Manage Learn to apply best practices and optimize your operations.

Crafting a mobile device management policy? Balance business and IT

A secure mobile workforce can benefit the business. But creating a mobile device management policy that meets the needs of business and IT can be tricky. Learn how it's done.

Going mobile is the "hot" thing to do right now. Smartphone proliferation in the corporate world has never been higher as businesses worldwide see the value in keeping employees constantly connected. But this influx of available devices and mobile technology also requires more IT responsibility.

Jonathan Hassell

It's crucial that an organization create a mobile device management policy to explain the rules and commitments that come along with allowing constant mobile access to company resources. Then, with security and consistency on your side, you can work on developing and supporting the applications and utilities that your end users have come to depend on to get work done efficiently and effectively.

Here are some tips to consider when developing a mobile policy and device strategy for your organization:

Decide on a mobile policy and stick to it up front. When developing your mobile device security strategy, stick to the most basic management rule: Have clear, consistent guidelines and commit to them until business requirements dictate otherwise.

IT management will run into problems when different users have different experiences when it comes to choosing their mobile devices, getting them set up on the network and using them on a daily basis. Eliminate all inconsistencies: Service delivery with known boundaries resolves most of the complaints users have regarding their device support and their interactions with your staff and resources.

Understand and control the devices on your network. Sanctioning what is supported and authorized to be on your company's network is always the first line of defense. For many companies, this comes down to a question of ownership: Does your company purchase phones and devices and distribute them to only authorized users? Or is your organization set up so that users purchase their own devices and have the option to connect to your mail servers and network resources on the go?

Some companies manage this by setting up mobile email through a platform server tied into a specific type of device, like the BlackBerry Enterprise Server product. This gives midsized organizations a clean line of reference to what's supported and what's not and makes it almost impossible to ignore mobile policy because IT registers devices with the platform server -- no registration, no access.

Avoid mobile vendor lock-in. Like everything else in the technology world, smartphones and mobile devices are always changing, and the greatest device today will be obsolesced by something better within nine months. To stay nimble, consider supporting multiple platforms. This is especially important if you have an application development team creating line-of-business code designed to run on mobile devices.

Keep your spectrum broad -- think about providing Web-based services over native applications. It is possible to control multiple platforms and provide applications while still giving users the freedom to choose the phone styles that best meet their needs.

Don't live in the past. Strive to service the latest smartphones and devices, like the Android and iPhone, to minimize temptation for users to get their own devices. The new, shiny object in the phone store will always look better than the 2-year-old device your user carries in his pocket, but if that user knows that your IT department is ready to move him to a latest-generation iPhone when his contract renews, he won't be tempted to circumvent your procedures. Business owners and the C-suite residents won't have to choose between their own phone needs and IT's established mobile device management policy. Be ready to service the latest and greatest mobile devices, in a managed way, so everyone wins.

Understand how devices fit into your operations and workflow. When creating a mobile policy, always consider your end users first, not your specific needs. IT exists to serve the business, not vice versa, so consider how the business uses its devices. Do different teams have different mobile needs? Are there workers who rely on significantly higher uptime from your mobile resources than others? Who uses the mobile apps you are developing, and in what scenarios? How can you better enable them to consume your resources in an efficient way while still being able to protect against the threats and the costs associated with technology?

Plan for loss. The very factors that make smartphones so powerful and convenient also make them prone to being lost or stolen. Have a plan in place for when a user is no longer in possession of his device. How will you first deny access to the device? How and when will you remotely wipe the device? How will the replacement workflow look? Is user retraining required?

You will have a device lost or stolen -- it's only a question of when. Be prepared to respond quickly and decisively to minimize the risk these lost devices pose to your business.

A clear mobile device management policy will provide consistency, making IT's job of supporting and managing mobile devices easier. But more importantly, it will help protect your organization's data, while also empowering a healthy mobile workforce.

Jonathan Hassell is president of The Sun Valley Group Inc. He's an author, consultant and speaker in Charlotte, N.C. Hassell's books include RADIUS, Learning Windows Server 2003, Hardening Windows and, most recently, Windows Vista: Beyond the Manual. Contact him at

Dig Deeper on Small-business infrastructure and operations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.