Federal agencies continue to struggle with the question of whether to allow employees to use their personal smartphones and tablets at work under so-called bring-your-own-device (BYOD) policies, according to a survey out this month from the organization Telework Exchange.
Out of the 314 federal employees who responded to the survey, 49% said they use their personal devices for work-related tasks, with 93% of these citing they use their own laptop, 64% saying they use their own smartphones and 19% using a personal tablet for work purposes. But while the federal government has made great stride over the years in settling policy and security-requirement issues related to personal laptops used for telework purposes, the same cannot be said for how federal agencies address the newer smartphones and tablets, the Telework Exchange points out. Although 55% of the federal employees who use smartphones or tablets for work bring their own, just 11% of them say their agency has an official BYOD policy at all.
[ IN THE NEWS: Worst Microsoft Windows Automatic Updates of 2012
"People are wanting to use their own devices," says Cindy Auten, general manager of the Telework Exchange, the Alexandria, Va.-based group formed in 2005 as a public-private partnership to examine telework and mobile options for federal workers. Affiliated with it are the Federal Managers Association, the Government Technology Research Alliance and think tank The Performance Institute, among others. 57% of federal employees answering the survey said they'd "consider paying to have their personal device updated ort certified as safe."
While the survey only identified the mobile-device practices of 314 employees in several agencies, including the departments of Agriculture, Defense, Energy, and Health and Human Services, it did unearth that federal employees are getting access to government data and email on their devices even though their agencies lack BYOD policies defining policies on how personal devices should be subject to agency security and management requirements.
Auten said the federal government is still struggling with BYOD security and management questions, even though use of personal mobile devices for work was mentioned positively under the White House "Digital Government" guidelines introduced last year and as late as last August under a specific BYOD policy guideline. However, it's somewhat vague, saying BYOD might be suited for some agencies and not others.
Each agency has to grapple with BYOD on its own, says Auten, and so far, there seem to be very few agencies with a really clear BYOD policy and security requirements -- the small agency of the Equal Opportunity Employment Commission is among the very few, she points out.
But with users throughout the federal government clamoring to use their own smartphones and tablets, it's clear they're sometimes doing so without clear security and management policies in place, much less technology to enforce policy. This appears to be in contrast to what federal agencies have learned to do regarding laptops used for telework, where encryption and VPN connections are considered basic security, says Auten.
Security improvements for laptops in telework began to happen in earnest after a contractor at the Department of Veterans Affairs in 2006 had a laptop stolen from his home that had held sensitive unencrypted data concerning millions of U.S. veterans, a security incident that generated front-page headlines and a multimillion-dollar lawsuit.
Auten adds that she hopes it won't take a huge data-breach incident like the one related to the VA laptop to speed adoption of policies and technology appropriate for BYOD is federal agencies.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.