Government give go ahead to public sector BYOD

Government give go ahead to public sector BYOD

The government has issued security approval for public sector organisations to use bring your own device (BYOD) schemes. This would see employees access data and applications on their own personal smartphones and tablets.

CESG this week issued the new End User Devices Security and Configuration Guidance policy, which applies to the plethora of public bodies keen to introduce BYOD schemes in a bid to make flexible working easier for staff. 

The new policy has been published as a draft version, meaning that the policy that is now circulating could change before it actually comes into force. 

The CESG document explains: “Whilst enterprise ownership of a device makes many information security aspects much simpler, it is not a prerequisite of this guidance.”

Public sector employers must note, however, that the document does place limitations on how staff-owned devices must be used.  In addition, there is a clear understanding that CESG would prefer it if public bodies did not offer BYOD, if it is possible for them to operate in this way. 

It explains: “What is necessary is that the device is placed under the management authority of the enterprise for the complete duration it is permitted to access official information. Hence, a BYOD model is possible – although not recommended for a variety of technical and non-technical reasons.”

According to the restrictions, any mobile device that is to be used to access government data must first be returned to factory settings. It must also be fully managed by the public sector organisation throughout the time it is used for mobile working. 

“To ensure information security when using devices not owned by the enterprise, the enterprise must take control of device management at the point of provisioning, ensuring that the device is placed into a ‘known good’ state prior to allowing it to access official information,” the policy explains.