Policies for mobile computing

Given that information is the lifeblood of most modern enterprises, that mobile computing allows information and IT resources to roam essentially at will, and that the threats to both security and -- equally important -- the very integrity of enterprise IT is at stake, policies for mobile computing are essential – again, no matter what the size or mission of the organization.

As I noted in my last column on this subject (Secure your corporate data with acceptable use policies), there are two cornerstones to an effective mobile computing policy. The first of these is an Acceptable Use Policy, which defines ownership of the computer and any data stored on it; what personal customization is allowed; what networks can be connected to; and how training, support, repairs and help desk are implemented. The second is a Security Policy, which, of course, extends far beyond mobile computing security alone. The key here is to understand what data is sensitive -- all enterprise data should be, by default -- and how it is to be protected. My general strategy is the encryption of data wherever it is stored, be that on a server or on a mobile device of any form, and the use of virtual private networks (VPNs) to secure the link between endpoints. I also think that two-factor authentication, al...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Management Mobile device management strategy for diverse mobile devices Mobile device management checklist Future proofing mobile device management Managing mobile device diversity Your mobile strategy is always a moving target Mobile device management: What can it do for your organization? Mobile device governance Mobile worker strategies Mobile user management: Mobile employees and team-building Mobile user management: Managerial styles Mobile Policies Mobile device management strategy for diverse mobile devices Mobile device management checklist Future proofing mobile device management Managing mobile device diversity Ensuring mobile data protection for smartphones is critical Mobile device management: What can it do for your organization? Mobile device governance Employees using their own mobile devices are a growing challenge Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Managing Mobile Users Mobile device management strategy for diverse mobile devices Employees using their own mobile devices are a growing challenge Hospital chain boosts indoor cellular with distributed antenna system DiVitas adds mobile unified communications to its FMC client iPhone Help: Troubleshooting the top five enterprise problems Mobility support and strategy are finally priorities in 2008 User experience, not hardware, is the problem Latest Zenprise offering helps automate BlackBerry support Managing mobile workers Mobile worker strategies

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary enterprise-mobile integration  (SearchMobileComputing.com) Galileo  (SearchMobileComputing.com) geolocation  (SearchMobileComputing.com) GPS messaging  (SearchMobileComputing.com) Microsoft System Center Mobile Device Manager (MSCMDM)  (SearchMobileComputing.com) mobile VPN  (SearchMobileComputing.com) Mobitex  (SearchMobileComputing.com) push voice  (SearchMobileComputing.com) roaming service  (SearchMobileComputing.com) telecommuting  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

so known as "something you have plus something you know," should be a core requirement in any enterprise setting.

But perhaps we should back up just a little bit here. I think one of the big problems is that we still think of the PC as just that – a personal computer, when in fact that's really no longer the case. We need to change our thinking from PC as computer to PC as information portal, an integral component of an enterprise's overall IT infrastructure.

The problem, though, is that most users do think of their PC as their computer and see nothing wrong with configuring it to meet their needs – including the loading (often unintentionally) of all kinds of applications that might even be harmful to a corporate IT infrastructure. Short of locking down the PC (no Administrator rights for you!) -- which won't work, of course, because of the need for authorized updates to antivirus and other software -- the only way to deal with this problem is via policies. Policies, after all, define acceptable and unacceptable behaviors, and it's therefore critical that written IT policies be present in any organization. It's also critical that these policies have teeth so that everyone gets the message that failure to comply has real consequences.

Over the longer term, I think the nature of mobile computing will change to the point where we will no longer carry typical computers. Rather, we'll have thin clients that act as interfaces to corporate IT. This will eliminate most of the concerns about compromised data, corrupted Windows configurations, viruses, and the myriad other threats that we spend so much time worrying about today. Of course, the key to this vision is essentially ubiquitous broadband wireless access – and we're well on the way to that today.

About the author: Craig Mathias is a principal with Farpoint Group, an advisory firm based in Ashland, Mass., specializing in wireless networking and mobile computing. The firm works with manufacturers, enterprises, carriers, government, and the financial community on all aspects of wireless and mobile. He can be reached at craig@farpointgroup.com.

Rate this Tip To rate tips, you must be a member of SearchMobileComputing.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.