The White House unveiled a toolkit for federal agencies planning to implement or consider bring your own device (BYOD) programs. The move is part of a larger digital strategy push by the Obama administration to modernize technology and increase the use of mobile technologies throughout the federal government.
The toolkit's release follows the call by federal CIO Steven VanRoekel to create a Digital Services Advisory Group that will help agencies share resources and speed up the adoption of mobile technologies. One of that group's mandates is to work with the Federal CIO Council on drafting guidance for agencies on the subject of BYOD. The toolkit is result of that process, which also included input from the government's BYOD Working Group.
- A list of key subjects and issues that agencies need to consider and address before proceeding with a BYOD strategy.
- A collection of case studies from agencies that have already implemented BYOD options.
- A collection of sample policies covering BYOD programs, mobility initiatives, and use of agency technologies.
Although the toolkit is designed for government agencies, it's actually a very good resource for any company or organization that's considering or planning a BYOD program.
In particular, the list of key considerations is extremely well thought out and can easily serve as a checklist of questions for IT professionals, CIOs, and other executives to answer. For instance, it suggests organizations take the following steps:
- Identify the different approaches to BYOD access to organizatoinal resources: virtualization, "walled garden" access, and limited separation.
- Think through different worker roles and their BYOD needs.
- Figure out how to educate users and establish policies such as data plans for workers.
- Evaluate a wide range of security considerations, from securing data from malware-compromised devices all the way through building a secure architecture that also enables interoperability with other government agencies.
- Look at privacy and ethics questions.
- Answer a wide variety of questions related to device and app management, such as identifying supported devices and approaches to data storage (cloud vs. on-device)
There's a lot more, too. Simply using this as a starting point ensures that important technology and policy issues are identified and discussed.
The case studies, on the other hand, are more focused on how government agencies will tackle BYOD implementations. The three case studies include the experiences of Alcohol and Tobacco Tax and Trade Bureau (TTB) with virtual desktops (VDI), the Equal Employment Opportunity Commission (EEOC) BYOD pilot project, and the experience that the state of Delaware had in implementing its BYOD program. Although there is still excellent information and great detail in the case studies, they aren't as universal as the list of key considerations.
The sample policies are even government-specific than the case studies. Some are even product-specific both in terms of mobile devices and mobile management solutions. That isn't surprising considering this toolkit is designed for government agencies, which have unique policy needs that differ somewhat from private sector companies.
The five sample policies do cover a lot of ground, however. They may not be easily adaptable boilerplate agreements, but they still help identify issues that most organizations should include in various technology policies including mobile and acceptable use policies in addition to more specific BYOD ones.
The list of sample documents includes the following:
- Policy and Guidelines for Government-Provided Mobile Device Usage
- Bring Your Own Device – Policy and Rules of Behavior
- Mobile Information Technology Device Policy
- Wireless Communication Reimbursement Program
- Portable Wireless Network Access Device Policy
Ultimately, the toolkit is a great resource that can help federal, state, and local agencies consider and plan a BYOD program (or decide not to plan one). It is also a great collection of information with solid value for anyone considering BYOD as well as companies that have rolled out BYOD and want to revisit their solutions and policies to ensure that they meet security, legal, and technical needs.