Government outlines BYOD rules for public sector departments

BYOD

The Government appears to be begrudgingly paving the way for public sector organisations to adopt Bring Your Own Device (BYOD) polices, with the publication of new draft guidance documents.

The End User Devices Security Guidance documents have been issued by CESG, the information security arm of UK intelligence agency GCHQ, and are designed to help public sector system admins manage personal devices trying to access their networks.

A BYOD model is possible, although not recommended for a variety of technical and non-technical reason.

However, the advisory document seems to suggest BYOD is a trend the public sector is reluctantly having to accept.

"While enterprise ownership of a device makes many information security aspects much simpler, it is not a prerequisite of this guidance," the introductory guidance document states.

"What is necessary is that the device is placed under the management authority of the enterprise for the complete duration it is permitted to access official information.

"Hence, a BYOD model is possible, although not recommended for a variety of technical and non-technical reason," it adds.

Before devices can be used to access Government data, the document recommends a factory reset is carried out to ensure the device is in a healthy, clean state.

"The enterprise must take control of device management at the point of provisioning, ensuring that the device is placed into a known good' state prior to allowing access to official information," the document states.

"Limitations of current technology mean that a health check' or device status' check is not sufficient to verify known good' [because] malware can easily subvert such a check," it warns.

It also implores readers to carry out a pre-deployment BYOD pilot, and to establish a helpdesk facility that users can notify if their devices are lost or stolen.

In another guidance document, the organisation has also set out a series of draft security considerations for Government BYOD followers, which include recommendations about protecting device data, authenticating users, application white-listing and dealing with malware threats.

Meanwhile, the CESG has also published separate guides for the various operating systems it expects public sector employees to use, including iOS 6, Windows 7, Windows 8, Windows Phone 8, Windows Phone RT, Android 4.2, BlackBerry 10.1, Ubuntu 12.04, Apple OS X 10.8 and Google Chrome OS 26.

The documents are in beta form, and CESG has asked public sector employees for their feedback on the recommendations it makes.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.