Mobile device governance

Paul DeBeasi, Contributing writer

Wasteful spending, weak security and lax usage policies often characterize enterprise mobile device governance (i.e., the people, processes and policies used to manage mobility). This article reviews common mobile device governance

    Requires Free Membership to View

issues and provides practical recommendations.

Impact of poor mobile device governance
Mobile devices and services continue to be a rapidly growing component of enterprise budgets, yet many enterprises have no coordinated approach to mobile expense management. Oftentimes, enterprises do not analyze how actual usage compares with mobile service contracts and therefore fail to make cost saving adjustments. Expense management becomes increasingly important as more enterprises allow employees to submit their expenses for personally owned mobile devices. Many enterprises do not have visibility into whether or not an employee is spending company money on personal calls, application downloads or ringtones. Some enterprises with mobile service contracts have discovered that operators may continue to bill the enterprise even after an employee has left the company!

More on mobile device governance
Employees using their own mobile devices are a growing challenge

Developing and instituting enterprise mobile device policies

Defining your mobile security policy

 The use of mobile devices exposes the enterprise to security threats such as device loss or theft, data leakage and malware attacks. The high value of smartphones makes them perfect targets for thieves. In addition, the small size of mobile phones makes it easy for them to slip out of a pocket or purse. Employees often "leak" sensitive information from a phone to a PC or secure digital card. Finally, growing processing power, storage capacity and broadband speed make the smartphone an easier malware target.

Personal use policies on mobile devices can vary widely. Some enterprises prohibit personal calls, forcing employees to carry two phones, one for business use and one for personal use. Others allow personal phone calls only if employees do not exceed their minutes-of-use plan limit. Some enterprises have a no-text-messaging policy, although it is unclear how they would enforce it. Similarly, policies on mobile device ownership vary widely. Many enterprises approve the use of company-owned mobile devices only; others allow personally owned devices.

Recommendations for mobile device governance
Enterprises can improve mobile device governance and thereby reduce costs, increase security and improve use policies by considering the following recommendations.

  • Embrace mobility as a strategic initiative. Enterprises often mange mobility in an ad hoc, department-by-department fashion, in much the same way that LAN technology was deployed in the mid-1980s. Enterprises would be much better served if they were to approach mobile device governance with the same discipline with which they approach their financial governance.

  • Consider using ITIL. The Information Technology Infrastructure Library (ITIL) is a widely adopted framework for IT service management and provides a broad set of organizational best practices that enterprises can adapt to their environment. Some enterprises are using ITIL to help them improve their mobile device governance.

  • Consistently adhere to security best practices. Many enterprises ignore well-established security best practices. For instance, they often require disk encryption on laptops but not on mobile devices. In addition, some enterprises still use the insecure Wired Equivalent Privacy (WEP) wireless LAN (WLAN) security protocol on Wi-Fi enabled smartphones. Such approaches can result in security breaches and may increase legal liability.

  • Rethink your mobile use policies and then enforce them. Enterprises often create use policies that are inconsistently enforced. For example, many IT managers state that their official policy is to deny Apple iPhone access to the enterprise network, but they often violate this policy for privileged staff. This behavior weakens the policy and encourages other employees to demand policy exceptions.

  • Limit and secure sensitive data on personal mobile devices. Consumer technology will continue to creep into enterprise facilities. This trend will accelerate the merging of personal and enterprise data on ever more powerful personal devices. Enterprises must carefully evaluate their risk tolerance for each consumer device under consideration and then learn how to limit and secure the personal devices that are allowed access to sensitive information. Refer to this SearchMobileComputing.com article on mobile security and management for useful suggestions.

  • Consider using products and services that can improve mobility governance. New products and services can help improve mobility governance. For instance, Visage Mobile's Software as a Service (SaaS) product enables enterprises to manage wireless inventory, reduce overspending and demonstrate compliance with mobility policies. In addition, companies like ProfitLine provide consulting services that help enterprises manage many aspects of mobile management, such as invoice management, device management and rate plan optimization.

Enterprise mobility is at a crossroads. Many enterprises are proceeding down a risky path because of their poor mobile device governance. Enterprises should set a new course that emphasizes mobility as a strategic initiative in order to reduce wasteful spending, improve weak security and strengthen use policies.


About the author: Paul DeBeasi is a senior analyst at the Burton Group and has more than 25 years of experience in the networking industry. Before joining the Burton Group, Paul founded ClearChoice Advisors, a wireless consulting firm, and was the VP of product marketing at Legra Systems, a wireless-switch innovator. Prior to Legra, he was the VP of product marketing at startups IPHighway and ONEX Communications and was also the frame relay product line manager for Cascade Communications. Paul began his career developing networking systems as a senior engineer at Bell Laboratories, Prime Computer and Chipcom Corp. He holds a BS in systems engineering from Boston University and a master of engineering degree in electrical engineering from Cornell University. Paul is a well-known conference speaker and has spoken at many events, among them Interop, Next Generation Networks, Wi-Fi Planet and Internet Telephony.

This was first published in July 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.