BYOD

R e s e a r c h R e p o r t

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

2

C O N T E N T S

About GovLoop 4 Executive Summary 5Summary of Survey Findings 6 Do You Have a BYOD Policy? 7 Should Your Agency Provide a Device for You? 8 Do You Use Your Personal Phone for Work? 9 How Important is Ease of Use and Functionality in Your Work Devices? 10 What Are the Benefits of BYOD? 10 Would BYOD Help to Recruit and Retain Employees? 12 What Are Your Roadblocks to Adoption? 12Challenges and Best Practices for Bring Your Own Device 13Challenge: Providing Employee Reimbursement 13Challenge: Maintaining Security in Diverse Network 14 Best Practice: Assess Network 15In Focus: How to Build Trust in Your Network 15Challenge: Anticipating Legal and Policy Challenges 16 Best Practice: Create Transparent Security Processes 17 Best Practice: Establish Ownership of Data – Silo Personal and Professional Data 17 Best Practice: Regulate User Applications 18 Best Practice: Provide Device Support Guidelines 19

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

3

In Focus: Minneapolis App Store 19Challenge: Blurring Lines Between Personal and Private 20 Best Practice: Promote Work / Life Balance 2 21 Conclusion 22 Top 5 Next Steps for BYOD at Your Agency 23 Step 1: Meet With Key Stakeholders to Develop Pilot Plan 23 Step 2: Meet with Legal Team 23 Step 3: Craft Internal Policy for BYOD 23 Step 4: Announce Program to Employees 23 Step 5: Iterate, Review Outcomes, Improve BYOD Strategy 23GovLoop Resources: 21About the Authors 24 Pat Fiorenza – GovLoop Research Analyst 24 Lindsey Tepe – GovLoop Fellow 24 Jeff Ribeira- GovLoop Content and Community Coordinator 24 Vanessa Vogel-GovLoop Design Fellow 24 Contributors 25

Best Practice: Lead By Example1

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

4

Our mission is to “connect government to improve government.” We aim to inspire public sector professionals by serving as the knowledge network for government. GovLoop connects more than 55,000 members, fostering cross-government collaboration, solving common problems and advancing government careers.

The GovLoop community has been widely recognized across multiple sectors as a core resource for information sharing among public sector professionals. GovLoop members come from across the public sector; including federal, state, and local public servants, industry experts, as well as non-profit, association and academic partners. In brief, GovLoop is the leading online source for addressing public sector issues.In addition to being an online community, GovLoop works with government experts and top industry partners to produce valuable resources and tools, such as guides, infographics, online training, educational events, and a daily podcast with Chris Dorobek, all to help public sector professionals do their jobs better.

GovLoop also promotes public service success stories in popular news sources like the Washington Post, Huff-ington Post, Government Technology, and other industry publications. Thank you to our sponsor, Oracle, for sponsoring the Re-Imagining Government Customer Service Report.

LocationGovLoop is headquartered in Washington D.C., where a team of dedicated professionals share a common com-mitment to connect and improve government.

GovLoop734 15th St NW, Suite 500

Washington, DC 20005Phone: (202) 407-7421

Fax: (202) 407-7501

A B O U T G O V L O O P

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

5

For years, people have been using their own laptop, computer, or phone for work. Now, more than ever before, people desire to work on the device of their choice, anywhere and at any time. In this mobile en-vironment, public sector agencies are challenged to find new and innovative ways to connect employees across multiple devices.

With these new expectations, government agencies are challenged to manage multiple users, develop policies, and retain security in a versatile and diverse network. Additionally, public sector entities must provide the right IT infrastructure and support for numerous devices and operating systems.

The GovLoop Research Report, Exploring Bring Your Own Device in Government, will provide expert in-sights from those in the trenches of BYOD policy. This report also provides a summary of a recent survey conducted by GovLoop from June 8 to July 2, 2012, administered to 103 members from the GovLoop community.

GovLoop Research Analyst, Pat Fiorenza, recently spoke with Kimberly Hancher, Chief Information Officer (CIO) at the U.S. Equal Employment Op-portunity Commission (EEOC), discussing their newly implemented BYOD policy. As one of the early adopters of BYOD policy in the federal government,

her perspective provides insights on the evolution and challenges of BYOD programs in the federal govern-ment throughout this report. Kimberly states, “The devices we are supporting in this pilot are the black-berry, android, smart phones, tablets and IoS iPhone and iPad.”

