The undeniable truth is that technology costs money. Even if the net result is a significant cost savings or improved service delivery, the process nearly always begins with digging into the agency’s proverbial pockets to fish out some seed money.
Mobile technologies are no exception to this principle. However, through the right set of policies, planning – and a few creative ideas – agencies can extract value from mobile technologies while also reducing security risks and the total cost of operation.
To help with this process, GovLoop and Brocade held an in-person training event this past Wednesday on mobile security and management. One highlight of the event was the closing keynote address, which was delivered by Kimberly Hancher, Chief Information Officer of the Equal Employment Opportunity Commission (EEOC). Hancher shared the EEOC’s experiences in reducing its overall mobile budget, while also simultaneously opening up the agency to a wider mobile-friendly environment.
The EEOC Story: A Mobile Imperative
The EEOC, an organization with 2,400 employees spread out across 53 sites nationwide, recognized that mobile is integral to mission success. Hancher said she herself used her mobile devices to keep linked with the agency and stay operationally aware of the goings-on throughout the day. “We’re seeing that, increasingly, agencies need to embrace mobility as a part of their operational strategy,” said Hancher. “We need to figure out what mobile means for the agency, in terms of both the workforce and its customers.”
However, despite this imperative, the EEOC faced the following challenges to widespread mobile adoption:
1. Implementation of mobility management policies
2. Addressing mobile security
3. Handling the budget
The Solution: BYOD
The EEOC’s primary solution was to implement a ‘bring your own device,’ or BYOD strategy. Hancher and her team made the decision to allow BYOD based on risk-based approach to the issue. “We have no classified data in our databases,” explained Hancher. “We have no sensitive PII [personally identifiable information] in our databases. The EEOC doesn’t have a role in defending the nation’s critical infrastructure.”
These factors allowed the EEOC to race forward as an early adopter of BYOD in the federal space. Hancher acknowledged that the answers to these questions will not be the same for all agencies, and that they may come to the conclusion that the BYOD risk is too great for their organization. But for the EEOC the impact has been huge. Despite providing no financial incentive, 23 percent of employees decided to return their government-issued device in favor of using their personally-owned device. The EEOC saved 50 percent in mobile costs in the first year – a year in which they were already halfway through the fiscal cycle. In subsequent years the savings have been even larger.
How Did They Do It?
To understand how the EEOC successfully navigated their BYOD journey, Hancher provided some guidance based on the three challenges outlined above:
1. Mobility Management Policies
Hancher’s team brought together a diverse advisory group – human resources, unions, lawyers, unions and the IT shop – to formulate the rules of behavior. They included the following rules:
- The program began with 3 operating systems: iOS, Android, and Blackberry
- Privacy expectations were delivered, as Hancher described it, “front, center and bold” so that users knew what they were getting themselves into.
- Security policies were implemented in their mobile device management (MDM) tool. For example, users had to employ a password with a certain amount of complexity in order to have access to EEOC networks.
- Rules of “dos” and “don’ts” were clearly defined. These rules were collated and participating employees were required to sign consent forms prior to entry.
2. Fundamental Security Steps
Hancher also provided attendees with a few fundamental guidelines for mobile security:
- Regulate training.
- Require employees to register mobile devices with the IT department.
- Apply a remote wipe function to mobile devices.
- Track phones if lost.
- Utilize a multi-factor authentication or data encryption on mobile devices.
3. Handling the Budget
In addition to BYOD, the EEOC also reduced the cost of issuing their remaining government-issued mobile devices. “We found the key to success is really looking at the cost of issuing these devices,” said Hancher. “We recently moved to a contract that has much better pricing – and replacement of devices as well.”
Hancher also noted that there are very useful principles of telecom expense management out there. Service providers have algorithms to help pull agencies in the right direction.
The EEOC has provided a roadmap to innovative mobile device management that is cost-effective, secure and sustainable. Although the path they paved may not work for every agency, it does provide a very compelling proof of concept that mobile does have a place in the future of government.
For more information, make sure to download our newest guide on mobile management here.
Event sponsored by:
Achieving agency missions becomes harder and more complex every minute. But with less money in the budget, many agencies are stuck between the need to deliver new services and the cost of supporting old infrastructure. To break the cycle of dependence on proprietary systems and endless service contracts, agencies need simpler, widely compatible network infrastructure that empowers IT and accelerates mission performance.
Awesome post, Adrian!
Just an FYI that I previously wrote extensively about EEOC’s BYOD efforts, which may be useful to supplement your excellent blog post: