Enterprises are continuing to transition to mobile device programs, but most of them only have a vague concept of how to plan and execute a successful mobility policy.
Where should organizations start for a comprehensive corporate mobility policy? As the old adage goes, sometimes you don’t know what you don’t know. The good news is that enough companies have now gone mobile that the IT community has picked up on several frameworks for executing a successful mobility policy -- one that lays out security and support regulations for employees so everyone knows what’s expected.
Newcomers should consider the following suggestions as you enter the mobility decision-making process:
Create a mobility team. A lot of companies make the mistake of not devoting enough human capital to prepare for, and oversee, the changeover to a mobile workforce. Formalize a group that will coordinate the creation and enforcement of a corporate mobility policy and overall enterprise mobile strategy. This group should include company executives and IT leadership, but also representatives from the business, legal, human resources, sourcing/procurement and operations departments.
Standardize devices. Not only should enterprise mobility policies provide guidance for hardware and mobile operating systems, but they should also specify who will be liable for device misuse and potential loss. This includes corporate-owned and employee-owned devices under bring your own device. Don't forget financial factors such as telecommunications costs, mobility management service fees, data plan costs and employee reimbursements for using personal devices for corporate activities.
Specify authorized users. Determine who in your company may have mobile access to enterprise networks and which networks and systems will be securely exposed. Plenty of enterprises conclude that not everyone should be given full mobile capabilities, or even any. So, the organization must provide a detailed mobile access plan to determine who has access to what, when and where.
Classify data. Similar to the last point, not every network drive or SharePoint team site is appropriate for universal access. Data security is paramount, and companies need an information architecture strategy to detail which content repositories will be allowed and to whom.
Set access privileges. Consider how you are currently managing employee access and privileges. Most mobile products are only as reliable as the access controls Active Directory provides. IT departments need to keep Active Directory and other controls up to date with evolving mobile best practices.
Set acceptable-use policies. Let’s be clear about this: The standards for "appropriate use" of a mobile device shouldn't be the same as those for on-premises PCs. The frontier for endpoint security and data loss prevention is pushed out with mobile devices, and employees don’t always know that what’s acceptable on their office PC might not be appropriate on a mobile device. Avoid vague guidelines, which can mislead employees or leave organizations liable for data security breaches.
Use MDM for mobile security. Your choice of a mobile device management (MDM) product affects enterprise security and IT management of mobile devices, network access and data. MDM is directly linked to the success of a mobility strategy and the protection of company data. Take all the time you need to research and find the right MDM service for you, and only choose from proven vendors. Outline this management plan in your mobility policy to ensure that workers know how their device may or may not be affected by IT’s software.
Mobile initiatives require maintenance and frequent attention to the changing dynamics of endpoint management, but starting off on the right foot can be just as important. By including the above guidelines in your mobility policy, your enterprise can minimize potential complications of transitioning to a mobile-friendly work environment.
Preparing for the risks and demands of going mobile
How to reimburse BYOD users
Data-protection policy for BYOD devices
Dig Deeper on Enterprise mobility strategy and policy
Related Q&A from Bryan Barringer
Only some organizations have the means to develop in-house mobile applications, so IT often has to make the most of the third-party options available. Continue Reading