. Ifpublic sector agency. is really important, because if they it is an employee, it is simple on- don’t, then the agency is actually boarding, managing the user expe-This guide addressed numerous moving away from technology rath- rience of getting on the network,best practices and ways to overcome er than leveraging it to achieve their establishing and confirming theircommon challenges for public sec- mission,” states Graziano. identity and authenticate who theytor agencies looking to implement are and their device, just makingBYOD initiatives. Graziano’s in- Embracing BYOD is essential. this a very smooth process.”sights provide further evidence that BYOD initiatives show a commit-although challenges still remain for ment to becoming an innovative Clearly, the intent is not to limit ac-BYOD, this is one of the most im- workplace and allowing people to cess or have challenges connectingportant trends occurring in govern- work on the platform they desire. to a respective network. Althoughment. bringing in a tablet for work use can “If you embrace BYOD and make aid in productivity, David is sure toDuring the interview, David was it very easy for people to get on the address the importance of settingclear to highlight the benefits of network and enforce policies to policy to protect government data.BYOD, from optimizing business protect data, that is the best thing,”lines to workforce productivity David keenly acknowledges. Once Graziano advises that the right kindand morale; BYOD clearly has the BYOD is embraced by agencies, he of policy needs to be developed,potential to transform how agen- advises that it is essential that the and that if necessary, the agency has 24
  • 25. A RESEARCH REPORT FROM GOVLOOP AND CISCOthe right to delete all data on the trol, protecting government data, that,” stated David. Beyond opera-device. limited access, and changing work tional and efficiency gains, BYOD practices for new employees. The also may contribute to tackling theFurther, David advises the use of loss of control is absolutely one challenges to recruit and retain topNext Generation Encryption in any of the most critical concerns with talent in government. BYOD hasBYOD initiative. Cara Sioman re- BYOD. Graziano states, “Typically the potential to shape how govern-cently described Next Generation loss of control is related to policy, ment entities recruit the next gen-Encryption in a Cisco blog post as: if you are going to let these things eration of public servants. on your network, how do you pos-“The next generation of encryption sibly control where they are allowed BYOD is becoming a necessity fortechnologies meets the evolving needs to go, and what they are allowed to recruitment, as a new demographicof agencies and enterprises by utiliz- do?” of employees enter the workforce;ing modern, but well reviewed and entrants have expectations that in-tested cryptographic algorithms and These are important considerations formation will be available at theirprotocols. As an example, Elliptic to make while crafting a BYOD fingertips. “They have expectationsCurve Cryptography (ECC) is used in policy, and as David mentioned, that they are gong to be able to ac-place of the more traditional Rivest- the importance of a well-crafted cess information on any device, anyShamir-Adleman (RSA) algorithms. policy is essential to the success of time anywhere,” David states.By upgrading these algorithms, NGE any government BYOD initiative.cryptography prevents hackers from David provided some great insightshaving a single low-point in the sys- Closely linked to the challenge of a on BYOD and how it is shapingtem to exploit and efficiently scales to loss of control, is the need to pro- public sector entities. As the mo-high data rates, while providing all of tect government data. David states, bile boom continues, and agenciesthe security of the Advanced Encryp- “If you are going to allow people work towards delivering improvedtion Standard (AES) cipher.” access to data and in theory they services, BYOD initiatives will be could pull it down, you run the risk critical to improve how governmentSecurity and protecting govern- of losing that government data.” operates.ment data is the preeminent con-cern for any BYOD initiative, with Additionally, Graziano advises that David provided great insights howthe use of Next Generation Encryp- policies will differ for government BYOD is shaping the public sector.tion, agencies can work to remain furnished devices and personal de- As the mobile boom continues, andsafe, and still implement a success- vices. “If the devices are govern- agencies work towards deliveringful BYOD initiative. ment furnished, you can establish improved services, BYOD initia- one set of policies, and if it is lit- tives will play a critical role trans-David highlighted four core chal- erally BYOD, then you have to es- forming government operationslenges for BYOD, the loss of con- tablish a different set of policies for and service delivery. 25
  • 26. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOR CONCLUSIONGovernment at all levels is looking to find new and innovative ways to save money, cut costs and deliver increasedservices to citizens. As budgets continue to tighten, initiatives like BYOD become more and more appealing togovernment agencies. Agencies must embrace new ways of thinking, and engage in new initiatives designed tocut costs and increase efficiency. BYOD is only one part of the solution. As government problems and systembecome more complex, so does the workplace. BYOD is one solution to help facilitate an increasingly mobile andactive workforce, allowing people to work when and how they want.This report provided an overview of a recent survey and best practices to overcome common roadblocks toBYOD. If you are interested in more information, be sure to visit GovLoop and connect with like-minded pro-fessionals engaged in BYOD development. If you have any questions on this report or would like more informa-tion, please reach out to Pat Fiorenza, GovLoop Research Analyst at pat@govloop.com. 26
  • 27. A RESEARCH REPORT FROM GOVLOOP AND CISCO TOP 5 NEXT Steps for BYOD at Your AgencyWith BYOD, there are many ways to bring BYODinto your agency. After reading through this report, STEP 3: CRAFT INTERNAL POLICY FORhere is the need to know information on next steps BYODto initiate a bring your own device strategy at youragency. After you have met with key stakeholders and the agency’s legal team, begin to craft the BYOD policy.STEP 1: MEET WITH KEY STAKEHOLD- This guide has dozens of best practices and tips of what should be included in the policy, but also beERS TO DEVELOPE PILOT PLAN sure to incorporate feedback from the legal team and agency leaders.At the very onset of developing your BYOD policy,agency leads should sit down with key stakeholderswithin the agency to discuss what a BYOD initiative STEP 4: ANNOUNCE PROGRAM TO EM-looks like. Staff members from all functional areas PLOYEESshould be present, to provide input and feedback.This will also help develop buy-in and create a unified Like with any program, announcing and selling thevision for the agency’s BYOD program. program to employees is critical. If this program is a pilot program, be careful how you select employeesSTEP 2; MEET WITH LEGAL TEAM and develop a team.After meeting with stakeholders, be sure to follow up STEP 5: ITERATE, REVIEWand meet with the legal team to discuss the programand be sure that all legal requirements have been met. OUTCOMES,IMPROVE BYOD STRATEGYBYOD is very new in government, and there is a lack Once the program has been initiated, be sure to setof legal precedent. Be sure to meet with legal advisors up periodic check points with end users and adminis-to mitigate legal risks. trators so they can provide feedback on the program. This information will be critical for the agency to learn how to improve future BYOD initiatives, with input coming from the core stakeholders. 27
  • 28. EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECTOR ABOUT THE AUTHORSPat FiorenzaGovLoop Research AnalystPat is currently a Research Analyst at GovLoop. Through the creation of blogs, research reports, guides, in-per-son, and online events, Pat helps to identify and find best practices to share with the GovLoop community. Patat Syracuse University.Lindsey TepeGovLoop FellowLindsey is currently a Fellow at GovLoop. In this role, Lindsey assists with the development of content creation.This includes writing of blogs, research reports and facilitating community engagement on GovLoop. LindseySyracuse and is a former Teach for America Fellow.Jeff RibeiraGovLoop Content and Community CoordinatorJeff is the Content and Community Coordinator at GovLoop and manages all creative and technicaldevelopment projects.Vanessa VogelGovLoop Design FellowVanessa is currently a Design Fellow at GovLoop. She recently graduated from Brigham Young Universitywith a Bachelors degree in Graphic Design. 28
  • 29. A RESEARCH REPORT FROM GOVLOOP AND CISCOCisco is the worldwide leader in net-working that transforms how Govern-ment and Education connect, commu-nicate, and collaborate. Since 1984,Cisco has led in the innovation of IP-based networking technologies, includ-ing routing, switching, security, TelePres-ence systems, unif ied communications,video, and wireless. The company’s re-sponsible business practices help en-sure accountability, business sustain-ability, and environmentally consciousoperations and products. Our technol-ogy is changing the nature of work andthe way we serve, educate, and defend.Helping government agencies maximize ef fectiveness in key areas:· Cloud Computing· Data Center Consolidation· Cyber Security· Mobile (Mobile Collaboration)· Telework· Bring Your Own DeviceFor more information, visit www.cisco.com/go/usgov 29

×