Following our recent post about telework in the public sector, certain federal agencies are starting to make strides in adopting more modern policies for their employees’ m0bile devices.
The Equal Employment Opportunity Commission (EEOC) is making a name for itself, staying on the cutting edge of tech policy changes in the government. It recently instituted a BYOD policy for its employees, and was able to cut mobility costs by 50% in 2013.
It seems as though some other government agencies have taken notice. Several of them, including the Nuclear Regulatory Commission and the Agriculture Department, are now running BYOD pilots.
In this exclusive interview with Federal Technology Insider, Kimberly Hancher, the CIO of the EEOC goes into detail about her implementation of BYOD and its results.
See the original interview HERE. For a more detailed brief, check out the White House BYOD Toolkit information about this EEOC initiative.
What was the driver behind the BYOD pilot program at the EEOC?
Hancher: Several years back, I attended a conference where leaders from the private sector were sharing their leadership challenges and key learnings in the emerging BYOD arena. During this time, we were facing a 15 percent IT budget reduction and I realized that I had to take some risks and think outside of the box.
Some have said that a BYOD policy does not result in a costs savings. How were you able to achieve some pretty significant reductions?
Hancher: We took a two-pronged approach in addressing the reduction of costs. Our first strategy was to look at the rate plans for our government-owned devices, and we found out that we were paying much more than we needed to. Through analysis and re-plan optimization, which involved sharing minutes and putting smart phones on the correct plans based on usage patterns, we were able to reduce costs close to 30 percent.
The second step was to reduce the number of devices in use. As such, we tapped into the community of employees that used both personal and government devices, and allowed them to opt-out of the Blackberry program and return their work devices. From there, we synchronized their personal devices through our mobile device management system
Often when people talk about the benefits of a BYOD program they list boosts in productivity and morale as key successes. Did you find this to be the case?
Hancher: Many users enjoy the functionality and familiarity associated with their personal smartphones and prefer to use one device. This helped increase productivity. We also found that these users were more likely to work or be more responsive to email and other communications after hours.
Many agencies seem hesitant to embrace BYOD because of security, technical or legal concerns. How did EEOC overcome these challenges?
Hancher: We made sure to include our legal counsel in the development of this program. As we were writing out the rules of behavior and program requirements, we also spent a considerable amount of time developing the privacy terms. We found that government devices have no expectations of privacy. For personal devices, we would require access to the device if there was ever a civil or criminal concern.
In addition, each participant had to go through training and sign a privacy document before taking part in the program.
Are there other best practices / lessons learned that other agencies should consider?
Hancher: First, I would create an advisory group to support the IT organization, which would be a cross section from across an entire agency so you can hear from different constituencies. In addition, the IT organization, along with the privacy officer, should determine just how sensitive the data is that people access through personal devices.
Our agency does not deal with classified data, nor do we have information about infrastructure that would be of interest to terrorist organizations. No matter the level or type of data, security has to be at the forefront of any implementation considerations. This includes requiring complex passwords that expire regularly, along with the ability to wipe the device remotely. In addition, the agency security team should be a part of the advisory group.