Kimberly states, “The BYOD policy is our first to be issued and it will be revised as we evolve the program, we are currently in a beta pilot. We started out with rules of behavior, privacy, and expectations for people who bring their personally owned device.”

This report is by no means a finished project. It is our sincere hope that after reading this report, you will work to improve how BYOD operates in your agency, drive innovation in government, and share your new-found on GovLoop knowledge across the public sec-tor to help colleagues tackle similar challenges they are facing across the public sector.

Kimberly reminds us that “Four years ago the only smartphones were blackberries, and now it is a very new environment.” In today’s mobile environment, BYOD is becoming more and more a reality. Now is the time for agencies to embrace BYOD, and learn how to make BYOD work at their agency. “Stop talk-ing and start doing it, you can talk about it forever, you just need to get started,” stated Kimberly.

E X E C U T I V E S U M M A R Y

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

6

This section provides an overview and key findings from GovLoop’s online survey. Throughout the re-port we have addressed several of the key challenges of bring your own device initiatives identified from the survey. The GovLoop survey was conducted from June 8 to July 2, 2012, and had a total of 103 par-ticipants. The survey was developed to explore com-mon trends regarding BYOD from the GovLoop community, with the goal of better understanding the common challenges and roadblocks for BYOD in the public sector.

Survey respondents were predominantly from the federal level of government (62%) with the rest of the respondents being closely divided between the state (18%) and local (20%) levels. Respondents repre-sented public sector entities across all levels of gov-ernment, and many different kinds of municipalities across the United States, including City and County of Broomfield, WA; City of Coral Gables, FL; the De-partments of Commerce, Energy, and Defense; and several other federal agencies or departments.

FEDERAL 62%

WHAT LEVEL OF GOVERNMENT DO

YOU WORK FOR??

LOCAL 20%

STATE 18%

S U M M A R Y O FS U R V E Y F I N D I N G S

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

7

The survey questions asked respon-dents to answer several multiple-choice questions as well as rank statements on a scale of 1 to 5, with 5 representing the highest score and 1 representing the lowest.

D O Y O U H A V E A B Y O D P O L I C Y ?

Results indicate that the majority of respondents’ organizations do not currently have a BYOD policy (80%), while only 20% stated their agency currently has a policy.

When asked how desirable a BYOD policy is at their agency, 62% of re-spondents indicated that it would be desirable or extremely desirable. Of the remaining respondents, 17% selected 3, 12% selected 1, 5% selected 2; 5% responded that this question was not applicable.

YES 20%

DOES YOUR CURRENT ORGANIZATION HAVE A BRING YOUR OWN

DEVICE POLICY?NO 80%

2 5%

4 19%

NOT APPLICABLE 5%

1 12%

3 17%

5 43%

HOW DESIRABLE WOULD A BRING YOUR

OWN DEVICE POLICY BE FOR YOUR AGENCY?

Please use a 5-point scale, where 5 is Extremely Desirable and 1 is Not Desirable.

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

8

S H O U L D Y O U R A G E N C Y P R O V I D E A D E V I C E F O R Y O U ?

Respondents were asked if it is nec-essary for government to provide a device to employees. Fifty six per-cent of respondents said “Yes,” and 44 percent said, “No.”

Expanding upon their answers, par-ticipants who responded “yes” gave these specific reasons:• “It is necessary to have the option of government supplied IT equip-ment” • “If required for certain positions” • “Some positions require constant availability”• “There are too many legal issues that could arise with bring your own device”For those that responded with

“No,” some of the reasons include:• “Desirable, but not necessary”• “If provided the option, I would use my personal device”• “Most employees already have a device suitable for government work”• “Not all positions are appropriate”• “Not absolutely necessary, but there should be a limit as to how much an employee must be asked to contribute”

2 14%

4 24%

NOT APPLICABLE 3%

1 9%

3 23%

5 27%

Please use a 5-point scale, where 5 is

Extremely Desirable and 1 is Not Desirable.

HOW IMPORTANT IS IT FOR AN ORGANIZATION TO PROVIDE YOU WITH

A DEVICE?

IS IT NECESSARY FOR GOVERNMENT TO PROVIDE A DEVICE FOR EMPLOYEES?

Additionally, respondents were asked to rank how important it is for their organization to provide de-vices to employees. The majority of participants (51%) responded with a 4 or 5. Of the remaining respon-dents, 23% chose 3, 14% chose 2, 9% chose 1, and finally, 3% indi-cated the question was not appli-cable.

44%

NO YES

56%

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

9

D O Y O U U S E Y O U R P E R S O N A L P H O N E F O R W O R K ?

