“Bring Your Own Device” Policies For the Public Sector at #MACoCon

County officials heard about the benefits and challenges of a “bring your own device (BYOD) policy” at the 2015 MACo Summer Conference. BYOD programs are increasingly expected by younger and more tech-saavy workers and can lower capital and operating expenditures, but they can also pose security, transparency, and accountability challenges.

20150812_145532

(Chris Merdon (standing) discusses the BYOD environment while (sitting left to right) speakers Thomas Laskowski and Greg Yaculak and Moderator Clarence Lam look on)

Howard County Chief Information Officer Chris Merdon highlighted some of the county challenges created by BYOD, including: (1) maintaining data security; (2) ensuring the compliance of many different kinds of devices (computers, cell phones, tablets, etc.); (3) providing legitimate access to non-traditional users; (4) fostering productivity while keeping a secure environment; (5) software licensing issues for devices; (6) responsibility for support or maintenance of devices; and (7) background checks before allowing network access.  He stressed the need to address those challenges through both policy and personnel decisions and highlighted Howard County’s use of VMware.

The Maryland Health Benefit Exchange’s Chief Information Security Officer, Greg Yaculak, noted that the public sector is moving away from soley using government issued equipment but he noted there were a lot of security risks associated with BYOD, including: viruses, data loss/breaches, lost devices, lost control, and having no idea where your data is located.  He discussed several defensive strategies to combat these issues, including: mobile device management, firewalls, anti-virus and malware programs, asset management systems that let you know the security state of all devices on your network, vulnerability scanning, encryption, and data loss prevention.  In particular, Yaculak favored the use of a remote desktop service to maximize control and security while still allowing for worker flexibility and productivity.

GANTECH Chief Executive Officer Thomas Laskowski offered the perspective of a system integrator, explaining that BYOD was a very complex program to tackle.  Mobile devices were especially challenging, as many Apps have permission to use the device’s camera, microphone, email, etc.  The current “state of the art” response to BYOD is a hybrid approach that addresses the management of files, mobile apps, and computer programs through separate but interconnected methods.  However, he argued the best approach to BYOD in the near future will be cloud access (using HTLM 5) or else being able to completely containerize or quarantine your systems.

Maryland Delegate Clarence Lam moderated the panel.