Are federal agency workers going rogue with personal devices?

Federal agencies continue to struggle with the question of whether to allow employees to use their personal smartphones and tablets at work under so-called bring-your-own-device (BYOD) policies, according to a survey out this month from the organization Telework Exchange.

Out of the 314 federal employees who responded to the survey, 49% said they use their personal devices for work-related tasks, with 93% of these citing they use their own laptop, 64% saying they use their own smartphones and 19% using a personal tablet for work purposes. But while the federal government has made great stride over the years in settling policy and security-requirement issues related to personal laptops used for telework purposes, the same cannot be said for how federal agencies address the newer smartphones and tablets, the Telework Exchange points out. Although 55% of the federal employees who use smartphones or tablets for work bring their own, just 11% of them say their agency has an official BYOD policy at all.

[ IN THE NEWS: Worst Microsoft Windows Automatic Updates of 2012 

Survey findings: 'Rogue clouds' giving IT staffs nightmares ]

"People are wanting to use their own devices," says Cindy Auten, general manager of the Telework Exchange, the Alexandria, Va.-based group formed in 2005 as a public-private partnership to examine telework and mobile options for federal workers. Affiliated with it are the Federal Managers Association, the Government Technology Research Alliance and think tank The Performance Institute, among others. 57% of federal employees answering the survey said they'd "consider paying to have their personal device updated ort certified as safe."

While the survey only identified the mobile-device practices of 314 employees in several agencies, including the departments of Agriculture, Defense, Energy, and Health and Human Services, it did unearth that federal employees are getting access to government data and email on their devices even though their agencies lack BYOD policies defining policies on how personal devices should be subject to agency security and management requirements.

Auten said the federal government is still struggling with BYOD security and management questions, even though use of personal mobile devices for work was mentioned positively under the White House "Digital Government" guidelines introduced last year and as late as last August under a specific BYOD policy guideline. However, it's somewhat vague, saying BYOD might be suited for some agencies and not others.

Each agency has to grapple with BYOD on its own, says Auten, and so far, there seem to be very few agencies with a really clear BYOD policy and security requirements -- the small agency of the Equal Opportunity Employment Commission is among the very few, she points out.

But with users throughout the federal government clamoring to use their own smartphones and tablets, it's clear they're sometimes doing so without clear security and management policies in place, much less technology to enforce policy. This appears to be in contrast to what federal agencies have learned to do regarding laptops used for telework, where encryption and VPN connections are considered basic security, says Auten.

Security improvements for laptops in telework began to happen in earnest after a contractor at the Department of Veterans Affairs in 2006 had a laptop stolen from his home that had held sensitive unencrypted data concerning millions of U.S. veterans, a security incident that generated front-page headlines and a multimillion-dollar lawsuit.

Auten adds that she hopes it won't take a huge data-breach incident like the one related to the VA laptop to speed adoption of policies and technology appropriate for BYOD is federal agencies.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags appsteleworkNetworkingsecurityMicrosoftwirelessIT managementbring your own devicemobile devicesconsumerization of ITBYOD

More about IDGMicrosoftTechnologyTechnology Research

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts