BYOD part of the environment at DSEWPAC
For all the column-centimetres being dedicated to the complexities of bring your own device (BYOD) strategies, you’d be forgiven for thinking there was no way it could be done properly. But BYOD is going swimmingly at the federal Department of Sustainability, Environment, Water, Population & Communities (DSEWPaC), for which BYOD is just the latest in a series of steps to improve employee mobility and flexibility.
Over several years, DSEWPAC has been working to improve its 2500 employees’ access to key corporate systems from a range of devices using virtual-desktop technology. A large Citrix deployment has seen around 80% of desktops virtualised, with a few exceptions for special-use cases.
BYOD was naturally popular amongst employees who often “didn’t actually like the devices they were issued with,” Blake explains. “We were previously using BlackBerrys a lot, and they were very locked down because of government security requirements. This meant that many users had two devices: a personal one in their pocket, and one that was their work device they had been given and didn’t like to use.”
DSEWPAC’s BYOD program started several months ago with a few key executives, for whom the IT department began administering smartphones with carefully managed application installations as the department moved away from BlackBerry devices. However, this full-service model quickly ran out of steam as numbers grew, and it was clear that rolling out a BYOD program across the department would require a much less resource-intensive approach.
Whereas many IT executives try to manage mobiles by controlling access to the devices, DSEWPAC took a different approach by focusing exclusively on protecting departmental data. Eighteen months spent planning a mobile device management (MDM) strategy had led to the implementation of Good for Enterprise, a MDM solution from Good Technology, which provides an app through which employees can access their email and calendaring information, and access corporate systems.
The app is designed as a secure ‘container’ that isolates the business systems and data from the rest of the user’s mobile device. Built-in controls prevent users from copying or sharing data inside the container using email, copy and paste, or other means.
MACQUARIE PUTS HOSTED SPIN ON MDM
Given the difficulties that organisations are having in trying to keep track of their mobile devices, service providers are experimenting with a range of different ways to put appropriate mobile device management (MDM) tools into the hands of IT organisations that need them.
One of the latest to enter the fray is Macquarie Telecom, which recently launched a MDM managed service called Mobility Manager. This service offering is run from Macquarie Telecom’s Sydney data centre, eliminating the implementation issues for customers that just want to get a grip on their mobile devices.
The software-as-a-service (SaaS) platform is device- and network- agnostic, offering what Christopher Greig, telco business group executive with Macquarie Telecom, called “an essential building block for organisations looking to pursue a BYOD strategy...Organisations must address concerns around security and privacy before they can take full advantage of BYOD and broader business mobility.”
Mobility Manager is part of the firm’s managed telecommunications service offering, which also includes tools for monitoring service usage, price, and data access.
Because IT staff are only administering the one discrete container, that container can be remotely disabled or wiped with minimum effort – eliminating the link into the business systems without affecting any of the other data on the employees’ devices.
Even though DSEWPAC is moving away from the BlackBerry solution, Good for Enterprise allowed it to preserve information security controls without impacting on users’ devices.
“We haven’t done BYOD by saying ‘just do whatever you like because we’ve decided security doesn’t matter’,” Blake says. “It absolutely does, and one of the biggest challenges was trying to find a way we could do this approach and still handle the security issues.
“The thing that has enabled us to do this is adopting a management solution that, as far as possible, is device independent. Once we knew that was possible, we realised that critical government information could remain in that container separated from the other user aspects of the device.”
Eighteen months after it started looking at managed mobile devices and three months after the BYOD project began, over 160 employees had already signed onto the program by installing the Good agent on their iOS devices, and support for Android and potentially Windows Phone devices is imminent.
As important as the technology may be, equally important was formulating an acceptable use policy that would make sure users were aware of their rights and responsibilities.
For example, users are advised to back up and plug in their devices at home rather than at work, and to use their own credit card and app store accounts to buy apps; any work-related apps can be reimbursed through normal channels.
“You’ve got to account for those devices as administrative overheads,” he says. “Having people backing up and synchronising devices, and storing photos on that expensive Tier-1 storage you’ve bought for your data centre, is not a scalable or effective approach.”
“Our biggest learning has been that, to have viable BYOD that doesn’t result in a massive administrative, technical and support overhead for the entire organisation, is to try and remove the organisation from the picture wherever you can."
COST VERSUS SECURITY
BYOD allows employees to bring any device they want into the organisation, sending carefully-engineered security protections into a tailspin. Deep layers of legal obligation and a more overarching security climate may make it a little easier to mandate mobile platforms in government bodies – but how do the various options stack up? And which is the most cost- effective in the long run?
Working at the behest of mobile vendor Research In Motion (RIM), research firm Strategy Analytics recently worked to find out.
The firm sought out to evaluate whether RIM’s BlackBerry Enterprise option is the cheapest in the long term, compared with non-BlackBerry devices managed using a ‘walled garden’ approach in which they access a secure zone on the company network via VPN and are managed by third-party MDM software. Both options are compliant with IL2, the UK government’s minimum security specification.
Its findings – that non-BlackBerry options cost 39% more than BlackBerry options – will either surprise you or not surprise you, depending on how much stock you put in vendor studies. But the firm’s extensive evaluation of the major mobile platform’s relative advantages and disadvantages – including its itemised rundown of each platform’s strengths and weaknesses, which GTR doesn’t have enough space to run here – is worth a look when weighing the relative advantages and disadvantages of each platform.
Strategy Analytics offers three key evaluation points for such solutions:
• High level cryptographic standards such as AES 256 and/or Triple DES and can take account of securing data in transit and data at rest.
• Device Operating Systems must be secured using comprehensive device management, encompassing a comprehensive range of IT polices that can be enforced through a central, administrative console.
• Devices themselves need a high number of technical controls that do not require user intervention and can be administratively controlled; a reliance on procedural or manual controls opens the way for a higher degree of residual risk.
The full report, entitled Compliance, Control, Cost and Consumerisation: What businesses can learn from the public sector about best-practice mobile enterprise management, is available here. – David Braue
This case study was previously published in Government Technology Review magazine.
Connected and autonomous vehicles will soon have a road of their own, following an announcement...
The agreement covers a wide range of services, including voice and data carriage services,...
The COVID-19 crisis has catapulted 'working from home' to the forefront of office...