Mobile Policies: The Foundation for Success

What policies should organizations put in place to make the most of mobility’s benefits without putting valuable enterprise resources at risk? Experts advise IT managers to consider a range of issues.

The first step is to assemble a committee of stakeholders from throughout the organization. Every department that will be affected by a mobility deployment should have a seat at the table.

This diverse group must spell out clear usage parameters for mobile devices and the data they access. For example, the committee should determine which job titles make it appropriate for workers to use mobile devices for their jobs. Within this group, the committee should decide which users will receive notebooks, smartphones and tablets that are provisioned by the organization.

Next, this committee should determine which users will be allowed to employ BYOD hardware for work-related activities. Some organizations follow a multitiered approach that pays all device and services costs for senior executives and gives stipends for mobile resources to professionals whose jobs require mobile data access and collaboration.

This approach also can allow the remaining staff to use personal hardware if they agree to usage policies and download an app from the organization’s mobile device management (MDM) solution. Many enterprises create a procurement portal to help users administer their data plans, select devices and activate their accounts.

Other considerations to hammer out include which operating systems will be allowed and whether to ban jailbroken or rooted devices that override vendor controls. Depending on the organization, the committee may have to comply with regulations for protecting data, such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare Information and the Children’s Internet Protection Act (CIPA) for K–12 education.

It is also important to define acceptable practices by staff members, such as avoiding applications deemed unsafe or unsuitable for downloading on devices that connect with internal networks — a practice known as blacklisting. Conversely, mobile users should clearly understand what their organization may do to protect its resources. Many enterprises expect to wipe personal information from provisioned devices or organizational data from BYOD gear when an employee departs.

Pushing out communications about existing and emerging mobile policies is also crucial. The steering committee should delegate responsibility for making sure that new employees receive a thorough briefing during the hiring and training process and that all staff members receive regular policy updates.

IT stakeholders should keep their peers informed about technologies used to manage and secure mobile devices, applications, enterprise data and BYOD activities. The IT department also should tackle issues surrounding mobile application development, including the programming platforms the organization will support, creation of an internal app store to distribute programs to staff members and determining whether additional resources will be needed for support and help desk services.

Finally, the entire committee should take steps to keep its work relevant into the future. It should create a mobile roadmap for the next 12 to 18 months to address ongoing technology innovations, anticipate changes in the mobile market and outline how mobile solutions can continue to support the enterprise as its vision and business needs evolve.

Want to learn more? Check out CDW’s white paper, “Microsoft: Planning for Mobile Success.”