Survey participants were asked how they use their personal phone for work purposes, with the option to check all responses that apply and report additional uses. Respondents indicated that they utilized their personal phones for email (41%); social networks (21%); entering time, expenses and related busi-

ness functions (13%); and reading and writing (30%). Thirty-three percent (33%) of respondents re-ported they do not use their per-sonal phone for work functions. For those who reported additional uses, they listed phone calls, oc-casional emails and texting, and receiving business-related notifica-

41%

YES- EMAIL YES- SOCIAL NETWORKS

YES- ENTERING TIME/EXPENSES/ RELATED BUSINESS FUNCTIONS

YES-READING & WRITING

NO OTHER

21%13%

30% 33% 35%

DO YOU USE YOUR PERSONAL PHONE FOR

WORK PURPOSES?

tions from customer mobile ap-plications. The same question was asked regarding tablets, with the majority of respondents stating they do not use their personal tablet for work. For those who do, the main reason was for reading and writing.

BYOD

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

10

3 5%

5 70%

NOT APPLICABLE 1%

4 24%

HOW IMPORTANT IS FUNCTIONALITY AND EASE OF USE OF DEVICE?

Please use a 5-point scale, where 5 is Extremely Important and 1 is Not Important.

H O W I M P O R T A N T I S E A S E O F U S E A N D F U N C T I O N -A L I T Y I N Y O U R W O R K D E V I C E S ?

When asked how important func-tionality is and the ease of use of de-vices, respondents overwhelmingly selected 5 (70%), followed distantly by 4 (24%) and 3 (6%).

W H A T A R E T H E B E N E F I T S O F B Y O D ?

When asked what the benefits of BYOD, respondents were able to select all that applied from cost sav-ings, allowing people to work on the most comfortable device, and improved productivity. Respon-dents were also provided the oppor-tunity to report additional benefits.

Of the provided responses, 71% believed that “allowing people to work on most comfortable device,” was the greatest benefit, followed by improved productivity (58%), and cost savings (55%). Respon-dents submitted additional benefits such as not having to carry multiple devices, more modern equipment, facilitating telework, and improved usability.

The survey also found other benefits for BYOD policies. For instance, the survey finds that 79 percent of respondents believe that BYOD could have a positive impact on employee satisfaction, productivity and employee engagement.

Respondents elaborated on their answers by stating:

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

11

• “It will only help engagement and satisfaction for those who have more current devices that they can use in lieu of the federally-provided equipment. Those who do not will most likely be angrier at the change in policy and disparity in equip-ment” • “Many employees would be able to perform work wherever they wanted” • “Having an all-in-one solution aids productivity” • “Supports flexible work hours”• “Supports telework and other mo-bility initiatives”

The three core benefits -- cost sav-ings, efficiency and productivity -- are typically contested. There are many ways to look at how BYOD can potentially save costs within

an agency. Our survey found that 55 percent of respondents believed cost saving was a benefit. Generally, cost savings can be found reduced device costs, shared data plans, and increased productivity. By allowing employees to work on their desired platform, they will become more efficient using the tools they know best. Employees may use a PC for work purposes, but a Mac for per-sonal use. By allowing the employee to select which tool to use, they are able to work on systems they are most comfortable in.

Kimberly Hancher stated in an in-terview with GovLoop Research Analyst, Pat Fiorenza, “From an employee standpoint, I think that smartphones and tablets have be-come an extension of an individu-

al’s personality and personal pro-ductivity. One of the benefits is that if a person is very proficient on a device, they should take that proficiency into the workplace, rather than learning how to be minimally proficient with the gov-ernment provided device. I can’t overemphasize how important personal productivity is across the enterprise.”

Similar to efficiency, by enabling employees to work on the tool they feel most comfortable with, em-ployees will be able to accomplish tasks quicker and easier since they have higher fluency on the tools they are using.

WHAT ARE THE BENEFITS OF BRING YORU OWN DEVICE?

55%

COST SAVINGS ALLOW PEOPLE TO WORK ON MOST COMFORTABLE DEVICES

IMPROVED PRODUCTIVITY

OTHER

71%

58%

29.7%

29%

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

12

W H A T A R E Y O U R R O A D B L O C K S T O A D O P T I O N ?

