ORLANDO, Fla. -- The state of California's staggering budget problems -- now an estimated $16 billion shortfall -- have put Chris Cruz, deputy director and chief information officer at the state's Department of Health Care Services (DHCS), in a tough situation. Because of the state's ongoing fiscal crisis, he, like other agency managers, last year was told to cut use of state-issued cellphones by 50% as a cost-saving measure. Cruz decided one way to hold down costs at DHCS, which was using BlackBerries, was to have agency employees use their own smartphones instead -- without any subsidy.
This bring-your-own-device (BYOD) strategy has been controversial, pitting him against the state employee unions which are fighting it since it effectively shifts device and service costs to employees who are not being given any stipend. Cruz acknowledges he also fights over BYOD with his information-security officer, who thought it too risky. But if tough times call for tough measures, Cruz is not backing down, and says his strategy to manage and secure the employee-owned smartphones is working.
"As a Gen X guy," said Cruz, who spoke about his BYOD strategy during this week's Gartner IT Infrastructure & Management Summit here, I was "looking at IT" not so much as a risk as an "opportunity." And that opportunity was a form of BYOD.
"We had 1,500 BlackBerries," said Cruz, and he had to meet the mandate set by the state last year to cut cellphone use by 50%. Each was costing $110 per month, he said, and "I wanted to get rid of them."
Instead, DHCS, the large California healthcare agency which supports Medicaid and Medicare services, wouldn't buy new smartphones, but ask employees to use their own smartphone for work purposes. The employee using their personally owned device for work data would have to agree to have the mobile device management (MDM) software that was selected, called Good Enterprise, installed on their mobile device so that DHCS would have the enforce policies and the ability to wipe it if it were lost or stolen. The Good Technology software creates an "unbreakable partition" between personal and business data, Cruz pointed out.
"DHCS mandated to have all mobile devices encrypted," Cruz said, adding encryption is something that's required and audited by the agency that's part of the U.S. Department of Health and Human Services, called the Centers for Medicare and Medicaid Services.
The information-security officer last year who initially objected to the BYOD idea, thinking it too risky, had his job changed so that he now reports directly to Cruz, who says he think the job of security staff is not to stop IT but to help mitigate risk.
But Cruz hasn't been able to fend off the objections of California's state-employee unions so easily -- they don't want DHCS employees to have to bring their own phones. It may be "we can't force rank-and-file employees to buy phones," Cruz acknowledges. Negotiations are ongoing, and it's not clear right now whether there will be a compromise or what it will be exactly.
Because of ongoing negotiations with the unions over this, the DHCS BYOD plan isn't being made "mandatory" and is considered "voluntary" at this point, Cruz explained. But some users are getting on board, and the department reckons it's eliminated about $400,000 in costs.
"My goal is to eliminate mobile laptops over time," says Cruz, saying he expects to save about $1.6 million "by not refreshing laptops." Instead, the Good Technology software might be loaded onto tablets like iPads. DHCS is also looking at using the Citrix XenDesktop virtualization technology as well.
The idea is to allow workers more freedom to work from home if they use their own equipment. The department did look at providing stipends for employees, but decided "that contradicted the idea of saving money for the state," said Cruz. Other state CIOs, he acknowledges, weren't too keen on his agency's BYOD plan at the beginning, but criticism may be softening. In fact, says Cruz, DHCS won one of the "Best of California Technology Awards" last week for "Best Mobile/Wireless Project" from the Center for Digital Government.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.
Read more about anti-malware in Network World's Anti-malware section.