This past holiday season, the Housing Opportunities Commission in Montgomery County, Md., adopted a bring-your-own-device policy to allow employees to use their personal mobile devices at work. Prompted by employee demand, many state and local governments allow staff to use their personal computing devices for government business.
BYOD can improve productivity and increase job satisfaction because employees use the devices they prefer and are comfortable with. Employees can access work email on their smartphones, while those with inspection jobs can electronically complete reports on their tablets, says Shawn McCarthy, a research director for IDC Government Insights.
What’s more, BYOD can reduce IT costs because workers purchase the devices themselves. “You can get away from having to upgrade all the time,” McCarthy says.
Most agencies with Wi-Fi guest access allow employees to connect their mobile devices to the Internet, McCarthy says. But an increasing number are going a step further to provide access to enterprise applications and data.
These organizations are implementing BYOD in different ways, though their initiatives include management and security technologies and policies that address everything from rules and usage to security and privacy.
Building a Mobile Workforce
In Montgomery County, the Housing Opportunities Commission's BYOD program was a success. The agency, which provides public housing, rental assistance and mortgage programs for first-time homebuyers, expected only a small percentage of people to participate, but many employees took advantage of the opportunity.
So far, between 30 to 50 percent of employees bring their tablets to work. They're connecting the devices to the wireless network to send and receive email, access documents, share files and take notes. Employees can also use some web-based enterprise apps, such as one for housing inspections.
"We spend a lot of money printing things out, so this cuts down on the amount of paper we're generating," says CIO Scott Ewart. "These are hard cost savings, and it's giving us the opportunity to make the staff more efficient."
To accommodate the sudden increase of BYOD users, Ewart in January began deploying MobileIron's cloud-based mobile device management software to centrally configure, monitor and secure devices. With the software, users can be required to password-protect their devices, and the Housing Opportunities Commission can remotely wipe lost or stolen devices.
When employees register their iPad devices with MobileIron, the MDM software automatically connects the devices to the secure wireless network and provides access to work email. The commission has other tools in place to prevent users from going to inappropriate websites while connected to Wi-Fi.
Before handing out the iPads, Ewart developed an acceptable-use policy detailing BYOD rules and guidelines. For example, no jailbroken devices are allowed. If a device becomes lost or stolen, employees must report it within 24 hours so the IT department can wipe it. The policy also recommends what to store and not store on devices to protect sensitive data.
When creating an acceptable-use policy, IT managers don't have to reinvent the wheel, Ewart advises. While creating his, he performed a web search and read BYOD policies from eight different organizations to create a customized policy of his own. "I was not going to write it from scratch," he says.
As Oakland County, Mich., explores how to best deploy BYOD, CIO Phil Bertolini allows staff to bring smartphones and tablets to work to connect to email and some applications.
The county IT department is wrestling with how to manage the devices and secure access to applications and data. That includes whether to allow notebook computers and whether some data — such as health or law enforcement information — is too sensitive to allow on any personal devices.
Bertolini is evaluating VPNs, MDM software and sandbox technology that can segregate county data from personal data. He's also considering implementing virtual desktops, which bolster security because all the data is stored on the server and not on the device.
"We have to figure out how to make the mobile devices work with everything we have, and have it fit in with our governance and security," Bertolini says.
For the time being, the security measures in place are good enough, he says. If need be, the IT department can disconnect work email from workers' mobile devices. Employees are also told not to download or access sensitive materials to their devices.
Oakland County, which began adopting a limited BYOD approach last year, aims to finalize and deploy a fuller BYOD strategy during the next fiscal year. The IT department had previously embarked on a mobile strategy by building web-based applications that are accessible on any device, so BYOD fits right in to that.
Despite the additional costs of managing BYOD, Bertolini believes the county will save money from reduced hardware and support costs. "I have to replace roughly 600 to 700 PCs a year, and I hope to break that model of replacing equipment over and over again," he says. "If they can use their own device, maybe I can cut down on the hardware I have to buy."
While some governments are more lenient in allowing employees to use their mobile devices at work, Maricopa County, Ariz., is taking a more deliberative approach to BYOD.
The county just launched a BYOD pilot in January and is limiting participation to employees in four agencies. If it's successful, the county could fully deploy BYOD in June, pending approval from the county Board of Supervisors, says CIO David Stevens.
Maricopa County is pursuing BYOD for three reasons: to save money, to achieve workforce efficiencies, and to curtail the county's reliance on a single smartphone manufacturer.
To set up BYOD, Stevens includes county leaders and explains the business value so they understand the expected business benefits and challenges. He also advises working with legal counsel to develop a BYOD policy to make sure all legal compliance issues are addressed.
The Maricopa County Board of Supervisors approved a pilot in December. But before launching the pilot, Stevens and his chief information security officer, David Boynton, worked with the county's legal team to develop an interim BYOD policy.
The IT staff installed MDM software in-house, which will allow the county to enforce strong passwords, provide email, calendaring and contacts to employees' mobile devices, and perform a full remote wipe if necessary. "Security is foremost in everything we do," Stevens says.
While the BYOD initiative is still new, Stevens says users have given positive feedback. "The growing trend and adoption of mobile computing is creating exciting changes for current workforces — telecommuting efficiencies, on-demand access to back-end systems and the potential to reduce costs."
As government agencies adopt BYOD, they are generally looking to provide users access to applications on their mobile devices in one of two ways: by purchasing or developing their own mobile enterprise apps, or by deploying a virtual desktop infrastructure (VDI), says Shawn McCarthy, research director for IDC Government Insights.
Both approaches have their pros and cons. By creating or purchasing mobile apps, organizations get fully functional applications designed for mobile devices, but IT departments would have to manage multiple versions of the same app for Android, BlackBerry, iOS and Windows mobile devices, McCarthy says. To ease costs, IT departments may have to limit the types of mobile devices they will support in a BYOD environment.
VDI solves the problem of having to manage multiple versions of the same app by delivering apps through a virtual desktop. But it can be difficult to use the applications on mobile devices with smaller screens, McCarthy notes. "VDI can end up being a kludge."