Finally, when asked what the largest roadblocks to developing a BYOD policy were, respondents were able to select all that apply from the following options: lack of organi-zational support, no IT infrastruc-ture support, or costs. The biggest roadblock was perceived to be lack of organizational support (57%), followed by no IT infrastructure to support multiple devices (55%) and costs (19%). Respondents also had the opportunity to submit oth-er roadblocks or challenges for im-

plementing BYOD. Respondents commonly stated “security” as a concern. Further, some respondents cited laws in their home states, in which any device used for work purposes becomes part of the pub-lic record and subject to disclosure. One respondent summed up these roadblocks by listing, “lack of pol-icy, no clear way to reimburse staff for data plans on own devices, [and] inconsistent IT policies to support personal devices.”

44%

NO YES

56%

W O U L D B Y O D H E L P T O R E C R U I T A N D R E T A I N E M P L O Y E E S ?

When asked if they believed a BYOD policy could serve as a re-tention and recruitment tool, 56% of respondents said, “Yes.” and 44 percent said, “No.” Survey par-ticipants commented, “This is too small an issue to make the difference if someone chooses to work here or not;” “It may appear that agencies are shifting costs to employees”; “This is especially true for millen-nials and teleworkers”; “increased flexibility is attractive;” and finally that “It shows your office is forward thinking, savvy, and efficient.”

DO YOU BELIEVE THAT BRING YOUR OWN POLICIES CAN

SERVE AS A RETENTION AND RECRUITMENT TOOL?

57%

LACK OF ORGANIZATIONAL SUPPORT

NO IT INFRASTRUC-TURE TO SUPPORT MULTIPLE DEVICES

COSTS OTHER

55%

19%

47%

WHAT IS THE LARGEST ROADBLOCK YOU HAVE SEEN TO IMPLEMENTING BRING YOUR OWN DEVICE WITHIN YOUR AGENCY/DEPARTMENT?

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

13

Although there are many potential benefits to BYOD, there are also challenges to fully leverage these ben-efits. Guided by the results of the GovLoop survey, this section will serve as a roadmap to help you navi-gate through common challenges while considering implementing a BYOD policy.

C H A L L E N G E : P R O V I D I N G E M P L O Y E E R E I M B U R S E M E N T

One of the main cost drivers to provide a cell phone is the cost of data plans. Kimberly Hancher stated, “With government provided devices, the cost is voice and data. With regard to BYOD program, we are looking to reduce these government costs.”

As more and more agencies are looking to implement BYOD, decreasing costs is the core goal of the initia-tive. One of the areas of concern for BYOD is that by facilitating work on personal devices, the cost of data

coverage and related expenses has been shifted to the employee. If government employees are using their personal phone for work purposes, there should be an expectation that they are not personally incurring the cost of increased data usage from work related activi-ties.

Currently, the federal government has provided little direction on how best to reimburse government em-ployees for their mobile device. Kimberly stated, “I would love to be able to offer some kind of reimburse-ment for business use for their personal device, but there is no precedent for that. This should be done on a government wide scale, to help agencies understand how to provide a reimbursement to employees.”

GovLoop Community Manager, Andrew Kzmar-zick provides one insightful solution for employee reimbursement, “One way to address this issue is to look at other ways in which government reimburses its employees. For instance, many agencies already

C H A L L E N G E S A N D B E S TP r a c t i c e s f o r B r i n g

Y o u r O w n D e v i c e

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

14

reimburse or defray the cost of using public transportation for work-related travel. Could BYOD determine the average cost of an employee voice and data plan - both on the enterprise and personal levels - and include an allowance for employees to cover the cost of using their own device while reducing the agency’s expenses?”

Terry Hill also stated on GovLoop, “We could build on what many agencies already do for teleworkers and share the cost of services for phone, internet, and e-mail up to a maximum of $50 a month or so. This is less than agencies are typi-cally paying just for the blackber-ries (about $70) a month, for a net savings of $20 per month per em-ployee. Additional savings would be in eliminating landline phones and Ethernet systems. I don’t think there is much risk in using personal smart phones for calls and for e-mail/internet. That way, agencies would not feel they have to block access to sites and monitor usage. Agencies would focus on keeping their operational systems secure and would no longer have to worry about office software upgrades.”

Ultimately, BYOD reimbursement is something an agency will have to develop, working closely with the legal team.

C H A L L E N G E : M A I N T A I N I N G S E C U R I T Y I N D I V E R S E N E T W O R K

With an increase in the number and variety of devices available to consumers, agencies with a BYOD policy are challenged to identify and retain security in a more diverse net-work. To manage the proliferation of personal devices being utilized for work functions, BYOD poli-cies have moved to the forefront for IT professionals. Users want seam-less access to corporate resources, no matter which device they use or where that device is connected. In addition, users are connected wire-lessly to numerous network devices; printers, fax machines, and copy machines that can be accessed from employees’ personal devices.

