The second session I attended at FOSE 2012, Anytime, Anywhere: Expanded Opportunities for the Workforce, featured panelists Darren Ash from the Nuclear Regulatory Commission, Rob Burton from Venable LLP, Woody Hall from General Dynamics Information Technology, and Bill Kilgore from Savanah River Nuclear Solutions.
This panel focused on the bring your own device (BYOD) phenomenon and how to bridge the gap between it being a good idea and having BYOD as a working model.
There are two expansive problems with a BYOD model that need to be worked out – privacy and security. In a model where a government agency supplies the devices, the agency has free reign to monitor the devices as they see fit and install security software on the device. This helps solve the problems with privacy and security that come up with BYOD. However, in the long term, BYOD can cut costs and increase employee productivity.
One panelist noted that his agency creates a “secure shell” within employees devices, which allows the agency to have complete control over that specific area within the device. Whatever the employee does on the device not in the shell is their own business, and the agency retains the right to wipe their shell while (ideally) leaving the personal portion of the device untouched.
It will be important that agencies have employees sign waivers, because even though the shell should keep all of the employees personal information separate, if the shell fails then the agency must reserve the right to wipe the entire device.
One thing is certain: government can look to industry for best practices when devising BYOD strategy. Though industry is not as far ahead with BYOD as would probably be expected, there still is much to be learned. Also, the federal government must make an overarching policy regarding BYOD to protect itself and employees from unexpected complications which could result in lawsuits.
What do you think are best practices in a BYOD strategy?