While federal agencies have not completely bought off on the value of bring your own device (BYOD) for a variety of reasons, I’ve found that their state and local (S&L) counterparts are much more open and interested in trying to find a way to make BYOD work. Is BYOD right for every employee or agency? No. Security can be a big concern in this space, but the facts are agency budgets are tight and shrinking and the consumerization of IT is driving employees to want to use the latest devices. Consider some interesting points:

  • The federal government spends about $1.2 billion annually for mobile and wireless services/devices and maintains roughly 1.5 million accounts.
  • Paired with automatic budget cuts, the White House is adding pressure to cut costs, especially when it comes to mobile devices.
  • Employees want to use devices of their own choice, especially the millennial generation.

The current approach many agencies are trying to take to implement and manage BYOD tends to pose some key challenges that reduce user participation and raise legal questions. Utilizing security solutions that require users to have their devices controlled and locked down (similar to the approach organizations take to secure their desktops), have been shown to dramatically reduce user participation. Using these device-based approaches also means the agency must plan for dealing with the liability of accidentally wiping an employee’s personal data from their device.

Keep it Simple

The simplest and most effective approach to securely managing BYOD is to manage and secure what the agency wants to protect most: the agency's apps and data, not the device. Mobile application management (MAM) is a very secure and economical way for S&Ls to get into mobility. What does it mean? It means the app, not the device, is secured and managed. Within minutes (not hours or days), an S&L can have a fully functioning app platform that can onboard, vet/inspect, secure and distribute agency apps and data. Employees get the consumer-like experience on the device of their choice and the IT team can sleep easy at night knowing the apps and data are secure. A key point about MAM is that not all MAMs are the same. Some require device control to deliver apps, which gets the organization into the same issues we described above. Effective MAM must be able to manage, secure and deliver apps and data to devices without the need for device control.

This approach to mobility not only curbs costs, but it also provides a pleasant user experience (which drives user participation) and allows for cross-agency collaboration through apps. That’s something you don’t often hear about when talking about mobility in the federal or S&L sectors.

Who’s Doing it?

Just about every organization I speak with is at least studying BYOD as an option. They can’t deny that there are significant cost savings that can be realized by getting out of the "device business.” There are many early adopters throughout the government and commercial sectors that are actively piloting BYOD with varied success due to the issues described above. Well known commercial companies such as Cisco and VMware have successfully made the transition to BYOD and they generally view MAM as a critical component of their overall mobility solution.

What Does This Mean for the Future?

Looking into the not so distant future, I believe organizations will require a MAM governance platform/framework to fully manage mobility. They will need an environment to manage their apps, which will more than likely be created using a variety of platforms with organizations offering APIs and back end services which will expose their data and information to app developers. Devices will become more and more of a commodity, especially with the consumerization of IT and the BYOD trend. 

This is where a standard MAM platform comes in: an approach focusing on the apps to on-board and vet/inspect a wide variety of mobile apps (regardless of where they were created), to ensure compliance with agency standards. Agencies need a way to apply security policies at the app level so they can remain device-agnostic, and a single platform to deploy the apps to the enterprise and provide feedback/analytics on downloads, usage, etc., regardless of whether or not the device is under their control. 

Harvey Morrison is the vice president of Corporate and Public Sector Sales for Apperian.