As noted in a recent post, the U.S. Equal Employment Opportunity Commission (EEOC) has implemented a Bring-Your-Own-Device (BYOD) pilot program to meet urgent IT budget challenges. The EEOC, a relatively small agency with scarce IT funds, by federal government standards, was one of the first agencies to launch an innovative BYOD pilot. See "BYOD and Beyond" http://www.govloop.com/profiles/blogs/do-you-byod
EEOC's Chief Information Officer, Kimberly Hancher, has been leading the charge. Although the pilot is still in place, CIO Hancher and I discussed some of the key lessons learned thus far.
So far the pilot appears promising, according to CIO Hancher, as well as to employee participants in the program.
Also see, "EEOC cuts costs with BYOD pilot program"
These preliminary pointers may help other agencies in crafting viable and effective BYOD pilot programs and/or policies of their own.
1) Socialize the concept of BYOD within your agency.
Since this a new concept and the acronym is taking time to be universally recognized, it is advisable to spend time explaining the BYOD concept to the workforce -- including at senior staff meetings and executive council sessions.
Making any major changes in a bureaucracy is never easy. Thus effectively communicating IT concepts to agency leadership is key to moving forward. Agency leaders must be on the same page and have a comprehensive understanding of cost savings and other benefits -- not to mention IT logistical issues.
2) Work with your agency’s Legal Counsel and union early in the process.
Allow input on the BYOD program and policies from leadership officials. This is key to building consensus. To paraphrase President LBJ, it's better to have them inside the tent dishing out, than outside the tent dishing in.
3) Select the most important security features for implementation.
Work to identify the Top 10 security settings or policies, implement them carefully, then cycle back to identify additional security measures after the first set are completed. Also see 5) below...
4) Create an "Acceptable Behavior Policy"
Have documented rules for what employees can and can't do with Government data on personally-owned devices. Also, employees must agree to let agencies examine those devices should it become necessary.
5) Install necessary software to manage security settings
This is an important extension of 3) above. Under the EEOC pilot program, employees who want to use their own smartphone for official work purposes must agree to have third-party software installed. This allows the agency to manage security settings on the devices and remotely wipe devices clean of government emails and data if they are lost or stolen. But for those who love their smartphones and tablets, it appers to be a fair tradeoff for now.
*** All views and opinions expressed herein are those of the author only.