At the top of the list for the EEOC is retaining security. “Security is at the top of our list that is why we are still doing a pilot. We will con-tinue to pilot until we feel we have the appropriate level of security and

have a history of dealing with the appropriate risks.”

Cisco has many great resources and case studies addressing how to pro-vide security with a diverse network on their BYOD Smart Solution page. The resources provide some best practices and strategies for get-ting started with BYOD.

As smartphones continue to be-come more commonplace, the use of a work phone and personal phone has become blurred. The desire for a seamless work experience has led many to using phones for both per-sonal and work. With this phenom-ena happening, agencies need to train employees on the cybersecu-rity threats that can compromise an agency’s mission and educate them on how to protect themselves and the organization while using mul-tiple devices.

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

15

Best Practice: Assess Network

Government agencies should start by identifying what devices already access their network, as well as the rights, privileges, and the infor-mation of each device. This will provide valuable insights for the organization on what kind of infor-mation is readily available to net-work members, and how to protect the most critical information.

Further, agencies should not show preference to certain devices and software. Agencies need to be flex-ible with different makes and mod-els, as well as diverse platforms for devices. Being agile also means agencies should have all the latest software installed to protect the network.

To properly assess the network, one strategy agencies can employ is

to profile devices as they enter the network. By profiling devices on the network, agencies will be able to make better decisions on secu-rity, identify issues, and understand what protocols they need to make for certain devices accessibility.

I N F O C U S : H O W T O B U I L D T R U S T I N Y O U R N E T W O R K

Cisco published a fascinating white paper entitled, Cybersecurity: Build Trust, Visibility, and Resilience, that addresses security issues across the Internet, and what government leaders and IT staff need to know in order to keep systems safe. The report focuses on five areas: • Understanding the proliferation of risks • Achieving a trusted network • Creating network transparency and visibility to assess risks

• Establishing network resilience when security incidents do occur • Working with Cisco to address trust, visibility, and resilience in the network

Cybersecurity is often cited as one of the main concerns for organiza-tions, the Cisco report states, and “The uses of multi-vector attacks are growing. Cyber criminals re-main intent on targeting legitimate websites, with strategically timed; multi-vector spam attacks in order to establish key loggers, back doors, and bots. Criminals plan their mal-ware to arrive unannounced and stay resident for long periods. Re-gardless of your market sector, the threat is growing.”

To address this concern the report pays particular focus to “trust,” which Cisco says is typically over-used in cyber security discussions

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

16

but is a fundamental practice that needs to be established within an organization. Cisco asks pointed questions about trust, including: • Whom can you trust within your network? • Can you trust how devices are connected to your network? • Can you trust that you are not exposed to unnecessary risks?Cisco then provides three steps to provide trust within your network:

• Asset Discovery and Manage-ment: Validating user and device identity at the system point of entry and maintaining a state of trust • Configuration Management and Remediation: Identifying miscon-figuration and vulnerability so that corrective actions can occur to as-sure policy compliance and risk re-duction • Architectural Optimization: De-sign and feature application com-bined with best practices to create

a threat-resistant and risk-tolerant infrastructure

This is an important white paper to view. By implementing a BYOD program, your agency is opening the door to more threats and needs to prepare by taking the proper se-curity precautions.

C H A L L E N G E : A N T I C I P A T I N G L E G A L A N D P O L I C Y C H A L L E N G E S

There are a handful of legal and policy challenges that arise from BYOD. For managers and execu-tives in government, the best place to start with BYOD is crafting your policy, and prior to publishing, have a conversation with your agen-cies attorneys. Enabling employees to use their personal phone may open Pandora’s box for the legal team. Here are some questions you

should be working through with agency attorneys:

• Who owns the device?• Who is responsible for damages, lost equipment, and periodic main-tenance?• How will installation of software occur on devices?• Who is responsible to upgrade equipment’s software?• What kind of apps can be in-stalled on the device? If this is a per-sonal device, what kind of control does the employer have?• What functions of the phone may be banned from use? • Can the employee use the cam-era to take photos or record video, when and where? • How can the rules be enforced? • How does BYOD fit with existing policies, i.e., social media?

The answers to some of these ques-tions may seem obvious, but ad-

P A S S W O R D

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

17

dressing them in your agency’s BYOD policy is necessary. While thinking through what works best for your agency, these best practices may guide your thinking.

