WASHINGTON, D.C. -- Like their counterparts in the private sector, information technology managers in the federal government are actively debating whether their agencies should move to a "bring your own device" (BYOD) policy, allowing employee-owned mobile smartphones and tablets devices to be used for work.
At the Fose/GovSec Conference here, IT leaders from the General Services Administration, the Department of Agriculture, NASA and others spoke out in favor of BYOD, indicating they are moving along that path. Some, such as the Department of Veterans Affairs, were more hesitant. And at the National Security Agency, where there's a huge push to try to adapt commercial-based smartphones and tablets for use by agency employees, don't bother to ask about BYOD.
BACKGROUND: Is your BYOD MIA?
"God forbid you bring a phone in. It's not a pleasant experience," said Troy Lange, NSA's mobility mission manager, who participated in a panel discussion that focused on the BYOD question. NSA rules prohibit personal phones from even being brought into NSA buildings, so the topic of a BYOD policy is not on the table.
But if its push for commercial-based smartphones build according to NSA specifications is successful, such as its so-called "Fishbowl" design, and these customized smartphones eventually get handed out to employees, there is the intention to "let people get to their personal email," said Lange. He also added the NSA may decide to stop relying on its lengthy certification processes for equipment and go with more "minimal requirements" that would be much simpler for vendors to hit.
"We haven't jumped into BYOD because of policy issues in the government," said Donald Kachman, director of mobile and security assurance for client services, enterprise systems engineering at the Department of Veterans Affairs. While the VA is actively pursuing pilot projects, for instance with tablets in hospitals, the main concern is, "When we put a mobile device in, are we really replacing something? Can we manage the device? Can we secure the devices?" So much is driven by what Google and Apple technologies will allow, he pointed out.
The latest generation of smartphones and tablets still have to be considered as a new phenomenon going back only a few years and "vulnerabilities aren't well-known," Kachman said.
Anil Karmel, chief technology officer at the National Nuclear Security Agency, which manages the nation's nuclear weapons stockpiles and facilities such as Los Alamos National Laboratory, said policies under development there "will help us get to a BYOD stance."
For security purposes, NNSA is looking at use of what's called "containerization" to separate out personal and business data. In the end, this will all likely be unified around the virtual desktop infrastructure and cloud-based approach that NNSA already supports in a multi-platform virtual-machine environment.
"It's the same virtual desktop and it follows me where I need to go," he said, and mobile devices, including BYOD, are expected to be a part of that. NNSA hopes to issue its BYOD policy soon, "and it's imperative we do this right," he said.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.