Bring Your Own Device or BYOD is not a new topic, and quite honestly it is a vague term coined to help us understand one facet of the chaos of technological innovation. Why is the idea of BYOD confusing? Our lives are not cleanly and neatly distinguished between our personas in the private and professional worlds. Yet the resources we use to navigate those spaces are. Just as the BYOD trend itself is open to interpretation, so are the ways in which it can be used to positively benefit public sector organizations.
To that end, we took a comparative view of public sector BYOD policies in both states and localities to determine just how the public sector is seeking to make sense of BYOD as a trend. The idea was to better understand how state and local organizations are creating policies to manage BYOD to the positive benefit of not only the government entity, but the end user as well.
In examining BYOD policies, we found five areas that seem to be thematic across the public sector. These areas make up the most common groupings for policy considerations that should be addressed when investigating the value of BYOD for future implementation:
1) Acceptable User
Who is bringing their own device? Who should? What about the device itself, does that matter? Even an individual’s relationship to their device can influence policy decisions.
2) Acceptable Use
Perhaps the basic tenet of any device policy is what is and is not allowed on a device. How does that consideration change when the device personally owned and maintained?
3) Central Management
Where the rubber meets the road. How are various public sector organizations making BYOD happen? How can they?
What are the financial implications of moving to a BYOD model? What are the cost considerations for governments, whether it’s reimbursement or savings?
5) Privacy and Security
The struggle is real. While the toughest nut to crack, cities, counties and states all over the U.S. are trying but are they thinking of everything?
Security vs. privacy in BYOD
Overall, many of the jurisdictions implementing a BYOD policy are doing so from a position of device management. Typically, they have already implemented full device security and management software for their agency-owned devices and are expanding that paradigm to give network access to personal phones, tablets, and other devices. In doing so, public sector organizations may focus more on security and less on end-user privacy. While security and privacy aren’t mutually exclusive by any means, a predisposition towards one versus the other can lead public sector organizations down different paths.
It seems that many of the jurisdictions we reviewed still struggle with employee privacy. By struggle, I mean that there is a lack of uniformity among policies across jurisdictions when it comes to handling privacy. Some states specifically call out the challenges of balancing security vs. privacy; others incorporate explicit caveats to privacy expectations. We also noticed that in some cases, the development of a policy seems to be separate and specific to the implementation of a program. Policies tend to rely heavily on guidelines while remaining more vague on the mechanics of implementation or leaving that decision up to those seeking to seize the opportunity.
I will examine each of the five considerations in further detail in upcoming posts, highlighting the recurring themes, common elements, and our own thoughts on how technology can help address some of the policy questions that arise across these areas. The policies cobbled together for these five areas aim to form the basic tenets of any worthy BYOD policy.
How is your public sector grappling with BYOD and the consumerization of IT? If you have any thoughts, leave them in comments and I will address them in a future post.