Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Bring-your-own-smartphone becoming a reality
Thursday - 8/25/2011, 5:10am EDT
By Jason Miller
Federal News Radio
When former federal chief information officer Vivek Kundra first brought up the idea of federal employees using their own smartphones or mobile devices on their agency's network, many scoffed at the proposal.
But in the six months since Kundra, who left government earlier this month for a five-month fellowship at Harvard, made the pronouncement, the idea of employees bringing their own device to work is not such a far-out idea after all.
At the Veterans Affairs Department, Roger Baker, VA's chief information officer and the department's assistant secretary in the Office of Information and Technology, said the agency is six weeks away from opening up its network to employee devices from Apple.
"We are focusing on mobile device manager (MDM) to control what connects to our network," Baker said at a recent conference on mobility. "We plan to create an apps store to ensure security of the software running on our network."
VA has four pilots — in Washington, D.C.; Albany, N.Y; Battle Creek, Ill.; and Chillicothe, Ohio — testing this concept. Baker said VA's plan to open up its network by Oct. 1 is on track.
Along with VA, the Centers for Disease Control and Prevention is in the middle of an expanded pilot program seeing how personal devices would work on its network.
Jaspool Sagoo, CDC's chief technology officer, said the pilot programs are showing how employees can have limited access to email, calendar and other non-sensitive data on the agency's network through their personal device.
"Recognizing the fact our users have bought these personal devices themselves, our pilot is centered around the usability of the devices to connect to CDC assets," Sagoo said. "We are dealing with the MDM vendors in a containerized approach to see how well these devices will function in accessing limited CDC assets."
The pilot started with fewer than 50 people and now has expanded to a few hundred.
"Dependent upon the outcome, if we don't find any significant impediments from a security perspective, then we will recommend moving forward with allowing personal devices to connect to our network for access to resources," Sagoo said.
He added this approach will be "equivalent to a remote emulation," which lets software from the network run on the handheld device but expose the network to security risks. Employees also will not connect through a virtual private network and all data will be stored on the back-end servers controlled by CDC, Sagoo said.
For sensitive or personally identifiable information, CDC will continue to use government-furnished devices, he added.
Sagoo said until the device makers offer the ability to do full-disk encryption, personal smartphones will be used only for low-to-moderate level security.
Sagoo said the primary driver for mobile devices is a combination of business needs and pent-up demand by employees.
"We know that our workforce, especially in overseas countries, already are using a lot of these devices," he said. "We have to make sure as they collect this sensitive data, the data is being stored on encrypted devices. That is really our main push in the field to make they meet all of the FIPS mandatory compliance requirements for encryption and also to make sure that somehow we can manage these devices and really make sure all aspects of their experience from IT usability to the transport and to the repositories are in compliance and protected."
Sagoo said CDC believes it will get two main benefits from deploying smartphones.
"Security is an essential driver, but we also are looking at cost containment," he said. "To that end, if we can get reductions in cost savings to the government by allowing people to use their personal devices together with their own data plans and give them a high satisfaction and provide them access to CDC assets then it's a win-win for both the government and the employees."
At VA, Baker said doctors and nurses, especially the 100,000 residents that work for the agency each year, are the primary drivers for letting personal smartphones on its network.
Baker has said many times, if he is only the "CI-NO", the medical practitioners will find ways around him.
VA had to find a way to say yes that supports multiple devices, lets the agency push software updates to the device automatically and creates an apps store that is for employees only.
Baker said VA also must be able to wipe the devices should one be lost or infected with a virus and ensure no data is stored on the personal smartphones.