Today's CIOs have the opportunity to be the enablers of innovative mobile computing. But, faced with the challenges of the diverse world of wireless mobile devices, CIOs are more commonly viewed as stifling innovation. In this article, Knowledge Center contributor David Goldschlag reviews their top mobility blunders and smart tips to avoid them, along with ways to roll out an effective enterprise mobility strategy.
Let's assume that today's CIOs, along with their IT staff, are not viewing smart phones as just another "cell phone" that has little more capabilities than voice calling and texting. For the purpose of this article, let's use the following general definition of a smart phone: a portable, cordless telephone for use in a cellular system offering advanced capabilities with PC-like functionality. Smart phones use an identifiable operating system (such as Microsoft, Palm, Symbian, Apple or BlackBerry), and have the ability to add applications developed by the device manufacturer, a network provider or by any other third-party software developer.
Now that we have a common definition, let's review the challenges that many CIOs are facing as they adopt an enterprise mobility strategy that adapts the security, management and support principles that apply to laptops to the more diverse world of wireless mobile devices.
Top Mobility Blunders
With a basic smart phone definition in place, let's review the five most common mistakes many CIOs make as they implement an enterprise mobility strategy.
Mistake #1: IT secures all the laptops but ignores the smart phones.
Mistake #2: IT implements mobility without a policy or strategy.
Mistake #3: IT selects a single vendor to secure both their laptops and smart phones.
Mistake #4: Users replace their corporate-issued smart phone with the "latest and coolest" device.
Mistake #5: Users circumvent smart phone controls by hard resetting their devices.
Enterprise IT may be surprised by both the number and variety of mobile devices that are already connecting to the corporate network. Whether or not the device is owned by the enterprise, the IT staff is responsible for protecting the corporate information stored on the devices and for securing the device's connectivity to enterprise applications.
Smart Ways to Avoid Blunders
So, now that we have reviewed the most common enterprise mobility mistakes, let's review the top five ways to avoid them.
Mistake #1: IT Secures Laptops and Ignores Smart Phones.
Solution: IT can utilize a simple to install and operate, software-based solution to provide data protection on smart phones.
Mistake #2: IT Implements Mobility Without a Policy or Strategy.
Solution: Determine whether the company is allowing employees to use their devices and carrier of choice, or whether the company is issuing the devices. IT must decide what responsibility it has for the supervision of the communication to and from the mobile devices. Should voice and data be treated differently? Should Web browsing on a smart phone be logged differently from Web browsing on a laptop? IT must select an enterprise mobility solution that includes compliance-reporting capabilities that provide the IT staff with a snapshot of smart phone users who are accessing IT applications, including e-mail.
Once the IT staff has an idea of who is accessing the applications, then IT can formulate a policy that embodies a manageable device strategy and provides security measures to protect corporate information and IT assets. Along with compliance reporting, IT must be sure to select a solution that allows for compliance enforcement by the IT staff. This ensures that users adhere to the policy.
Mistake #3: IT Selects a Single Vendor to Secure Both Their Laptops and Smart Phones.
Solution: While laptops and smart phones make businesses run more effectively, a best-of-breed approach, in terms of security, should be selected over a single security vendor. This is because these devices are fundamentally very different and require specialization that a single vendor cannot supply. An enterprise mobility strategy for smart phones should address device loss, data leakage and compliance.
Mistake #4: Users Replace Their Corporate-Issued Smart Phone with the "Latest and Coolest" Device.
Solution: IT staff can detect non-compliant smart phones by using compliance reporting capabilities, and IT can prevent non-compliant users from accessing corporate resources and applications via compliance enforcement.
Mistake #5: Users Circumvent Smart Phone Controls by Hard Resetting Their Devices.
Solution: If a user chooses to circumvent the IT policy by buying a smart phone of their choice or by hard resetting a company-issued (or employee-owned device) to remove security software, then the IT staff should use the compliance-reporting and policy enforcement features of their chosen enterprise mobility solution to address the situation. Organizations that keep their users happy with transparent security and a wide selection of devices will enjoy a smoother migration to mobility.
Keys to an Effective Enterprise Mobility Strategy
Users have incredible selection today when choosing a smart phone, which fuels their desire to have the most popular device. This choice creates a challenge for the CIO and the IT staff to keep their users satisfied and happy - especially since choice creates a security nightmare for IT. Like laptop and desktop PCs, today's smart phones are complex devices with multiple modes of communication, significant processing power and large storage capabilities. This by itself makes today's smart phones subject to the same risks as enterprise laptops. However, smart phones have several characteristics that make them even more vulnerable than laptops.
Working closely with mobility vendors, IT can develop a framework for "user choice" that will help the CIO successfully balance users' desire for the latest and greatest smart phone with the complexity of securing devices (which smart phone vendors are rapidly enhancing with new software and hardware features).
Once the decision of device choice has been addressed, enterprise IT should think big but start small. They should plan for an enterprise-wide mobility management system, but initially deploy only a single department or application. This gives IT the opportunity to incrementally refine its policies and processes, and scale the management systems.
By developing and implementing a mobility strategy, enterprise IT provides the business with a platform that enables departments and employees to do their jobs more easily. This can be accomplished while simultaneously maintaining the security and integrity of enterprise information, as well as the security and manageability of the corporate network.
Enterprise Mobility Management - Enabling the Transformation of the CIO
So, who is the benefactor of a successful enterprise mobility strategy? Every stakeholder is a winner. The CEO who just received the latest smart phone as a birthday gift benefits. The pharmaceutical sales rep who needs a device that can capture a doctor's signature benefits. A field service engineer who needs a great Web browser for training and visuals is a winner. Also benefitting is the IT staff that has the reporting features to quickly see if there is a rogue device that needs to be addressed.
Both sides of the equation are winners. For end users, they get the freedom of device choice and carrier. For IT staff, they are fulfilling their mission of securing the corporate data while embracing diversity. In the end, a CIO should never be viewed as the person stifling innovation but rather, as a forward-thinking executive who is enabling the transformation of business.
Dr. David Goldschlag is Executive Vice President of Operations and Chief Technology Officer at Trust Digital, with responsibility for the company's Intellectual Property, Engineering and Product organizations. David has over 20 years experience creating and selling innovative technology in start-up, commercial, government and academic environments. David has held senior management roles at Trusted Edge (information retention at the desktop), USinternetworking (the first application service provider) and Divx (the first limited license digital media), as well as positions at the National Security Agency and the U.S. Naval Research Laboratory (anonymous communications through Onion Routing).
David is a co-inventor on seven granted patents, and has published over 30 academic papers on topics including database technologies, cryptography, conditional access and computer security.
He has a Ph.D. in Computer Science from the University of Texas at Austin, and a B.S. in Computer Science with a second major in Mathematics from Wayne State University in Detroit. He can be reached at firstname.lastname@example.org.