Mobile Device Management Demands Risk Assessment
September 06, 2011
By Susan J. Campbell
, TMCnet Contributing Editor
The mobile phenomenon has taken hold in organizations throughout the global marketplace, demanding that IT departments and CIOs pay more attention to these mobile devices and applications accessing the network. This demands a keen focus on mobile device management and what it means for your company.
This Forbes piece highlighted a relatively new, yet rapidly growing acronym within this space: BYOD or Bring Your Own Device. This trend highlights the power that consumer preference and not corporate initiatives have in driving the adoption of technologies in the enterprise. Organizations like yours are implementing mobile device management policies to support those employees bringing their personally-owned mobile devices to access business applications that are fully supported on the corporate network.
This move does help to drive employee satisfaction and productivity while reducing overall mobile expenses for the corporation; but it’s not without its own risks.
Monica Basso, Research VP at Gartner (News - Alert), predicted that by 2014, 90 percent of organizations will support corporate applications on personal devices. The challenge is that many of the devices were not built with the requirements of the enterprise in mind. As a result, IT teams often have concerns regarding security and supportability.
While mobile device management is an important focus, BYOD is really more than just shifting ownership of the device to the employee. It also presents the complex and hidden implications that demand a strategy for proper management. Two critical things must be determined at the beginning of your mobile device management strategy: establish a trust model and gain an understanding of the legal implications of BYOD.
The trust model is an important element in mobile device management and establishes the foundation for enterprise security. The device itself can fall in and out of compliance, adding a new element of complexity for your organization. This trust level is dynamic and because devices are not locked down, can fall out of compliance more frequently.
To build a trust model around BYOD, you must define remediation options; set a tiered policy; establish the identity of user and device; and take a critical eye to the sustainability of the security policy you are about to implement.
Your mobile device management strategy must also focus on liability. The BYOD model introduces a new dynamic—in essence the device is no longer owned by the company. As a result, you have to assess whether or not this action increases or decreases liability. To ensure a reduction, you need to define the elements of baseline protection; assess liability for personal Web and app usage; assess liability for onsite versus offsite work and outside and inside work hours; evaluate whether BYOD reimbursement affects liability; quantify monitoring, enforcement and audit costs; and assess the risk associated with the damage of personal data.
As you can see, your mobile device management strategy has to focus more than just on the cost and monitoring of the devices accessing your network. It may be a good idea to seek professional assistance in this process to best understand your risk and implement policies and processes to minimize that risk.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.
Susan J. Campbell is a contributing editor for TMCnet and has also written for eastbiz.com. To read more of Susan’s articles, please visit her columnist page.
Edited by Jamie Epstein