Top 10 BYOD And Dev Lessons From ATO And Defence

Setting bring-your-own-device (BYOD) policies and working out app development priorities is a challenge for any organisation, but the issues are magnified in the highly-scrutinised environment of major government entities. Here are the lessons that the Australian Taxation Office (ATO) and the Department of Defence have learned during their mobile app and device rollouts.

Picture: Getty Images

Bill Gibson, CIO for the ATO and Matt Yannopolous, CTO for Defence, both took part in a panel discussion about the use of mobile technology in government at the Technology in Government Summit hosted by ACE Events in Canberra today. Both organisations are experimenting with how to enable mobile devices for employees and how to deliver better services through apps. Despite very different use cases, some clear common principles emerge.

Don’t think of mobility as a separate project

Asked how important mobility was within the ATO, Gibson said that thinking of it as having a particular priority wasn’t helpful. “The conundrum for me is there are so many priority one projects and they’re all really worthy,” he said. “I have a program of work that in the midst of it, as part of that, mobility is clearly there. It is definitely on our agenda and we are making it very visible.”

“We’re piloting quite a number of things in the mobile domain. We have launched mobile apps; we have restructured our web site so that it’s mobile-aware and will reformat to fit the screen size.”

Consider dual networks for ease of access

Many workplaces block access to social networking and other potentially contentious sites via their own networks. The ATO clearly needs to protect taxpayer data, but also recognised that staff often had a legitimate need to access those services. The solution? “We’re about to have a public Wi-Fi presence within the ATO, so people can bring their own equipment and access social media sites in a protected environment,” Gibson said.

Defence has similar requirements. “What we hope to do is to take apps from a broader ecosystem and bring those inside our firewall,” Yannopolous said. “We see a lot of apps out there in the cloud but they’re not accessible inside the Defence network.”

“We have a couple of pilots. Our groups of services can buy these devices and we will offer them choices. They will be able to access the internet on networks we provided but it will be an unclassified device.”

Realise your strategy may evolve unexpectedly

“About three years ago I pushed forward and said we should be able to BYOD, particularly for our young Defence workers,” Yannopolous. “Many of them don’t have easy access otherwise on some of our bases. BYOD quite rapidly turned into a different construct: we would buy the device for them. That was clearly not what was intended originally.”

Solve mobility with APIs, not apps

While pressure can be strong to build specific apps (the push for a Mac version of e-Tax being one obvious example), ultimately offering access to core services which can be exploited by other developers makes sense. “We are looking to work with industry and intermediaries to define the web services that ATO should be delivering,” Gibson said.

“I think that five years from now the Tax Office will a big information source for many others to consume. We collect a lot of information in order to understand people’s tax situation. It’s not too far to take it forward and say as long as you can overcome privacy issues, why can’t you make that information more broadly available? If we can be comfortable we have a credential of integrity, we can match it to appropriate data and transactions.”

Defence is also considering a similar project. “What we will do later this year is open up a number of data sets so that industry can develop apps for the unclassified world as well as our internal network,” Yannopolous said.

Don’t become obsessed with standards

While standardisation ensures interoperability, its importance on new development projects can be overstated, Gibson suggested:

There are some core things that I hold very fiercely in terms of APIs and standards around web service definitions. Outside of that environment and that particular domain, I think it’s really difficult to say there shall be standards, because things are moving so quickly. We are really at an inflection point in terms of the alignment of what the technologies can do and how we then consume that. To impose standards around the periphery of that would be counter-productive. At the core of our processing, we’re precise about what’s needed there, and then we can let others consume services.

The business case may not be financial

Especially in the security arena, justifying an infrastructure may not be purely a matter of dollars and cents. “The CFO has a view that I should have a strong business case,” Yannopolous said. “My view is that it’s happening anyway and me being able to provide a secure internet feed is the right security posture to take.”

That becomes more difficult as the range of devices expands. “One of the challenges, if you’re a cross-platform organisation, is making sure that your data is secure at all times across those platforms.”

Don’t lock into a single platform

Building purely for one device isn’t a valid strategy for organisations at this scale. “I do not want to be locked into a proprietary solution,” Gibson said. “Our first toe in the water is that everything is HTML5 and we’re just wrapping it so we can deliver it to a wide range of devices.”

“As to how we can deliver transactional access and native apps, we are looking at what we call ‘natural’ systems,” Gibson said. These are essentially apps already being used for work purposes, such as email or accounting systems. “We’re thinking about how we would support and interact with that.”

“We already use software developers to build into the systems that some of our stakeholders use. When a tax agent is doing something, they are actually going back into the ATO. That’s transparent; the user doesn’t see that. You take that principle and it can apply much more broadly. The actual form factor is a mere detail. The technologies that do that translation for you are getting so capable now that I don’t need to worry about that.”

Use mobility to change your dev approach

“I see mobile as being a way to disrupt the traditional way we develop apps,” Yannopolous. “Our IT organisation needs to be a two-speed shop.”

Complex back-end systems still require detailed planning and a long rollout schedules. “I don’t see a way out of that. But if we can master the services those big apps provide and get control of our data, then we can make that available to the app developer ecosystem and that can be fast. They can be small task-based apps that provide a lot of value. ”

There is no single solution

It isn’t a question of apps or web sites or desktop software; all have a role to play in the mobile world. “Mobile and web browsers will coexist; I don’t think one will dominate over the other,” Gibson said. “In my workspace, there are some things I just can’t see us doing on a mobile device.”

Realise that not every project will work

Perfection is a ridiculous goal; trying new approaches means making mistakes and recognising needs may change. Some solutions that work well in one area won’t translate into others, as Defence discovered with desktop virtualisation for mobile devices. “That was OK on an iPad but fairly useless on other devices.”

Accepting that some projects won’t get off the ground needs to happen up front. “For us it’s going to be another 6-12 months before this settles, and there’s no doubt we’ll make some false starts,” Gibson said.