From a security standpoint, the work on developing mobility standards begins with the understanding that in an operation as large and diverse as the federal government, the requirements for mobile computing will be correspondingly varied, with some remote personnel handling highly sensitive or classified data, others who are tethered to a workstation and use little more than basic office productivity apps, and everything in between.
"We couldn't ignore the broad number of use cases that are out there," says Robert Palmer, director of information assurance for the Enterprise System Development Office at the DHS office of the CIO. "IT needs to enable those missions, and that's really what we're talking about -- that underlying infrastructure that will enable all those different use cases."
"We have to talk about that first -- what is our requirement," Palmer adds.
Federal officials are slated to release guidance for the next milestone in the administration's Digital Government Strategy, which relates to mobile security, in May.
That document will endeavor to address, at least in part, the security considerations and the related legal challenges that have been a significant barrier to the government's adoption of BYOD policies.
Siva Prakesh Yarlagadda, director of CSC's federal mobility division, pointed to the oft-cited example of how a security team might respond to the loss of a user's personal device that contained sensitive agency information.
For a standard, government-issued BlackBerry, the protocol might call for a remote wipe of the device, but when the compromised equipment also holds an employee's personal content--family photos, etc.--the prospect of simply erasing all of that data poses additional challenges.
"It has a huge impact," Yarlagadda says of the security concerns. "That's one of the reasons why every agency doesn't have it today. There are challenges."
Yarlagadda recommends that government agencies contemplating BYOD policies or the broader question of a mobile device management framework adopt a "core infrastructure" for mobile activity that would include security features like encryption and permissions-based access, as well as an enterprise app store that would serve as a central hub for business-related applications that have met the necessary security stipulations.
"This is how your employees discover your apps. This is how you distribute your apps to your employees," Yarlagadda says.
As for BYOD, which many businesses have been adopting in response to the growing expectation of employees that they be allowed to use their own devices for work, Yarlagadda says of the government: "There are compelling reasons why you would want to use that, but the enterprise architecture is not ready."
Sign up for CIO Asia eNewsletters.