Best Practice: Create Transpar-ent Security Processes

As most users have experienced, mobile devices are often lost or sto-len. For users on the go, therefore, the convenience of access to private information on personal devices re-quires additional security measures.

First, personal devices should have password settings enabled if they have access to work-related in-formation. Guidelines should be provided for password length. The simple password settings on many devices can easily be adjusted to accommodate more complex pass-words. Required length and charac-ter variety should be consistent with

general user policy. Guidelines for the frequency of password changes should also be provided. Depend-ing on security needs, devices may also be equipped with biometric security. Although expensive, voice recognition or fingerprint scans can be installed on smart devices.

Most BYOD policies also require devices to be equipped with re-mote wiping capability. As Kim-berly Hancher from the EEOC told Chris Dorobek on the DorobekI-NSIDER, “[the EEOC] enforce[s] password complexity and history [...], and we also have a policy where if a phone is lost or stolen, we have the ability to do a full wipe of the device.” Kimberly recommends that users back up their personal and data files in case the device is lost or stolen and a full wipe needs to be performed.

One of the key elements to having a

transparent security policy is engag-ing key stakeholders from the very beginning of the process. In doing so, an organization will be able to gather feedback, understand needs; addresses concerns, and build sup-port for BYOD initiatives.

Kimberly Hancher stated, “Include key stakeholders, legal support, your HR group and your end users. I put together an advisory group of legal, HR, finance, and also put together an end user group to give feedback of features and what their reactions are to security measures we set up, to make sure that BYOD is really usable.”

Best Practice: Establish Owner-ship of Data – Silo Personal and Professional Data

While the personal device may belong to the employee, they will not own all data on that device. To avoid potential ownership issues, it is important to establish ownership upfront, and make sure there is a clear process for removing agency data from the device that is differ-entiated for diverse circumstances. Likewise, a best practice is to “silo” personal and professional data.

Work information accessed and

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

18

stored on a personal device clearly still belongs to the organization, not the individual. Personal devic-es are also used, however, to store music, photos and other personal data that is created or purchased by employees. This combination of personal and private data can create issues in the event that a device is lost or stolen, if there is a security concern, or when an employee exits the organization.

One approach to dealing with the blurring of personal and private data is containerization. This ap-proach to data management would enable users to compartmental-ize personal and work data, utiliz-ing virtual desktop infrastructure and cloud computing. If data is separated along these lines, con-tainerization of data can allow for a selective wipe to specifically tar-get work-related information. As Kimberly Hancher from the EEOC explained to Chris Dorobek on the DorobekINSIDER, “[The EEOC is] experimenting during this phase of the pilot with something we’re calling selective wipe which means that it removes only the business portion of the data from the device. So if, for example, it is recovered, just the business data would have been eliminated.”

In the event that an individual leaves the organization, there should be a process laid out for wiping enter-prise information from that device. Agencies should carefully consider their policy for remote wiping in the event that an employee leaves unexpectedly.

Jerry Rhoads on GovLoop stated, “Technically speaking, the govern-ment should, in my opinion keep the biz side of the phone separate or “siloed out” from the “Angry Birds” part of the phone.” Jerry continued to provide more insights, stating, “Maybe we should change the para-digm of managing the user/device and change to managing the user’s experience. My thoughts are when at work, put the smart phone into “work” mode, when on a break or at home --switch to personal mode.”Best Practice: Regulate User Appli-cations

Best Practice: Regulate User Applications

There are a steadily increasing num-ber of applications available for us-ers of any device, and keeping up with these applications is a daunt-ing task. It is important for an agen-cy to think through their policy

toward work-related and personal applications, as all device applica-tions may have an impact on net-work security. There are three ways to mitigate this risk:

1) Employee EducationHelping users understand the data risks created by downloading and using questionable applications is the most effective method to man-age applications. While policies may set parameters for what types of applications users can download and forbid some outright, educat-ing employees about security risks will result in a higher level of com-pliance.

2) Application StoreTo moderate what kinds of ap-plications users download, some agencies have set up an applica-tion store with company-approved applications. This approach to ap-plication management allows agen-cies to choose specific work-related

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

19

applications for employees to use, and can also be utilized to approve personal applications if an agency decides to strictly regulate personal apps.

3) Acceptable Use AgreementsMany organizations already have Acceptable Use Agreements (AUA) for employees regarding social me-dia use. An organization’s BYOD policy for social media applications should be consistent with existing AUAs.

