Creating, applying and enforcing a mobile device policy

Creating, applying and enforcing a mobile device policy

Creating, applying and enforcing a mobile device policy

Date: Feb 01, 2011

In the era of the distributed enterprise, organizations everywhere face multifaceted mobility challenges that require adaptable, well-considered mobile device policy solutions. They must determine what constitutes acceptable use of mobile devices like smartphones, netbooks and tablet PCs, balancing users' accessibility and performance needs with mobile device security and mobile data safety concerns.

The easiest way to ensure that mobile device adoption contributes to, rather than impedes, the accomplishment of an organization's goals is to establish -- and strongly enforce -- a clearly drawn mobile device policy. In this video,'s Rivka Little speaks with Michael Finneran, principal consultant and analyst at dBrn Associates, about developing a mobile device policy, applying policies to the growing number of mobile users in the enterprise, and the importance of organizations recognizing mobility as a potential business game-changer.

Finneran also discusses applying a mobile device policy on a per-user and per-application basis, identifies several best practices for mobility in the enterprise (starting, of course, with actually having a mobile device policy) and touches on some issues that the new wave of enterprise tablet PCs pose for maintaining mobile security.

About the speaker:

Michael Finneran is an independent consultant and industry analyst who specializes in wireless technologies, mobile unified communications and fixed-mobile convergence. With more than 30 years in the networking field and a broad range of experience, Finneran is a widely recognized expert in the field. He is the author of Voice Over Wireless LANs -- The Complete Guide (Elsevier, 2008). His expertise spans the full range of wireless technologies, including Wi-Fi, 3G/4G cellular, WiMAX and RFID.

Read the full transcript from this video below:  

Creating, applying and enforcing a mobile device policy

Rivka Little:    Hello. I am Rivka Little with SearchMobileComputing, and I am here with Michael Finneran, Principal Consultant at dbRn Associates. Thank you for joining us.

Michael Finneran:       Thank you.

Rivka Little:    We have come into the era of the distributed enterprise. How do we apply policy to mobile users?

Michael Finneran:       The first big thing is the organization must take mobility seriously. That is they have to realize this is a benefit not just for their internal users, but potentially a game changer for business transformation. In terms of the overall policy, first and foremost, you have to describe how mobility fits into your business. Today, that is really taking two different views: the internal view and the external view. Once you have done that, then it is a matter of describing, how you see mobility affecting your business? What is going to be acceptable use? Certainly, for the internal parts of that, there are some very critical business issues. Most particularly on that front will be insuring security, and also ensuring safety, safety and liability.

The one issue that we wrestle regularly now with clients is whether or not you are allowed to use a mobile device while operating a vehicle. Traditionalists stick with the law of the land, which typically says, ‘You can, in so far as you are using a hands-free device.’ What we are finding practically, on the other hand, is that people are fundamentally distracted when they are engaged in a conversation. The result is that their attention is split, and you are really not that much safer using a hands-free device than you are with a handheld. Actually, some of the research in University of Utah, they have termed the use 'inattention blindness' and find that it is the equivalent of having several drinks before you get behind the wheel, to using a device. Of course, we get serious pushback from the sales force whose entire productivity is made up out of using their mobile devices while they are driving from customer to customer. It is really a matter of taking it seriously and defining how this is going to be used and used effectively inside of the organization.

Rivka Little:    What represents best practices when it comes to mobility in the enterprise?

Michael Finneran:       We get asked that question a lot. The first best practice is to have a mobile policy. In a number of the sessions here at Interop, we have polled the room to determine how many of the organizations actually do have real mobile policies, and it appears to be in the minority. The first step is to have a mobile policy. In terms of best practices, the best practice is that which reflects the overall objectives to your company. Which is to say the mobile policy for a financial services firm is going to be entirely different than the mobile policy for a healthcare institution or for a university. It is a matter of recognizing how mobility affects the overall business, then describing it in terms that really optimize its use for that particular line of business. Lastly, management commitment. A good mobile policy has to have teeth. That is, if somebody is continuously in non-compliance, who uses these things as if it were their 6-year-old’s iPhone, they need to have their hand slapped. Either we take the device away for a week; we take it away for a longer period of time, and at the very end limit, adios.

If we are looking at a policy that does have that level of enforcement, it absolutely needs the endorsement of management. Unfortunately, the practical difficulties we deal with is, very often, the worst abusers are those at the top of the organizational hierarchy. It is really a matter of having the bosses, the people who count, recognize the exposure this creates for the organization, both in terms of lawsuit information and liability if somebody should get into a car accident, God forbid, when they are talking on a company phone, on company business. That liability is getting traced right back to the organization. Will they be willing to treat that as real exposure to the business and put something behind a mobile policy?

Rivka Little:    What challenges do these new tablets throw into the mix?

Michael Finneran:       We love those tablets. Technically, not very much. Practically, most of them are using the same mobile operating systems you already have, which is to say, if I have a mobility solution that will provide security and manageability for an iPhone, it should take care of the iPad, as well. Similarly, if I one that takes care of Android and that is on that operating system, that environment is on my list of supported devices, an Android-based tablet should work just as well. The real exposure that is coming about with tablets, however, is the fact that one, a user is now likely going to have multiple mobile devices, which means more things to lose. Also, the form factor and the overall attractiveness of the tablet experience. Cnce you use the iPad, you are sold; it is just the greatest thing. Which means people will be looking to use these mobile devises in a much, much wider range of applications. By itself, the fact that it is a tablet really does not change anything. As long as we can support that platform, then we are in good shape. The real change is just going to be the number of devices, the number of devices each user has and the range of applications that are going to be used to support. Certainly, if we have a good, sound mobility policy in place that defines security protection, acceptable use and defines clearly the range of devices, or echo systems as we call them support, tablets by themselves really should not make our lives that much more difficult. 

Rivka Little:    Thank you so much for joining us. I really appreciate your time.

Michael Finneran:       My pleasure. Thank you.

More on Mobile Security and Management