Part I: Planning a Mobile Security Strategy

This is the first of a two-part blog. The aim of this first piece is to affirm some of the biggest challenges in securing a mobile environment and suggest the approach to getting started. In the second piece, I’ll dive into more details about the critical nature of security in a successful mobile environment.  

Securing a traditional internal network is a tough task on its own, but layering on disparate devices, a myriad of connection points, and unknown applications can cause even the most relaxed IT pro to lose sleep. It’s safe to say, though, that mobility is here to stay, and smart organizations are establishing strategies to safeguard their mobile devices, apps, and data. If they don’t, they can’t comfortably reap the productivity benefits enabled by mobile devices, and they limit employees’ flexibility to work from wherever they choose.

Rather than jumping right into the world of mobile devices and apps, companies need to be thoughtful about the planning process, especially where security is concerned. Getting the right policies in place can define your position on mobile security and keep employees from unknowingly putting the organization at risk. Before setting your mobile security policies, consider a few big-picture elements:

Regulatory concerns. Do you need to worry about compliance with industry regulations, such as HIPAA or Sarbanes-Oxley, when it comes to securing data on mobile devices? Do you need to take payment card industry (PCI) procedures into account if you handle credit card data?

Industry concerns. Do you need to ensure that client information stays private? What about threats from competitors when it comes to keeping your own organization’s devices and data safe? If you’re in the financial services industry, what do you need to do to protect financial data on mobile devices?

Flexibility. Mobile capabilities shift faster than a quick-change artist. You need your policies to be stringent enough to keep mobile devices, apps, and data secure but still allow you to adopt new advancements in the world of mobility. How much wiggle room do you want or need for the future?

Emerging trends. For example, bring-your-own-device (BYOD) environments are growing in popularity. While BYOD can save money, it requires you to allow access to the company’s networks from a variety of places and devices with unknown levels of security. Does it make sense to support BYOD in your particular organization? If so, what’s the best approach?

All this begs the question, what is the first concrete step in planning your mobile security strategy? Take an inventory of your devices to see which platforms are already at work in your environment. Determine whether the security-enablement features of those platforms meet your needs, and balance those features against the user features and apps that are available on those platforms. Set out to clearly understand not only what types of devices are on your network, but also what applications are on those devices and where that data is stored—all of this should factor into your strategy planning.

Next, decide whether managing your mobile infrastructure is something you want to handle in-house or with an outsourced service provider. Some organizations opt for in-house management but find that their mobile situation stagnates over time or that supporting it takes too much IT staff time and attention. Others determine that it’s helpful to work with a trusted service provider that stays on top of industry trends and optimizes their mobile environment. Either way, your hands aren’t tied—lots of organizations move back and forth between in-house and outsourced management as their needs change.

One of the best ways to make mobile security less daunting is to implement mobile device management (MDM) software, which secures, monitors, manages, and supports mobile devices deployed across mobile operators, service providers, and enterprises. A mobility service provider can help sort out the best MDM software for you and then go on to provide strategic consulting about mobile apps and how best to secure them.

Once you have a plan in place for security, it is critical to keep it current. It’s smart to take a step back about once a quarter to assess new risk factors and indicators that may cause you to adjust your policies, device OS settings, etc. For instance, we’re all familiar with the abundance of mobile apps out there for consumers, but the buildup of enterprise mobile apps has just begun. And the BYOD world is becoming more realistic as dual-use devices and virtualization take hold in the mobile space.

Remember, focusing on rigorous security planning now puts you in a position to embrace the latest trends. Without solid strategies and policies in place, you won’t be able to take advantage of the value that mobility can bring to you and your employees. Don’t let opportunities pass you by—be ready and able to adopt what you need when you need it. Want to learn more about planning an enterprise mobile strategy? Watch our latest webinar on Building an Enterprise Mobile Strategy.

In my second post in this series, I’ll address the importance of incorporating mobile application management and mobile content management solutions into your mobile security strategy.


Three Tips on Building a Rock-Solid Mobility Strategy

Three Tips on Building a Rock-Solid Mobility Strategy_BLOG IMAGECompanies have learned the hard way that if you have no strategy—whether in the realm of sales, technology, or growth—you can flounder and make bad decisions. Mobility is no different. Without a comprehensive mobility strategy, it’s easy to lose focus and deploy single-point solutions that don’t mesh well with your overall business plans and existing technology environment.

Crafting a sound mobility strategy that identifies and addresses key business pains and objectives is worth the effort. With such a strategy in place, you can:

• Enhance employee productivity through the use of mobile devices and applications—without busting budgets or putting data at risk.

• Better align your business goals, processes, and costs, bringing everything together to fully support your employees and, often, your customers.

• Make more cost-efficient use of your resources by investing in solutions that fit into your long-term business plan.

To help you establish the right mobility strategy for your organization, I have come up with three pieces of advice, based on the work that I’ve conducted with businesses in a range of industries.

1. Take a hard look at your business requirements.

Mobility for mobility’s sake isn’t a smart use of company resources. You have to look at your business practices and needs when devising a mobility strategy. Many companies have baked mobility capabilities into their business, which really helps to propel their main objectives. Can mobility support your overall business strategy? If not today, can you create a mobility roadmap to support you in the future?

For example, if you install a new ERP system, are you extending that system to all your mobile users who may benefit from it? If not, you aren’t getting maximum value out of your ERP investment, and you may not be fully supporting your overall business goals.

To determine how mobility comes into play throughout your business, you need input from all angles. Form a cross-functional team or tap into your existing mobility team to really understand what makes your business tick and what specific issues and opportunities your mobile strategy should address. Produce an outline of the ways different roles in your workforce currently use and/or want to use mobility and how you see it playing a part in your company’s future plans.

