Mobility Strategy that WorksNovember 28, 2012 No Comments
Featured article by Troy Fulton, Director, Product Marketing, Tangoe, Inc.
Executives and IT departments tend to agree that mobile devices are a strategic tool in the workplace. Unfortunately, too often the strategy for mobile policies beyond basic configuration is deferred to “we’ll get to that later.” Mobile policies protect the company, the mobile device, data on the device, enterprise network resources, and the employee. Unfortunately, many companies lack an enterprise-wide mobile strategy, an oversight that can expose the company to security threats including those from well intentioned employees trying to get their work done.
There are many considerations to be made when creating a mobile policy and companies need to be proactive. To start, what types of devices will have access to the enterprise and company data? If you choose a BYOD program, those devices should have limited trust for applications, data, and network access, and limited—if any—help desk support. For BYOD especially, enterprises should define the boundaries of liability for themselves. For instance, what are the policies for personal web usage that the enterprise might consider to be non-compliant on a corporate liable device? How do you protect personal information but control enterprise data and all applications? Not sure? Consider device containerization that provides a corporate persona within a secure container and is tightly integrated with the MDM Admin console for consistent policy deployment and enforcement across your device fleet and liability models.
What about tracking location or device usage such as data? Some MDM tools can disable tracking these device statistics based on liability model, employee group, or by geography to comply with local or federal laws. What about support? For BYOD, consider a self-service portal for employee device configuration, access to approved applications, and typical Tier 1 help issues. .
Other BYOD considerations include reimbursement. If the enterprise chooses to set a ceiling of, say $50 per month, make sure that the expense is optimized based on your volume carrier plan, and do not pay individual consumer rates.
Mobile device policies need to be updated regularly, and employees need to be made aware of the policies. When an employee begins the device provisioning process, your MDM self-service portal should present the IT approved devices and carriers respective to the person making the request, and require the employee to choose IL or CL with the terms and conditions for both presented in laymen’s terms. Upon completion, the employee receives a confirmation email with the terms and conditions respective to liability.
The lack of formal mobility strategy creates security risks. While malware is always a threat, the after risk is an unmanaged personal device with access to email. This is why you need to enforce encryption polices, application or device containers, deploy applications that leverage the data protection APIs in iOS and Android, and enforce policies with the ability to block device access to Exchange, your enterprise app portal, or any network access point into your environment if the device is not compliant. For expenses you can, and should, be tracking voice, data, and SMS usage via a thick-client in real-time against carrier plans. Why? Short answer: data throughput continues to climb steeply as applications evolve in their capabilities and cellular connectivity speeds become ever faster. Longer answer: Most applications utilize a thin-client on the device communicating with the app and data in a SaaS environment to achieve cost efficiencies for app lifecycle management.
Do not permit mobility to happen “to you”
If you are not defining policy in all aspects of device usage, your employees have already done so. The lifecycle of new mobile devices is a short 12-18 months. Devices and apps will come and go with increasing frequency. If there are no specific controls to protect your data native to the device, you can bet there is risk and you need a security strategy. Make sure your mobile strategy is sustainable across the lifecycle of the device and its applications. A lifecycle strategy approach creates sustainability. To achieve that you need buy-in from business leaders so that your mobile strategy becomes “theirs” and supports their unique requirements. In exchange for your IT team’s guidance and management, consider amortizing the cost for MDM across the stakeholders. It will ensure focus, efficiency, and governance.
Last point: PCs and client/server architectures were born from several generations of “need to know” computing that was done in relative isolation. Mobility supports a pervasive “need to share” individualized experience that includes data and communication in real-time across many people and groups. Make sure the sharing is within your policies to protect your people and your business.
Troy Fulton is Director of Product Marketing at Tangoe, a global provider of Communications Lifecycle Management (CLM) software and related services to a wide range of global enterprises. He is responsible for guiding product concepts and leading the strategy and execution efforts to deliver seamless mobile solutions to enterprise customers. Fulton has more than 25 years of experience in the enterprise technology industry and nearly 10 years of experience in senior management positions with mobile companies, such as Nokia and Motorola Mobility. Troy has launched enterprise solutions on a global level and led the creation of user experiences and product requirements for apps, user interfaces, security, video and hardware/software on tablets and smartphones.
Troy has been invited to speak on leadership and mobility to MBA students at Mason School of Business at William and Mary and has also been a guest instructor for MBA classes at William and Mary. A Boston College graduate, Troy also holds a MBA from The College of William and Mary and a certificate in computer networks from Northeastern University.DATA SECURITY, Fresh Ink, MOBILE DATA