The state of California's staggering budget problems -- now an estimated $16 billion shortfall -- have put Chris Cruz, deputy director and chief information officer at the state's Department of Health Care Services (DHCS), in a tough situation. Because of the state's ongoing fiscal crisis, he, like other agency managers, last year was told to cut use of state-issued cellphones by 50 percent as a cost-saving measure. Cruz decided one way to hold down costs at DHCS, which was using BlackBerries, was to have agency employees use their own smartphones instead -- without any subsidy.
This bring-your-own-device (BYOD) strategy has been controversial, pitting him against the state employee unions which are fighting it since it effectively shifts device and service costs to employees who are not being given any stipend. Cruz acknowledges he also fights over BYOD with his information-security officer, who thought it too risky. But if tough times call for tough measures, Cruz is not backing down, and says his strategy to manage and secure the employee-owned smartphones is working.
[ InfoWorld's Galen Gruman tells you how to turn an iPhone into a BlackBerry. | Understand how to both manage and benefit from the consumerization of IT with InfoWorld's "Consumerization Digital Spotlight" PDF special report. | Subscribe to InfoWorld's Consumerization of IT newsletter today. ]
"As a Gen X guy," said Cruz, who spoke about his BYOD strategy during this week's Gartner IT Infrastructure & Management Summit in Orlando, I was "looking at IT" not so much as a risk as an "opportunity." And that opportunity was a form of BYOD.
"We had 1,500 BlackBerries," said Cruz, and he had to meet the mandate set by the state last year to cut cellphone use by 50 percent. Each was costing $110 per month, he said, and "I wanted to get rid of them."
Instead, DHCS, the large California healthcare agency which supports Medicaid and Medicare services, wouldn't buy new smartphones, but ask employees to use their own smartphone for work purposes. The employee using their personally owned device for work data would have to agree to have the mobile device management (MDM) software that was selected, called Good Enterprise, installed on their mobile device so that DHCS would have the enforce policies and the ability to wipe it if it were lost or stolen. The Good Technology software creates an "unbreakable partition" between personal and business data, Cruz pointed out.
"DHCS mandated to have all mobile devices encrypted," Cruz said, adding encryption is something that's required and audited by the agency that's part of the U.S. Department of Health and Human Services, called the Centers for Medicare and Medicaid Services.
The information-security officer last year who initially objected to the BYOD idea, thinking it too risky, had his job changed so that he now reports directly to Cruz, who says he think the job of security staff is not to stop IT but to help mitigate risk.