Auten said the federal government is still struggling with BYOD security and management questions, even though use of personal mobile devices for work was mentioned positively under the White House "Digital Government" guidelines introduced last year and as late as last August under a specific BYOD policy guideline. However, it's somewhat vague, saying BYOD might be suited for some agencies and not others.
Each agency has to grapple with BYOD on its own, says Auten, and so far, there seem to be very few agencies with a really clear BYOD policy and security requirements -- the small agency of the Equal Opportunity Employment Commission is among the very few, she points out.
But with users throughout the federal government clamoring to use their own smartphones and tablets, it's clear they're sometimes doing so without clear security and management policies in place, much less technology to enforce policy. This appears to be in contrast to what federal agencies have learned to do regarding laptops used for telework, where encryption and VPN connections are considered basic security, says Auten.
Security improvements for laptops in telework began to happen in earnest after a contractor at the Department of Veterans Affairs in 2006 had a laptop stolen from his home that had held sensitive unencrypted data concerning millions of U.S. veterans, a security incident that generated front-page headlines and a multimillion-dollar lawsuit.
Auten adds that she hopes it won't take a huge data-breach incident like the one related to the VA laptop to speed adoption of policies and technology appropriate for BYOD is federal agencies.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.