The Governance Checklist
Knowing what devices actually on your network should be at the top of your mobile checklist. I’ve heard many stories of companies who took this first step and quickly found out that many devices were accessing corporate data without permission. In fact in one case, over 1,200 smart devices were gaining unauthorized access to the company’s enterprise email servers. That’s a little bit scary… but it should be a wake up call to many that knowing exactly what physical devices are on your network is critical.
Once you have a handle on assets, you need to determine how to authorize devices and provision them for particular capabilities on the network. For example, define exactly what sorts of devices you want to permit. You may narrow this down by platform such as iOS, BlackBerry, Android and Windows Mobile are approved, but another list is not.
Next up is to ensure that these devices follow corporate security policy. This might involve requiring authentication from the handheld in order to send and receive email, access corporate databases, or run approved applications.
For personally owned devices, your policy may dictate that you treat these devices differently than corporate owned devices. You may choose to block users with certain devices to not access particular data or applications (eg. block access to Android 2.0 or 2.1 devices, and grant it to Android 2.2 or later devices).
Another key aspect of mobile governance is giving users the ability to take care of a lot of tasks themselves, freeing up IT. Allowing employees to set up or troubleshoot their own devices, giving them self-diagnostic tools and directing them to where they can access management information and applications.
Without a solid mobile governance strategy in place, companies run the risk of exposing sensitive corporate data, spending time and energy on ad hoc management of devices, and creating a climate where users don’t feel trusted or empowered to work how they want to and where.
By creating a solid policy that clearly defines the rules of the game and making sure everyone from upper management and down complies with them fully will ensure that organizations enjoy the best of mobility – efficiency, flexibility and productivity – without the headache of security breaches, device loss, or worse.