Don't risk mobile chaos for lack of mobile governance

Without governance, BYOD will quickly turn into mobile chaos. SearchCIO expert Bryan Barringer lays out the fundamentals of forming a mobility governance team.

Thousands of IT organizations have by now received the directive from the C-suite to go mobile. Businesses must seize the opportunities mobile computing can offer, from raising revenue and cutting costs to increasing employee productivity. Yet, as with most things, agreeing to move in a certain direction doesn't mean it will be a successful and painless transition, and that is especially true when adapting to the dynamic ecosystem of...

mobility.

So where does one begin?

Well, there are technologies to look for and implement, for sure, starting with the bandwidth upgrades required as more devices gain access to your company's intranet. And, of course, IT organizations should expect to invest in mobile device and application management tools, an alphabet soup that includes EMM, MDM, MAM, MCM, etc. There is one step in the evolution of moving to mobile, however, that should be the enterprise's highest priority, and that is mobile governance.

Trust me when I say that the processes and policies you have in place for pre-mobile initiatives will not in most cases work for going mobile.

Let's start with the most obvious difference between these two computing worlds: employee ownership and the rights, risks and, yes, enterprise benefits this new ownership entails. The desktops and laptops provided to employees by their employers come with explicit policies on how, when and where they are to be used. Managing this equipment is straightforward, if not exactly easy.

Trust me when I say that the processes and policies you have in place for pre-mobile initiatives will not in most cases work for going mobile.

Employees who bring their own devices (BYOD) are the sole custodians of how and why those devices are used. Their devices contain personal information and applications and, by default, little or no enterprise policies or tools on board to secure corporate access and content. And, because the employee-owned device is paid for personally, your company is limited in what it can control and enforce.

That's scary stuff. But IT leaders must also acknowledge the pluses provided by the BYOD model, starting with the fact that BYOD offsets the cost traditionally carried by the company for providing the assets required by employees to perform their daily assignments. That, together with the increase in access and capabilities mobility provides, should motivate enterprise IT leaders to figure out new and improved mobile policy structures that will add protection for the enterprise and, equally important, for the employee. Let's get started.

Mobility governance team: Who's on it? What do they do?

Bryan BarringerBryan Barringer

The first step is to form a mobility governance team. The team should include, at a minimum, representatives from IT (Dev, Infrastructure and InfoSec), the business, HR, finance, legal and sourcing/procurement.

Here are some primary areas for each part of this team to tackle when first laying out a mobile governance strategy:

  • Legal: Hammer out details on how employees can use both corporate-liable and personally owned devices. Policies should cover what is appropriate and inappropriate use for each of these types of devices and what are the ramifications when a device is misused.
  • Finance: Analyze all costs associated with using BYOD and what the company will pay for. For example, will there be a stipend or reimbursement for the cost of purchase and monthly data/call usage? Will travel and roaming coverage costs be paid by the company for corporate use, but not personal use? (Having experienced management and finance pick apart a cell phone bill in order to determine the level of reimbursement an employee is entitled to for a business trip abroad, I can't emphasize enough how important it is to have a formalized BYOD payment policy upfront.)
  • IT: Address BYOD issues including how and which mobile devices will have access to the intranet; Wi-Fi network segmentation and controlled access; which content repositories are allowed and restricted; device onboarding processes (MDM); and information security standards for mobility. In my experience, forming the security standards for mobile devices will require the most effort. IT must establish a brand-new baseline, starting with a definition of what the company considers a mobile device. For example, is a laptop now governed by the same standards as a smartphone? It is not as simple and clear-cut as one may think.
  • Procurement: Decide what types of devices can be used by employees and how this equipment will be acquired. Corporate cellular provider contracts and plans need to be gone over with a fine-toothed comb and potentially amended.
  • Application: Determine which applications residing on these devices are going to be allowed and which are restricted. Other questions to consider: What types of malware or antivirus software is required, if at all? How will applications be downloaded and from where? How will applications be developed and then included for distribution (e.g., push or pull) in an internal and/or external app store? How will volume-pricing agreements be maintained and who in the company will digitally "sign" applications prior to release? To answer these questions, the application team will need to work very closely with the legal and security folks and determine the correct process for application purchase and distribution. I have been in countless hours of meetings to determine the legal protection needed (or missing) by "signing" and distributing an application where the purchasing company does not have access or own the source code. Basically, indemnification could just go out the window.

The mobility governance team should decide together on the approved device types by hardware providers (Apple, Android and Windows) and the required versions of these operating systems.

It's also a good idea to get consensus on support provided for BYOD. For example, when a device goes missing, what should an employee do to protect the company from unauthorized access? It will also be necessary to decide what kind of support the company will provide if a user needs assistance with enrollment and onboarding, as well as when an employee leaves the company.

The above focus areas are a good starting point for mobile governance, but please know that this is not a comprehensive list of questions. To help ensure a comprehensive policy, I suggest engaging an expert in the field of mobility infrastructure and governance. Nor should mobile governance be limited to members of the mobility governance team; over time, the corporate mobile policy should have input from as many areas of the enterprise as possible. It's also critical, of course, to have the support of the executive team to implement these new policies.

In fact, it is important to note that while each group in the mobility governance team has specific areas of concern, the team needs to quickly become a cohesive unit with early and ongoing representation from the key areas mentioned above.

I have come in on the tail end of many projects where legal, for example, was not involved from the beginning and instead treated as a gatekeeper at the end of the mobile governance process for fear it would curtail progress if brought in too early. I will tell you that every time we have involved the legal group from the beginning, they are standing with the team at the end as a unified front.

Communicating mobile governance policy

A word of caution: Many of the new policies for enterprise mobility will be without precedence and some will seem off-putting to many employees.

To ensure the highest likelihood of success and to give your company the best chance of achieving cost savings and productivity gains, proper and compelling communication to employees is critical. Work with your corporate communications department to develop and launch a campaign to detail the changes and the benefits to the company and the employee of a BYOD initiative.

IT leaders who can help their organizations devise an effective mobile governance strategy for going mobile will be doing employees and the company a great benefit. Most employees are tired of carrying around two smartphones (corporate and personal) and want to add their own tablets to their work life. And they would rather have their favorite devices instead of having one dictated for use. Employees also want the same easy-to-use applications and easy access to information that they have in their personal lives. BYOD will deliver on these desires, but a successful move to mobile requires careful planning, top-down support and excellent communications.

About the author:
Bryan Barringer is a technology and business operations expert who specializes in mobility, user adoption, UX/UI design, customer acquisition, product design/management, strategy and business development. Starting at FedEx in 1994, Bryan was tasked with evaluating mobile solutions for operations and sales professionals and went on to become leader of FedEx Services' Office of Mobility and Collaboration before leaving the company in June 2014. He is now an independent enterprise mobility consultant and speaker.

Next Steps

Post-launch metrics key to reaping mobile app payoff

This was first published in September 2014

Dig deeper on Mobile technology and management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Bryan Barringer asks:

Do you have a mobility governance team with multiple departments represented?

0  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close