Government CIOs have been struggling mightily with developing prudent policies to enable employees to use their personal mobile devices for work without putting sensitive information at risk or otherwise compromising the security of agency systems.
As it turns out, many federal employees haven't been waiting for those policies to take effect before introducing their devices into the workplace.
To be sure, some agencies maintain strict prohibitions on the use of personal devices to access government systems, but Lookout's survey revealed that many workers simply ignore the rules.
In the poll of 1,000 government employees, half of the respondents say that they use their personal devices to access email, and 49 percent say they use them to download work documents.
Of employees at agencies with rules against the use of personal devices, 40 percent say that those restrictions "have little to no impact on their behavior."
Wake up call for Feds
"Federal agencies need to wake up to the fact that mobile devices have become a predominant tool for productivity," Bob Stevens, Lookout's vice president of federal systems, writes in an email. "Policies that flat out prohibit the use of mobile devices in the government are not keeping up with technology or realistic user behavior."
Stevens argues that when it comes to mobile devices, the genie is essentially out of the bottle, that users have become so accustomed to the convenience of their own smartphones and tablets that they will bring them into the workplace with or without the blessing of the CIO or CISO.
The data from the survey seems to support that trend. In addition to the large minority of users who admit that they ignore their agency's policy, nearly 20 percent said that they would be willing to sacrifice some measure of government security for the convenience of using their personal devices.
And Lookout's analysis of some 14,000 devices running its technology in government environments found significant exposure to malware.
All of this typically comes as a great surprise to agency leaders, according to Stevens.
"I've been in meetings where a federal CIO insists they don't have a BYOD program. Then I show them an assessment of the devices connecting to their network and it's in the hundreds. They are always shocked," he says.
"I think that in general, federal CIOs must have an inkling that some employees are breaking the rules," Stevens adds. "But I'm sure that most are unaware of just how expansive the 'shadow BYOD' problem really is, and of the risks it introduces."
Sign up for CIO Asia eNewsletters.