As a career DC-based professional, it’s not uncommon for me to see someone, particularly if they work in government, carrying around two mobile phones – one for personal use and one for official government business. I’ve been one of these people. It has been this way for a while, given the many security concerns that arise with employee-owned mobile devices. But with the influx of millennials into the workforce, there’s an expectation that these young professionals will be able to use their personal devices – whether they are smartphones, tablets or laptops – to conduct business.
Today, it has been shown that millennials (people born between the early 1980s and the early 2000s) make up one-third of the U.S. workforce – surpassing Generation X as the largest working group. This group is the driving force behind the bring your own device (BYOD) movement, so enterprises and government agencies should work to adapt their IT policies to this evolving digital landscape in order to attract and retain this tech-savvy demographic. According to the Brookings Institute’s examination of government agencies’ responses to this growing trend, incorporating BYOD is nearly nonexistent. Granted, certain agencies like those in the defense arena don’t lend themselves to a BYOD implementation, but many other agencies could benefit from a clearly defined strategy.
So what’s the sticking point? Security. BYOD opens a proverbial can of worms when it comes to security.
Mobile security firm Lookout released data from a study of 20 federal agencies regarding their BYOD policies and practices. Not surprisingly, the majority of federal employees surveyed are using their personal mobile devices to conduct government business, with 85 percent admitting to using their personal devices for activities like downloading or reading work-related documents or email or storing work data on personal file sharing apps.
So how do agencies reconcile their need for security and their employees’ dependency on their personal IP-based devices? While many agencies haven’t made it a priority to develop a BYOD plan due to security concerns, a good plan would actually help alleviate many of those concerns – and help agencies appeal to an always-on workforce. A good first step would be to review the Obama White House’s toolkit to support federal agencies, which focuses on three ways to implement BYOD programs:
- Virtualization, or providing remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device;
- Walled Garden, or containing data/corporate application processing within a secure application on the personal device so that it is segregated from personal data; or
- Limited Separation, which allows comingled corporate and personal data processing on the personal device with policies enacted to satisfy minimum security controls.
One of the most important components of each of these options is the network, which is the foundation for any organization’s IT ecosystem. It’s important that agencies have secure networks that are built for interoperability to handle not only the spike in IP devices that are hitting the networks, but also a cyberattack or security breach. Each agency should take a close look at their network architecture to evaluate if they have the right software and hardware in place. It’s not just about “securing the perimeter” and updating your anti-malware; it’s about working with your network provider to ensure it’s taking a proactive approach in its security efforts. The more active an agency’s network provider is when it comes to detecting and mitigating threats, the more secure the agency and its employees will be.
BYOD is certainly not a one-size-fits-all strategy, but it’s important that agencies have some sort of BYOD policy in place to both satisfy the needs of the ever-growing, technology forward workforce and provide the protections needed to avoid costly security issues.
About the Author
David Young serves as regional vice president over Level 3 Communications’ Government Markets Group, which focuses on providing telecommunications solutions to the federal government, state governments, and research and education entities. Mr. Young, who has nearly 30 years of federal government telecommunications experience, currently oversees a 150-plus member team of professionals within business development, capture management, solutions architecture, sales, sales engineering and program management.