Now that we have a common definition, let’s review the challenges that many CIOs are facing as they adopt an enterprise mobility strategy that adapts the security, management and support principles that apply to laptops to the more diverse world of wireless mobile devices.
Top Mobility Blunders
With a basic smart phone definition in place, let’s review the five most common mistakes many CIOs make as they implement an enterprise mobility strategy.
Mistake #1: IT secures all the laptops but ignores the smart phones.
Mistake #2: IT implements mobility without a policy or strategy.
Mistake #3: IT selects a single vendor to secure both their laptops and smart phones.
Mistake #4: Users replace their corporate-issued smart phone with the “latest and coolest” device.
Mistake #5: Users circumvent smart phone controls by hard resetting their devices.
Enterprise IT may be surprised by both the number and variety of mobile devices that are already connecting to the corporate network. Whether or not the device is owned by the enterprise, the IT staff is responsible for protecting the corporate information stored on the devices and for securing the device’s connectivity to enterprise applications.
Smart Ways to Avoid Blunders
So, now that we have reviewed the most common enterprise mobility mistakes, let’s review the top five ways to avoid them.
Mistake #1: IT Secures Laptops and Ignores Smart Phones.
Solution: IT can utilize a simple to install and operate, software-based solution to provide data protection on smart phones.
Mistake #2: IT Implements Mobility Without a Policy or Strategy.
Solution: Determine whether the company is allowing employees to use their devices and carrier of choice, or whether the company is issuing the devices. IT must decide what responsibility it has for the supervision of the communication to and from the mobile devices. Should voice and data be treated differently? Should Web browsing on a smart phone be logged differently from Web browsing on a laptop? IT must select an enterprise mobility solution that includes compliance-reporting capabilities that provide the IT staff with a snapshot of smart phone users who are accessing IT applications, including e-mail.
Once the IT staff has an idea of who is accessing the applications, then IT can formulate a policy that embodies a manageable device strategy and provides security measures to protect corporate information and IT assets. Along with compliance reporting, IT must be sure to select a solution that allows for compliance enforcement by the IT staff. This ensures that users adhere to the policy.
Mistake #3: IT Selects a Single Vendor to Secure Both Their Laptops and Smart Phones.
Solution: While laptops and smart phones make businesses run more effectively, a best-of-breed approach, in terms of security, should be selected over a single security vendor. This is because these devices are fundamentally very different and require specialization that a single vendor cannot supply. An enterprise mobility strategy for smart phones should address device loss, data leakage and compliance.
Mistake #4: Users Replace Their Corporate-Issued Smart Phone with the “Latest and Coolest” Device.
Solution: IT staff can detect non-compliant smart phones by using compliance reporting capabilities, and IT can prevent non-compliant users from accessing corporate resources and applications via compliance enforcement.
Mistake #5: Users Circumvent Smart Phone Controls by Hard Resetting Their Devices.
Solution: If a user chooses to circumvent the IT policy by buying a smart phone of their choice or by hard resetting a company-issued (or employee-owned device) to remove security software, then the IT staff should use the compliance-reporting and policy enforcement features of their chosen enterprise mobility solution to address the situation. Organizations that keep their users happy with transparent security and a wide selection of devices will enjoy a smoother migration to mobility.
Keys to an Effective Enterprise Mobility Strategy
Users have incredible selection today when choosing a smart phone, which fuels their desire to have the most popular device. This choice creates a challenge for the CIO and the IT staff to keep their users satisfied and happy – especially since choice creates a security nightmare for IT. Like laptop and desktop PCs, today’s smart phones are complex devices with multiple modes of communication, significant processing power and large storage capabilities. This by itself makes today’s smart phones subject to the same risks as enterprise laptops. However, smart phones have several characteristics that make them even more vulnerable than laptops.
Working closely with mobility vendors, IT can develop a framework for “user choice” that will help the CIO successfully balance users’ desire for the latest and greatest smart phone with the complexity of securing devices (which smart phone vendors are rapidly enhancing with new software and hardware features).
Once the decision of device choice has been addressed, enterprise IT should think big but start small. They should plan for an enterprise-wide mobility management system, but initially deploy only a single department or application. This gives IT the opportunity to incrementally refine its policies and processes, and scale the management systems.
By developing and implementing a mobility strategy, enterprise IT provides the business with a platform that enables departments and employees to do their jobs more easily. This can be accomplished while simultaneously maintaining the security and integrity of enterprise information, as well as the security and manageability of the corporate network.
Enterprise Mobility Management – Enabling the Transformation of the CIO
So, who is the benefactor of a successful enterprise mobility strategy? Every stakeholder is a winner. The CEO who just received the latest smart phone as a birthday gift benefits. The pharmaceutical sales rep who needs a device that can capture a doctor’s signature benefits. A field service engineer who needs a great Web browser for training and visuals is a winner. Also benefitting is the IT staff that has the reporting features to quickly see if there is a rogue device that needs to be addressed.
Both sides of the equation are winners. For end users, they get the freedom of device choice and carrier. For IT staff, they are fulfilling their mission of securing the corporate data while embracing diversity. In the end, a CIO should never be viewed as the person stifling innovation but rather, as a forward-thinking executive who is enabling the transformation of business.
David is a co-inventor on seven granted patents, and has published over 30 academic papers on topics including database technologies, cryptography, conditional access and computer security.
He has a Ph.D. in Computer Science from the University of Texas at Austin, and a B.S. in Computer Science with a second major in Mathematics from Wayne State University in Detroit. He can be reached at dgoldschlag@trustdigital.com.