Name of Project
Illinois Bring-Your-Own-Device Program
Name of Jurisdiction
State of Illinois
Description of Initial Problem
Productivity and ease of use are often slowed throughout many IT departments because employees need access and availability to multiple devices. This may frustrate employees, put pressure on management to make system changes, and create network bottlenecks when employees use multiple devices simultaneously. In addition, employees increasingly expect to work using their own computing devices. While employer-issued devices can enhance certain security measures, exclusively using them may also diminish productivity in a world where mobile use is on the rise and employees are becoming increasingly reliant upon cross-device connectivity. Moreover, requiring employees to carry a separate employer-owned device doubles the number of devices that some people would prefer to carry, increasing the likelihood that an employer-owned device is lost or stolen and making the enterprise less secure.
The “consumerization of IT,” as it is referred to by IBM, is changing the way people work and changing the expectations employees have from the workplace. Many firms in the public and private sector recognize the growing need for Bring Your Own Device (BYOD) capabilities and are implementing technology solutions and processes to allow for this. In the end, security concerns present the primary obstacle for any entity considering BYOD.
Description of Solution
To address the security challenges, the State of Illinois took a proactive approach in the fall of 2015 by establishing a new policy and acquiring mobile-device management (MDM) software that allows public employees to access work-related information using BYOD. For example, the new system can remotely terminate a user’s connection to the state’s IT resources when necessary. In addition, the MDM can remotely ‘wipe’ government information and revoke access to the network if an employee’s BYOD device is lost or the employee abruptly leaves state employment. The MDM software can also remotely access the employee’s phone, isolate government apps and information, and then wipe the sensitive data and remove any access to government sites.
While current enterprise MDM solutions can provide reasonable and appropriate information security, and also prevent the employer from accessing personal information residing on an employee-owned device, IT managers and state employees need to be aware of and comfortable with the BYOD details and procedures. Any public or private sector entity considering BYOD needs to create an effective, detailed and clear policy that ensures thorough understanding by the employee. And any employee considering BYOD needs to be aware of the rewards and the risks of this flexible work accommodation.
Illinois maintains a thorough mobile device security policy for the employer-owned mobile devices. The policy defined the goals, purpose, responsibilities and controls for those wishing to use mobile computing capabilities. Only a few additions to the mobile device security policy needed to be made to explain how a BYOD mobile device would affect the rights and responsibilities of the employer and employee. Realizing that most people have become accustomed to simply clicking-through on lengthy online “terms and conditions” agreements without reading the relevant details, Illinois implemented a short, mandatory video highlighting the key features of the new BYOD approach. The user cannot click “I agree” until the video is over. This approach makes it more likely that every BYOD employee will hear and understand the key features of the program. For example, the video explains the best practices for not co-mingling personal and work data, and what to do if a BYOD device was lost or stolen. The mandatory video makes both employees and data managers more comfortable with BYOD adoption.
The State of Illinois makes BYOD optional for the employee and allows agencies the latitude to decide whether BYOD can be used or made available to certain working groups based upon individual security concerns.
The BYOD program is helpful on several fronts. First, the program saves taxpayer dollars because the state does not have to pay for employer-supplied devices, accessories, and data plans. Illinois estimates that each employee that opts into BYOD saves the state more than $800 each year. When multiplied by the thousands of state employees who currently carry government-owned mobile devices, BYOD has the potential to save millions of dollars. Moreover, the state expects that replacement and repair costs will decrease because people tend to take better care of their own property. Employee satisfaction will increase due to the greater flexibility of being able to use personal devices. Finally, productivity should increase because BYOD employees are generally more comfortable and more familiar with operating their own devices rather than learning something new or different.