Businesses' rapacious appetite for technology has always required teams of hardware and software experts to meet those needs. Today, mobile devices, ranging from laptops to tablets to smartphones, have changed the relationship between technology and the individual. People are now able to access both business and personal data at any time, from anywhere. This creates numerous data security, risk management and compliance concerns for organizations. There have been technological improvements in the mobile device management best practices toolkit, but the mobilization trend poses several challenges:
Managing the device. How can the organization track what is on each device and exactly how the device is being used? Unlike PCs and servers, mobile devices are not attached to the organization's network and cannot be easily discovered using traditional tools. Also, it's only logical that "mobile" devices will spend the majority of their time outside the organization's walls. Bring your own device (BYOD) initiatives bring the ownership of the device into question. When any percentage of devices personally owned are used for business, data privacy and security issues escalate as well.
Just like other IT tools, mobile devices require maintenance, version control, compliance monitoring and risk mitigation features.
Managing the user. Just like other IT tools, mobile devices require maintenance, version control, compliance monitoring and risk mitigation features. When ownership of the device is vague, who is responsible for performing this maintenance, as well as documenting, reporting and confirming that these actions have been performed correctly? These tasks are vital to the management of mobile devices, because they make it is easy for an individual to download, upload, remain Internet-connected and file share. These functions and others can be detrimental to data security and legislative compliance requirements for an organization.
So how is an organization supposed to respond to this growing trend? According to the International Association of IT Asset Manager's Mobile Asset Management Survey, mobile assets are permeating the work environment, regardless of business sector or organizational size. The trend isn't going to stop, and organizations have to adjust.
The trend requires a multi-layered solution and a methodical approach to mobile device management and best practices. Changes to four key areas are necessary within the organization:
Policies: Policies have to be brought up to date, with language unique to the situations introduced by mobile devices. These best practices policies need to address the special capabilities of mobile devices. Organizations need to make decisions about what can be uploaded and downloaded and clearly reflect these rules in the policy. Security policies need to be updated, specifically regarding network management and secure access points. Mobile device application management also requires clear expectations regarding employee use of the device, as well what organizational information can be accessed and how to alleviate potential compliance issues. Employees are accepting more responsibility when using personal mobile devices for work purposes, and the organizational policies need to address these new responsibilities.
Education: With this shift in data management responsibilities, mobile device end users need to be educated on the how and why of several functions. In addition to training on applications and maintenance of software, they also need to be educated on the unique functions of each mobile device, the risk it presents and how to reduce these risks.
More on mobile device management best practices
Q&A: The mobile influence on information governance strategy
As workplace consumerization spreads, mobile security a major concern
Communication: Communication of information within an organization typically flows from manager to staff or, in the circumstances of a new employee, from the HR department to the new employee. Without intervention, mobile device expertise will flow into the organization from the bottom up, with the new, younger employees who have relied on technology for most of their lives educating those who are less familiar. Organizations should be looking to revert back to the traditional, top-down type of communication regarding mobile device management, because it encourages broader adoption and improved individual data security processes.
Procedures: Procedures provide detailed steps the organization will take for mobile device management. Procedures are likely to require different strategies and tracts that reflect the myriad technologies the organization has to handle.
There is no accepted approach for introducing mobile device management into an organization, or for the long-term management of those devices. Vendors are trying to rise to the occasion with mobile device management and mobile application management products. No software product is a silver bullet solution, however, and the organization still has to build the policies, education, communication techniques and procedures that work best for them.
By taking this proactive approach to mobile device management, the organization has an increased chance of delivering new value through the technology while maintaining better control than might have been achieved otherwise.
Barbara Rembiesa is founder, CEO and president of the International Association of IT Asset Managers Inc.