Best Practice: Provide Device Support Guidelines

With employees purchasing their own devices and service plans, it is necessary for organizations to decide whether or not they will provide service and support. Some company software may require in-house tech support, but issues with call service, reception, and connec-tion most likely should be left for

service providers to address. Less technically savvy employees may be less inclined to use their own devic-es for work if they are aware of their responsibility for any problems or repairs.

Kimberly Hancher and the EEOC created two working documents to clarify how employees can use government commissioned phones and personal devices under BYOD, “Along with the BYOD rules of be-havior, we also created a separate document for government owned mobile devices, to be able to dis-tinguish between two sets of rules if you are given a government owned device. We clearly outline what the expectations and the guidance that we give you, so that way people can see what the differences are.” This is a great best practice to help clarify any uncertainty about what kind of support will be provided to employ-ees.

I N F O C U S : M I N N E A P O L I S A P P S T O R E

The city of Minneapolis is lead-ing the way as early adopters and supporters of BYOD. They have innovated a unique approach to support Apple products. While an ideal BYOD policy would sup-port a variety of products, includ-ing Android devices, this example provides a possible framework for BYOD services and support. (City Website Source)

The city offers Apple users two ser-vice packages to accommodate the needs of users.

• Basic Service: Their basic service provides access to work email, cal-endar, tasks and contacts. There is no cost associated with the basic service, and is available to all em-ployees.

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

20

• Premiere Service: This service provides access to work email, cal-endar, tasks and contacts, as well as access to VPN, CityTalk and City network drives and folders. The Premiere Service also offers access to the new Minneapolis App Store, which offers work-related produc-tivity apps and training material. There is a one-time enrollment fee of $100 for this service.

The city has also innovated an ap-plication store where work-related productivity applications can be found. The applications are avail-able with the premiere service, and enable users to access and manipu-late documents.

This approach to application man-agement provides several advan-tages. The applications employees

utilize to access the network and manipulate documents are pro-vided by the city, which allows for additional data security. This also simplifies tech support by select-ing the best applications for each process. Establishing software sup-port parameters is also clearer – if an application is available through the City app store, user support is provided.

Some apps provided in the Min-neapolis app store include:

• Cisco AnyConnect: VPN soft-ware to connect to the City net-work • File Browser: Once connected to the City network, this tool fa-cilitates browsing drives• iAnnotate: Allows ability to read and edit .pdf documents

• QuickOffice Pro HD: Microsoft office productivity tool

With this range of applications, iPads have the same utility as a desktop computer or laptop. Ex-panding this model to support all tablets will increase the appeal and effectiveness of their BYOD policy. (Source Interview)

C H A L L E N G E : B L U R R I N G L I N E S B E T W E E N P E R S O N A L A N D P R I V A T E

The lines between personal and pri-vate lives have progressively blurred as technology has evolved. Imple-menting a BYOD policy allows em-ployees to access their work from any location. While this can be lib-

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

21

erating for some, it also means that unanswered work emails and voice mails, uncompleted tasks and to-do lists, and unfinished documents are readily available. As employees are bringing their own devices home as well, with BYOD it is no longer possible to physically leave work at work.

Since work is readily available, it is important to establish expectations and boundaries. Without an orga-nization-wide approach, employ-ees may feel pressure to do more at home. Having guidelines that accommodate a work/life balance is important, but just as important is setting an example from the top down.

Best Practice: Promote Work/ Life Balance

Constantly having a device con-nected to work may allow for great-er responsiveness, but organiza-tions will benefit from establishing clear expectations regarding work hours. While 24/7 responsiveness can sound appealing in theory, in practice this often leaves employees feeling less satisfied with their work and less productive in the long run.

Organizations can benefit from establishing a culture that values time off and respects the work/life balance of employees. Establishing this kind of work culture involves discouraging unnecessary after-hours emails, phone calls, and text messages. Also, agencies should set reasonable expectations regarding response time for communication not during the organization’s hours of operation.

Best Practice: Lead By Example

The best-intentioned organization can still fail to create an environ-ment that promotes work/life bal-ance if leadership does not model these behaviors. If managers are texting and sending emails time-stamped at 1:00 a.m., employees may feel pressure to work around the clock as well. For managers who have adopted BYOD, it is impor-tant to consider the impact your work hours may have on organiza-tional culture.

