The Consumerization of IT in government – tips for practical challenges

10 May 2012 | Roger Halbheer, Worldwide Chief Security Advisor, Worldwide Public Sector

​The Consumerization of IT, also referred to as the Bring Your Own Device (BYOD) to work movement, is a fairly hot issue across our government customer community. When I talk to customers and bring this up, they typically have three different reactions: Some customers tell us that it is not part of their strategy, some customers tell us that they plan to do it but that they have a hard time figuring out how to support it (i.e., how to secure such an environment), and the third response, which is very, very rare, is when customers tell us that they have this under control.

What is the Consumerization of IT all about?

For me, the trend really started to take off with the advent of smartphones. In response to this surge in new devices, most organizations tried to standardize the types of models that could be used by employees, but at the end of the day, it was a lost battle, for different reasons:

  • The standardization process was always slower than the development of new devices.
  • These devices were cool, and influential people wanted to use them on their own terms. It’s a common story: An executive goes to the store around the corner, buys a new smartphone, and then comes back to IT to enable it to read emails, etc. If the executive wants it, who pushes back?
  • Different people have different needs. Can one device truly serve the needs of all employees?

This being the case, organizations have tried a few different approaches. One of the more popular approaches has been to give selected employees money instead of hardware and let them choose the device themselves. The idea behind it is fairly simple:  Organizations provide people who are IT-savvy with the option to customize their own work devices and—as long as they follow certain policies—everybody wins. These employees are more productive, and their organizations’ policies are upheld.

Over the course of the last few years, however, the problem has become much more complex as a lot of different form factors have hit the streets: iPhones, iPads, netbooks, developer notebooks, slates, etc.

The challenge

Once we accept that employees have different needs and that allowing them to customize their devices might (or better: will) help them become more productive, the next question then is: How do we enable access to our organization’s data without compromising security, privacy and compliance? And, what do we do if somebody leaves the organization? How can we delete our government data/contacts/emails while keeping the user’s private environment in place? And by the way, users want access to government data and services anytime and anywhere. These are just a few of the challenges.

Unfortunately, there are no silver bullets, but some ideas and approaches prevail. For example, we just published the Consumerization of IT Test Lab Guides, which can help to address some of your challenges or at least give you some food for thought. What you’ll find here are two main resources:

  • A white paper entitled "Consumerization of IT (CoIT), A Trend To Be Considered." The white paper has some great background on this emerging trend.
  • Test Lab Guides (TLGs). These guides essentially provide readers with pre-defined and tested methods to manage various scenarios involved in the Consumerization of IT (supporting security, enabling remote desktop virtualization, etc.).

If your agency is grappling with the Consumerization of IT, I think that these resources are something you definitely should look into for suggested approaches and guidance, as well as for tips on how to align your architecture to embrace this emerging IT trend.

Have a comment or opinion on this post? Let me know @Microsoft_Gov. Have a question for the author? Please e-mail us at ongovernment@microsoft.com.

Roger Halbheer
Worldwide Chief Security Advisor, Worldwide Public Sector

About the Author

Roger Halbheer | Worldwide Chief Security Advisor, Worldwide Public Sector

Roger leads Microsoft’s worldwide team of Chief Security Advisors who work with national organizations – including governments, law enforcement and intelligence agencies – in developing strategies to today’s most pressing information technology issues.