2. Take security seriously.

Security should be a chief concern, especially when it comes to protecting mobile devices and their data. What is your IT security model and how does it translate to mobile devices and their content? If you’re putting corporate data on mobile devices, you need to look closely at how it’s safeguarded. If your organization is adopting a bring-your-own-device (BYOD) approach versus one that involves only corporate devices, you’ll need strategies that account for disparate devices and a blend of business and personal use. (For a more detailed look at the security side of the mobility equation, see the blog post from my colleague, Jide Akanbi.)

3. Determine the best way to handle the changing application landscape.

Gone are the days when employees used devices solely for email—workers in a wide range of roles are turning to mobile applications to heighten productivity and increase responsiveness. Today, employees can use mobile apps to manage projects, keep tabs on customers and work performance, connect with colleagues, and even host meetings. The applications that your employees use will likely be more important than the platform you choose when planning your mobile strategy. If you don’t take mobile applications into consideration, you can run into problems with information continuity, flow, and security.

What’s your strategy around applications, and how will you manage their content? Do you want employees to buy off-the-shelf applications or to develop them in-house? Will they work with your back-end systems? Will they pass data through correctly or will you have to invest more money to integrate them? How do applications transpose among an employee’s various devices? Take advantage of your existing investments and tie mobile applications to them as much as possible. For instance, if you have SharePoint, focus on applications that can securely communicate with SharePoint and that you can put on devices easily and manage in a secure fashion.

Staying on top of all the application possibilities and determining those that lend the most value to your company can be daunting. Consider working with an agnostic outsourced provider, one that can inform you about your options and take the emotions and preconceived notions out of decision making.

Whatever your approach, taking care to build a solid mobility strategy—and then revisiting it quarterly—will help you ensure that your company is getting maximum value from your mobility investment.

Interested in more information to help you build your mobility roadmap? Check out the webinar at: http://www.slideshare.net/EnterpriseMobile/tips-for-building-an-enterprise-mobility-strategy-slide-share

 


Enterprise Mobile Accelerates Cloud Collaboration with Box

  • Comments Off

Mobility-as-a-Service and Why It Matters Now

Mobility-as-a-Service and Why It Matters NowThe “as-a-service” way of handling IT environments has been growing for years. Mobility, no longer considered a luxury for executives only, has reached a point of prominence in the enterprise space and is now a viable candidate for an “as-a-service” approach.

Strictly speaking, Mobility as a Service (MaaS) is the ability to consume mobile products, software, and services—all under a per-device, per-month fee. It brings together all the necessary components, including applications, security software, ongoing services such as provisioning, and the device itself. This is particularly helpful given the diversity and complexity that companies face in dealing with today’s mobile environments. Users love the variety and greater levels of mobile functionality available to them, but that same variety introduces risk because devices have different levels of security and encryption, which makes it difficult for companies to control and secure an environment as a whole.

In the “olden” days, most companies used mobile devices that focused on email, but now email could be the third or fourth priority for employees, who may consider phone, texting, and line-of-business applications more critical to their productivity. To foster that productivity, companies incur costs related to content and apps, and due to the sophistication and complexity of the devices, you need additional value-added services to be able to deploy and support the environments as well.

There are essentially three ways to buy MaaS:

  • Traditional leasing. Take the cost of equipment, apps, security, and telecom expense management (TEM) and bundle it all into a three- or four-year agreement in which you pay a per-device, per-month fee that could be anywhere from US$20 to $50. At the end of that lease, you turn in the equipment.
  • Financing. Financing programs bundle the cost of hardware, services, security software, apps, and TEM together into a single per-device, per-month fee, with zero percent financing. Instead of paying up front, you pay the same amount every month per device, and at the end of the term, you own the equipment.
  • Individual services or equipment. Sometimes organizations need separate services that are priced per device per month. For example, you might need 10,000 help-desk seats but no hardware, so you’d pay a MaaS provider a help-desk fee per device per month, with no hardware component.

 

The world of MaaS brings several advantages to companies:

  • Predictability. It’s often a huge benefit for companies to have OPEX versus CAPEX costs; it enables them to know every month how much they’re going to spend to “mobilize” a worker.
  • Refresh options. The ability to refresh more quickly through MaaS to take advantage of new features and technologies can make a positive impact for users and companies alike. For instance, when the new iPad 4 was released, all of a sudden some employees’ devices were “lost” or “stolen” because they wanted the newest version without waiting for their company’s refresh cycle.
  • Easing of infrastructure requirements. With MaaS, you no longer have to deploy lots of different components in your data center, build in redundancy, conduct 24/7 monitoring, and all the other work that comes with implementing server-based technologies. MaaS eliminates all those capital expenditures and efforts.
  • Scalability, both up and down. You’re not paying for infrastructure, hardware, services, and support that your company might not need at the moment. And as you grow, you don’t have to rethink your entire mobile environment.

Of course, MaaS isn’t for everyone. Those in highly regulated industries where data flow is restricted (like government or financial services) probably can’t take advantage of it, but most industries can reap the benefits. Companies can gain a true advantage by working with a MaaS provider to help guide their mobility strategies, keep up on all the trends, and consolidate and manage devices and apps under only one service. Sure, you can buy mobile device management (MDM) software directly from an MDM vendor, devices from your carrier, TEM from a carrier, and services from a separate provider—and you may use MaaS for all those components—but you’re also tracking and writing checks to all those different vendors every month.

Instead, find a managed services partner who can bring it all together with some solid thought leadership and logistics capabilities. With a partner like that on board, you’ll enjoy the advantages of a comprehensive mobile environment without the hassles.