F or years, the prospect of letting Defense Department employees conduct government business on their personal wireless devices has been a bit too nervous-making for the department to take a bring-your- own-device model seriously. That may be about to change, albeit slowly.
Terry Halvorsen, DoD’s chief information officer, told reporters last week that he plans to conduct a limited BYOD pilot this summer, while also making clear that for the vast majority of DoD users, policies surrounding personal devices aren’t going to change overnight, and for many of them, maybe never.
“It’s not going to be easy,” he said. “People need to do some homework on bring-your-own-device, where it’s working, and where it’s not. Lots of big enterprises are actually rescinding their BYOD policies. What I suspect will happen in DoD is because of our size and all the businesses we’re in, there will be places where it will work and a whole lot of places where it doesn’t. There are not going to be clean answers that say, ‘Yep, DoD is doing BYOD.’ I suspect at some point, particularly in things that are in more common business sets like retail and recreation, there will be some BYOD. In other cases, there won’t be.”
For the pilot, Halvorsen said most of the test users will most likely be employees working in headquarters functions since they’ll offer a large enough user base to set up a controllable test environment. He said he wanted to impose as few parameters on the pilot as possible, aside from ensuring that the security ramifications of transmitting and storing government data on personal devices can be reliably traced and studied.
“Making sure we meet the minimum security levels is the first question I’ve got to answer, and if it does, let ‘em go use it,” he said. “Then, how do I track whether people who are doing this are being secure? That’s the hardest thing. How to measure that in meaningful ways is the thing that’s driving me a little crazy.”
Halvorsen did not elaborate on DoD’s current thinking about how it will apply security to personal devices. But separately, for the latest generation of government-furnished BlackBerry devices it has begun fielding to small numbers of DoD personnel, the department has proved to itself that dual- persona technologies, which allow personal and official business to be segregated from one another on a single device, are sufficiently secure for unclassified data.
“For example, I can get my personal email on that phone, I can do applications like Pandora on that phone. It just makes for an integrated life-work balance for people,” he said.
Those devices have been deployed so far to roughly 1,500 senior leaders and what Halvorsen referred to as “high-demand” users. Those numbers, he said, will soon start ramping up “fairly rapidly.”
This post is part of Jared Serbu’s Inside the DoD Reporter’s Notebook feature. Read more from this edition of Jared’s Notebook.