At ITEXPO (News - Alert) I moderated two lively, interactive sessions that discussed this important issue. One of the four speakers was Sam Liu of partnerpedia, from whom I stole those words. Another was John Herrema of Good Technology (News - Alert). Both companies have impressive solutions, but instead of attempting to summarize the functionality I’ve simply given two white paper urls at the end of this article. What I am going to do is summarize the conclusions of both the presenters and the audience.

The new devices, smart phones and tablets, have to be managed. That’s clear. IT needs to be aware of everything that is being employed. Have any been unlocked? And in the event of a device being misplaced, lost or stolen IT must be able to remotely wipe enterprise data, leaving personal data intact.  The same function is enabled when employees leave the company, taking their personal device with them.

Device management was discussed at length and then from left field came the statement that the real issue isn’t the devices, it’s the applications.  Maybe I should add that it was left field for me. I can’t know everything about everything, but I do know that nothing will work unless IT brings the mobile employees on board.

Working with the workforce

Mobile employees need to be educated about the potential damage they can inflict on the company and that also goes for C-level management. One attendee said that no matter what he does, the management in his company is in denial and when they are using the latest, greatest tablet the task doesn’t get any easier.

There is an obvious need to minimize breaches of security but this task goes beyond simply securing the technologies. Solutions have to be pragmatic and relevant to the processes they are going to protect. Users have to work with the solution and if usage is too complex or cumbersome it won’t be effective. For example, if corporate policies are too restrictive users may look for ways of circumventing them. 

This means that C-level management should take a more active role as security shifts from being technology centric to business risk centric. Security decisions should involve business-level discussions and management is in the best position when it comes to determining the risks involved.

There has to be a top-down strategy but implementation should be bottom-up and decisions must not be handed down from on high. The right way involves detailed discussions with the various workforces and their departmental managers. 

The Enterprise App Store

This is the relatively new ‘left field’ development and it has a nice marketing ring about it, so we can expect to see it being overhyped in future. Like it or not, today’s digital natives are going to use their preferred device and in this case IT has to go with the flow. And they will also have definite ideas about applications. If there isn’t an authorized app that does what they want they’ll shop around and find one and that could open up the environment to malware, viruses, hackers and so on.  

There are different takes on this concept, but in the context of this article the focus is on creating corporate apps stores in order to ensure compliance with corporate policies and minimize security risks. But it only works if they are stocked with the apps that the employees need and they differ from one individual to another.  Which takes us back to early involvement with the mobile workforce. And if they are there, then employees will choose the apps they need on a self-service basis.

Note that in most cases we are really talking about applets that are workflow-specific, so it should be relatively easy for IT to keep pace with changing requirements, either by developing the apps internally or by going outside to a third party. The numbers that are being churned out for the consumer market is amazing: there are over 100,00 for the iPad.  

Recommended reading

“Mobile Application Management in the Enterprise” from partnerpedia and “Securing Business Mobility” from Good Technology.