Revisiting mobile policy in the enterprise

If you haven't revisited your mobile policy lately you could be putting your organization at risk. And if you don't think you need one because you don't use mobile technologies you need to think again! After one material breach, one significant event, or even one critical failure, the damage could be staggering. This column by Michael Voellinger looks at why policies are vital and offers some key focus areas for your mobile policy.

by Michael Voellinger

For most large organizations, wireless policy remains a gap in the device, end-user, and business-continuity lifecycle. The press has highlighted some recent examples of lost and stolen devices containing sensitive, personal information. We see this trend increasing, as "smart" device penetrations continue to rise. Policy has always been a challenge, for many reasons. These include the personal nature of the device, employee expense versus corporate asset, privacy issues, technology changes and, most important, a fragmented marketplace with an inconsistent experience. These barriers to a uniform wireless policy are now compounded by the requirements of legislation such as Sarbanes-Oxley (SOX), GLB and HIPAA, as well as other regulatory environments. The need for policy is clear: All enterprise organizations need to mitigate risk, exposure and expense related to this technology and device set. The reality of policy is also clear: It is a process that can prove cumbersome for resources, generate the need for very specific intellectual property, and cause political and cultural philosophies within an organization to move front and center on the decision table.

It is important to note that even with political and cultural pushback the need for policy, in light of the business risk, is an easy calculation. After one material breach, one significant event, or even one critical failure, the damage could be staggering. It could be lost business, litigation or regulatory scrutiny. In any example, the damage to the business is immense and must be addressed quickly. Think for a moment about the type of information available on your own device and what jeopardy that information would be in if the device were stolen or lost. Would you be comfortable with a stranger or perhaps even a competitor reviewing that information? Would it represent a problem for you, a client or other employees?

Publicly traded organizations and those held to strict regulatory requirements are quickly realizing the implications of wireless risks for the bottom line. Mobility is often overlooked or seen as a side issue that is not material to financial results, but personnel reliant on wireless devices to generate revenue have enlightened many companies to this correlation. A great example of this is shown in SOX compliance efforts. SOX compliance demands greater attention to transparency and, in the process, exposes the risk mitigation and acknowledgment of weakness. In the example below, you can see (noted in red) where mobility relates to a compliance effort:



Where compliance-related impacts are concerned, the critical evaluations include the revenue stream and business continuity. For example, organizations with a significant field sales force that utilize the devices for order placement, back office integration, or other revenue-impacting functions are tied directly to revenue-impacting applications and infrastructure. If a device is lost or stolen and not immediately shut down, there is an opportunity for less than favorable activity. Make no mistake: This is a material weakness, risk and exposure.

Key focus areas for the enterprise and global markets

  • Recognize the risks. You cannot afford to delay or ignore wireless policy.

  • Nearly every policy effort results in scrutiny of the business process and wireless lifecycle and often yields wonderful opportunities to reduce costs, increase productivity and secure the business.

  • Policy can assist in setting a tone from the top for risk mitigation and transparency. This is a very critical cultural issue for public organizations and those contractually involved with them.

  • Wireless policy can set the stage for globalization of your wireless assets. The marketplace continues to move in this direction, and a solid framework of policy language and user experience expectations will assist organizations in embracing a global wireless community.

About the author: Michael Voellinger is the Vice President and practice leader for Enterprise Mobility within Telwares, a division of Vercuity. He orchestrates the sale and delivery of engagements within these practice areas, focused on Telwares' premiere list of clients within the Fortune 500. He has a deep understanding of key supplier business models, and maintains relationships within the supplier organizations.

Michael brings more than a decade of experience specializing in security risk mitigation, regulatory compliance and mobile technology to his role as the primary spokesperson for Telwares' customer education and mobile strategies. A highly sought after analyst, Michael is widely respected as one of the nation's top wireless strategist and considered to be a thought leader in mobile communications. His analysis is continually sought out by leading corporations, government, financial institutions and his appearances have shown up in The Wall Street Journal, New York Times, Investors Business Daily, CIO Magazine, Smartmoney.com, Dow Jones Newswire, CNN Money, as well as numerous security and industry publications.

This was first published in September 2006

Dig deeper on Mobile Policies

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchConsumerization

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close