G O V L O O P R E S O U R C E SHow Do You Retain Security With BYOD?BYOD and BeyondEEOC Cuts Costs With BYOD Pilot ProgramWhat Would You Put in a Bring Your Own Device StrategyTrends on Tuesday: Great American Smartphone Migration Trends on Tuesday: Smartphone Separation Anxiety

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

22

C O N C L U S I O N

Government at all levels is looking to find new and innovative ways to save money, cut costs and deliver increased services to citizens. As budgets continue to tighten, initiatives like BYOD become more and more appealing to government agencies. Agencies must embrace new ways of thinking, and engage in new initiatives designed to cut costs and increase efficiency. BYOD is only one part of the solution. As government problems and system become more complex, so does the workplace. BYOD is one solution to help facilitate an increasingly mobile and active workforce, allowing people to work when and how they want.

This report provided an overview of a recent survey and best practices to overcome common roadblocks to BYOD. If you are interested in more information, be sure to visit GovLoop and connect with like-minded pro-fessionals engaged in BYOD development.

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

23

T O P 5 N E X T

With BYOD, there are many ways to bring BYOD into your agency. After reading through this report, here is the need to know information on next steps to initiate a bring your own device strategy at your agency.

S T E P 1 : M E E T W I T H K E Y S T A K E H O L D -E R S T O D E V E L O P E P I L O T P L A N

At the very onset of developing your BYOD policy, agency leads should sit down with key stakeholders within the agency to discuss what a BYOD initiative looks like. Staff members from all functional areas should be present, to provide input and feedback. This will also help develop buy-in and create a unified vision for the agency’s BYOD program.

S T E P 2 ; M E E T W I T H L E G A L T E A M

After meeting with stakeholders, be sure to follow up and meet with the legal team to discuss the program and be sure that all legal requirements have been met. BYOD is very new in government, and there is a lack of legal precedent. Be sure to meet with legal advisors to mitigate legal risks.

S T E P 3 : C R A F T I N T E R N A L P O L I C Y F O R B Y O D

After you have met with key stakeholders and the agency’s legal team, begin to craft the BYOD policy. This guide has dozens of best practices and tips of what should be included in the policy, but also be sure to incorporate feedback from the legal team and agency leaders.

S T E P 4 : A N N O U N C E P R O G R A M T O E M -P L O Y E E S

Like with any program, announcing and selling the program to employees is critical. If this program is a pilot program, be careful how you select employees and develop a team.

S T E P 5 : I T E R A T E , R E V I E W O U T C O M E S , I M P R O V E B Y O D S T R A T E G Y

Once the program has been initiated, be sure to set up periodic check points with end users and adminis-trators so they can provide feedback on the program. This information will be critical for the agency to learn how to improve future BYOD initiatives, with input coming from the core stakeholders.

S t e p s f o r B Y O D a t Y o u r A g e n c y

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

24

A B O U T T H E A U T H O R S

Pat Fiorenza – GovLoop Research Analyst

Pat is currently a Research Analyst at GovLoop. Through the creation of blogs, research reports, guides, in-per-son, and online events, Pat helps to identify and find best practices to share with the GovLoop community. Pat received his Masters of Public Administration degree from the Maxwell School of Citizenship and Public Affairs at Syracuse University.

Lindsey Tepe – GovLoop Fellow

Lindsey is currently a Fellow at GovLoop. In this role, Lindsey assists with the development of content creation. This includes writing of blogs, research reports and facilitating community engagement on GovLoop. Lindsey received her Masters of Public Administration from the Maxwell School of Citizenship and Public Affairs at Syracuse and is a former Teach for America Fellow.

Jeff Ribeira-GovLoop Content and Community Coordinator

Jeff is the Content and Community Coordinator at GovLoop and manages all creative and technical development projects.

Vanessa Vogel-GovLoop Design Fellow

Vanessa is currently a Design Fellow at GovLoop. She recently graduated from Brigham Young University with a Bachelors degree in Graphic Design.

EXPLORING BRING YOUR OWN DEVICE IN THE PUBLIC SECOTR

25

Helping government agencies maximize ef fectiveness in key areas:

· Cloud Computing· Data Center Consolidation· Cyber Security· Mobile (Mobile Collaboration)· Telework· Bring Your Own Device

Cisco is the worldwide leader in net-

working that transforms how Govern-

ment and Education connect, commu-

nicate, and collaborate. Since 1984,

Cisco has led in the innovation of IP-

based networking technologies, includ-

ing routing, switching, security, TelePres-

ence systems, unif ied communications,

video, and wireless. The company’s re-

sponsible business practices help en-

sure accountability, business sustain-

ability, and environmentally conscious

operations and products. Our technol-

ogy is changing the nature of work and

the way we serve, educate, and defend.

For more information, visit www.cisco.com/go/usgov