This content was written by Daren Goeson, senior vice president of product management at Ivanti.
Remember when work devices stayed at work?
Remember when “work” was not just an action, but a designated location?
Those days are over. We’ve stepped out from behind the firewalls. Even if you’re in an in-office environment, it’s unreasonable to expect that every device, whether employer-owned or personally owned, stays neatly in the office, attached only to the approved local network, and that no work-related activities are ever completed anywhere else on any other device.
We didn’t have to tell you that. You already know. What you may not know yet is the latest on organizational reactions to the shift in the BYOD landscape — particularly at the government level. Let’s get you up to speed.
In short, federal agencies are fundamentally rethinking their approach to personal devices in the workplace. Guidance from both the Department of Defense and the Department of Justice reflects a growing recognition that traditional device policies no longer match workplace realities. According to recent research, 84% of IT professionals report that Bring Your Own Device (BYOD) practices occur at their organizations, even though only 52% of these organizations formally authorize it. Among the 48% who do not authorize BYOD, 78% still acknowledge that it is happening unofficially.
The BYOD landscape is evolving
The Pentagon’s framework for non-government mobile devices arrives as agencies grapple with increasingly distributed teams and hybrid operations. This guidance, coupled with NIST recommendations for civilian agencies, establishes the first comprehensive federal approach to secure personal device use in sensitive environments.
Per a recent DoD memo, “The benefits associated with the use of AMDs approved mobile devices must be balanced carefully with associated operations security and cybersecurity risks.” This balance is crucial — especially as agencies adopt zero trust architectures that focus on securing data and applications regardless of device ownership.
Translation: security and usability can — and should — coexist.
Outdated boundaries = outdated results
Steve Keefe, President and CEO of Patriot Technologies, reinforces the urgent need for robust management solutions. “Mobile technology is impacting every aspect of the enterprise, and a scalable mobile management solution is critical,” says Keefe in a recent BYOD report.
The technical requirements clearly reflect the complexity here. Here’s just a snapshot of what’s involved:
- NIAP-validated Enterprise Mobility Management systems
- Authentication through CAC or approved authenticators
- Automated compliance monitoring
- Secure, isolated workspaces for government apps
- Continuous security updates
Privacy by design
The new federal guidance marks a departure from previous approaches by prioritizing user privacy alongside security. Agencies must now explicitly outline their data collection practices and access parameters — a direct response to long-standing concerns about government oversight of personal devices.
That said, user privacy and security doesn’t have to be at the expense of user experience. The previous thinking that UX can be ignored for the sake of security won’t cut it anymore. It’s no longer an ‘either/or.’ With the right tools and processes in place, it’s a ‘yes, and.’
The realities of implementation
No point in sugarcoating things. We’d argue the upside is more than worth it, but the realities of implementation shouldn’t be underestimated. Case in point: for agencies adopting these guidelines, there are several serious considerations:
- Creating comprehensive user agreements that protect both sides
- Establishing clear incident response procedures
- Implementing secure self-service enrollment
- Managing user lifecycle and access
- Maintaining security without compromising privacy
Security benchmarks
Are there solutions to help streamline these activities? Of course — but proceed with caution. Not all solutions are created alike. Solutions must meet rigorous standards, including:
- Security Technical Implementation Guide (STIG) approval
- NIAP Common Criteria certification
- Defense Information Systems Agency (DISA) Approved Products List inclusion
These certifications ensure agencies can confidently follow the DoD’s lead while meeting NIST guidelines for secure mobility.
Are there results? (Spoiler: Yes.)
Here’s the really good news: early adopters are already seeing tangible benefits. Military service members now access critical apps like email and tactical planning tools on personal devices, with clear separation from private data. This capability particularly benefits reserve units and distributed teams — a model that translates well to civilian agencies dealing with similar mobility challenges.
The federal push toward secure BYOD sends a clear message: workplace technology, and the way we manage workplace technology, must evolve. Don’t excuse yourself or your organization because you’re 100% in office, or you “assume our employees know what we expect.” We’re way beyond that. With proper controls and policies, agencies can now confidently embrace the mobile tools their workforce already uses while maintaining security standards. Again, let’s aim for the ‘yes, and.’
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
