Mobile device governance

Wasteful spending, weak security and lax usage policies often characterize enterprise mobile device governance (i.e., the people, processes and policies used to manage mobility). This article reviews common mobile device governance issues and provides practical recommendations.

Impact of poor mobile device governance
Mobile devices and services continue to be a rapidly growing component of enterprise budgets, yet many enterprises have no coordinated approach to mobile expense management. Oftentimes, enterprises do not analyze how actual usage compares with mobile service contracts and therefore fail to make cost saving adjustments. Expense management becomes increasingly important as more enterprises allow employees to submit their expenses for personally owned mobile devices. Many enterprises do not have visibility into whether or not an employee is spending company money on personal calls, a...

RELATED CONTENT Mobile Policies Mobile device management strategy for diverse mobile devices Mobile device management checklist Future proofing mobile device management Managing mobile device diversity Ensuring mobile data protection for smartphones is critical Mobile device management: What can it do for your organization? Employees using their own mobile devices are a growing challenge Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Mobile security policies Mobile Basics CDMA technology CDMA2000: A 3G mobile technology Femtocell solutions: Key questions to ask before you invest An introduction to Android for mobile application development Mobility: Past, present and future Rugged mobile devices must be more than durable in harsh environments As SaaS takes off, mobile browsers start to matter more iPhone Help: Troubleshooting the top five enterprise problems Mobile phone beats out smartphone as device of choice Mobile data services -- getting connected Smartphones and Mobile Phones The best Palm Pre accessories: Add-ons, batteries, chargers and more Smartphone insecurity: There's a smartphone app for that Choosing personal mobile devices in a diverse mobile world CDMA2000: A 3G mobile technology An introduction to Android for mobile application development Can the smartphone replace the laptop? Untethering the smartphone with an enterprise application store iPhone hacking: Lessons from the front line Trends in mobile computing Unboxing T-Mobile's G1, the first Google phone

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11n  (SearchMobileComputing.com) American Radio Relay League  (SearchMobileComputing.com) digital audio broadcasting  (SearchMobileComputing.com) enterprise-mobile integration  (SearchMobileComputing.com) Extensible Authentication Protocol  (SearchMobileComputing.com) fixed-mobile convergence  (SearchMobileComputing.com) Short Message Service  (SearchMobileComputing.com) TKIP  (SearchMobileComputing.com) wireless LAN  (SearchMobileComputing.com) wireless router  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

pplication downloads or ringtones. Some enterprises with mobile service contracts have discovered that operators may continue to bill the enterprise even after an employee has left the company!

The use of mobile devices exposes the enterprise to security threats such as device loss or theft, data leakage and malware attacks. The high value of smartphones makes them perfect targets for thieves. In addition, the small size of mobile phones makes it easy for them to slip out of a pocket or purse. Employees often "leak" sensitive information from a phone to a PC or secure digital card. Finally, growing processing power, storage capacity and broadband speed make the smartphone an easier malware target.

Personal use policies on mobile devices can vary widely. Some enterprises prohibit personal calls, forcing employees to carry two phones, one for business use and one for personal use. Others allow personal phone calls only if employees do not exceed their minutes-of-use plan limit. Some enterprises have a no-text-messaging policy, although it is unclear how they would enforce it. Similarly, policies on mobile device ownership vary widely. Many enterprises approve the use of company-owned mobile devices only; others allow personally owned devices.

Recommendations for mobile device governance
Enterprises can improve mobile device governance and thereby reduce costs, increase security and improve use policies by considering the following recommendations.

• Embrace mobility as a strategic initiative. Enterprises often mange mobility in an ad hoc, department-by-department fashion, in much the same way that LAN technology was deployed in the mid-1980s. Enterprises would be much better served if they were to approach mobile device governance with the same discipline with which they approach their financial governance.
• Consider using ITIL. The Information Technology Infrastructure Library (ITIL) is a widely adopted framework for IT service management and provides a broad set of organizational best practices that enterprises can adapt to their environment. Some enterprises are using ITIL to help them improve their mobile device governance.
• Consistently adhere to security best practices. Many enterprises ignore well-established security best practices. For instance, they often require disk encryption on laptops but not on mobile devices. In addition, some enterprises still use the insecure Wired Equivalent Privacy (WEP) wireless LAN (WLAN) security protocol on Wi-Fi enabled smartphones. Such approaches can result in security breaches and may increase legal liability.
• Rethink your mobile use policies and then enforce them. Enterprises often create use policies that are inconsistently enforced. For example, many IT managers state that their official policy is to deny Apple iPhone access to the enterprise network, but they often violate this policy for privileged staff. This behavior weakens the policy and encourages other employees to demand policy exceptions.
• Limit and secure sensitive data on personal mobile devices. Consumer technology will continue to creep into enterprise facilities. This trend will accelerate the merging of personal and enterprise data on ever more powerful personal devices. Enterprises must carefully evaluate their risk tolerance for each consumer device under consideration and then learn how to limit and secure the personal devices that are allowed access to sensitive information. Refer to this SearchMobileComputing.com article on mobile security and management for useful suggestions.
• Consider using products and services that can improve mobility governance. New products and services can help improve mobility governance. For instance, Visage Mobile's Software as a Service (SaaS) product enables enterprises to manage wireless inventory, reduce overspending and demonstrate compliance with mobility policies. In addition, companies like ProfitLine provide consulting services that help enterprises manage many aspects of mobile management, such as invoice management, device management and rate plan optimization.

Enterprise mobility is at a crossroads. Many enterprises are proceeding down a risky path because of their poor mobile device governance. Enterprises should set a new course that emphasizes mobility as a strategic initiative in order to reduce wasteful spending, improve weak security and strengthen use policies.

About the author: Paul DeBeasi is a senior analyst at the Burton Group and has more than 25 years of experience in the networking industry. Before joining the Burton Group, Paul founded ClearChoice Advisors, a wireless consulting firm, and was the VP of product marketing at Legra Systems, a wireless-switch innovator. Prior to Legra, he was the VP of product marketing at startups IPHighway and ONEX Communications and was also the frame relay product line manager for Cascade Communications. Paul began his career developing networking systems as a senior engineer at Bell Laboratories, Prime Computer and Chipcom Corp. He holds a BS in systems engineering from Boston University and a master of engineering degree in electrical engineering from Cornell University. Paul is a well-known conference speaker and has spoken at many events, among them Interop, Next Generation Networks, Wi-Fi Planet and Internet Telephony.