When I first talk to a client about mobile strategy, I often start by asking, “What’s more important to you: productivity or security?”
It’s a trick question. Neither is more important than the other. In fact, they are two sides of the same coin. People can be fully productive only if they have all the right privileges for all the right enterprise resources. And enterprises can be fully secure only if people have just the right privileges for just the right resources.
In other words, both productivity and security require appropriately defined policies that are accurately enforced. Without such policies and enforcement, mobility doesn’t do much good for anyone — except, of course, those who mean to do the enterprise harm.
The Four Dimensions of Mobile Policy
Mobility is complex. People are constantly using different devices to access different types of content via different apps. In many cases, they are also using the same device for both business and personal purposes. That means mobile policy enforcement has to be sufficiently multidimensional to address all the moving parts.
More specifically, we recommend experts take a fourfold approach to policy-based control of enterprise mobility:
- Mobile device management: MDM is where most enterprises have focused their efforts already. It includes capabilities such as device onboarding and configuration, remote wipe of lost or stolen devices and detection of any attempts to compromise the security of devices through rooting or jailbreaking.
- Mobile application management: To ensure productivity and security, organizations must be able to quickly distribute and update apps on users’ devices, block blacklisted apps, transfer app licenses from retired devices to new ones and maintain ongoing visibility into app usage across the enterprise.
- Mobile content management: MCM enables enterprises to protect sensitive data while ensuring that users can get the information they need, when they need it. It allows them to define and enforce policies that specify the content that users can see, edit, annotate, download, forward, repurpose and so on.
- Mobile identity: Role-appropriate mobile enablement and security requires organizations to apply policies to people, not just devices. Mobile identity supports this requirement through measures such as biometric authentication and single sign-on.
A holistic approach to mobility management will integrate and orchestrate all four of these disciplines to ensure that users can make the most of enterprise IT resources anywhere and at any time — without jeopardizing security or regulatory compliance.
The Bigger Picture
It is also important to recognize that mobile enablement and security are not some entirely separate operational silo for the IT team. After all, it doesn’t do much good to rigorously secure access to a wired network if it’s still vulnerable from a mobile perspective.
By the same token, an organization won’t get the full potential business benefit from its investments in collaboration and decision-support tools if users can’t easily access those resources when they’re working remotely from home or on the road.
That’s why mobile management should be well-integrated into the IT group’s broader strategy for enterprise security and governance. Effective mobility management may require a variety of specialized tools and practices, but as work and life in general become increasingly mobile-centric, those tools and practices become less ancillary to enterprise technology — instead, they become central to its success.
For a more detailed look at the drivers and key considerations for a mobile policy, read the Building an Effective Mobile Policy white paper.