There is a “mobility tug of war” going on across government agencies today. In one corner we have choice, and in the other we have control. Agency workers want the choice to use the consumer devices they love while at work. Agency leaders want to accommodate that desire, in order to create the most efficient, collaborative environment possible. But government isn’t a mission that accepts “good enough” security, and in the era of “Bring Your Own Device” (BYOD), agencies still need the ability to control how their enterprise data is protected.
Perhaps interestingly, all of this makes me think of my old 1967 Volkswagen Beetle.
I loved that car. It ran well, it was reliable, and it got great gas mileage. But I had to part ways with it a few years ago for two reasons: safety and operational overhead. I really couldn’t fathom putting my sixteen-year-old daughter in a car without the basic security mechanisms which we all require today, and this little “grocery getter” had no airbags, no seat belts, and no side impact door beams. In many ways this is analogous to the fact that government agencies can’t have employees out in the field using unsecured devices that lack critical security controls like encryption and multi-factor authentication. In terms of operational overhead, an older car presents unique maintenance and repair challenges, resulting in costs that can add up quickly. Similarly, agencies are facing maintenance challenges related to supporting a wide range of mobile devices, all with different requirements, and potentially siloed management solutions.
The good news is that there’s a happy medium here. For instance, Microsoft has been a BYOD company since I started here seven years ago, and our IT team specifies which security controls meet our security requirements, and which content types are appropriate for each device type. So it’s really a “Bring Your Own Approved Device” (or BYOaD) environment, based on our ability to secure each user’s content and ultimately protect the organization against data loss across the wide variety of operating systems and platforms.
On the management front, there are a host of available emerging self-service tools for deployment and support that are transforming mobility management. For example, many agencies are looking to virtualization to power mobility, and Microsoft Office 2013 is actually equipped with “Click to Run” virtualization technology that can be deployed in a matter of minutes across a variety of devices. For Unified Communications, staff can now download a single Microsoft Lync client for their iOS, Android, or Windows device in a matter of seconds, which eliminates the need for separate clients and additional expense for supporting the varied devices. And Microsoft’s System Center Application Manager allows users to securely install their applications from a browser, and if a smartphone is lost, the owner can simply login to Microsoft Exchange to wipe it, instead of calling the helpdesk.
We have widely deployed these types of tools at MSFT, and to be honest, I haven’t seen an IT person in years. With the right controls on the back end, and the proper internal policies, security and simplified management are achievable, even in the brave new world of BYOD. In government, much like the garage, the goal is to reduce operational costs and eliminate waste while maintaining security, so we can focus on getting where we need to go without carrying an oversized toolbox.