March 01, 2013, 10:43 AM — WASHINGTON -- As federal CIOs develop new strategies to support an increasingly mobile workforce, they will inevitably have to decide whether or not to adopt a bring-your-own-device policy, just as a similar challenge confronts their counterparts in the private sector.
For some agencies, the answer is a hard "no."
"I'm not doing BYOD," says Coast Guard CIO Rear Adm. Robert E. Day Jr., who also serves as director of the Coast Guard Cyber Command.
Day, speaking at a federal IT conference hosted by the media group FedScoop, explained that many agencies dealing with sensitive or classified information are sticking with government-issued devices in the absence of clear policies for the use of personal equipment in the workplace.
The fear of losing sensitive data has kept many federal CIOs from adopting BYOD policies. It's not necessarily that the devices themselves are insecure, according to Day, but if a worker's personal phone with work data stored on it is lost or stolen, and security protocols would normally dictate that the device be remotely wiped, would the agency IT staff then be compelled to erase all the contents of the phone?
"There's the issues of what if I wipe your device and you lost all the pictures of little Susie and little Johnny and they weren't backed up? We're going to have to have some policies that go into place with this and figure that piece out," he says. "Having full MDM (mobile device management) capability across the device is absolutely key."
"We're going to have to have some limitations on a personal device and then, again, the documentation that you are going to sign over saying that if I blow your device away with all your financial data and all your pictures that you did not back up, I'm not responsible for that," he adds. "I think we're going to get there, but until I get those security pieces put into place it's going to take a bit."
BYOD Security Biggest Concern