Forecast 2013: Setting a mobile risk management strategy

As mobile devices continue to flood into the enterprise, IT leaders grapple with ways to manage the risk.

If you're CIO at a large enterprise -- or a small one, for that matter -- chances are good that you're seeing a steady rise in the number of employees using smartphones and tablets at work.

The upside of this trend is that people might be more productive if they're using mobile devices they're comfortable with to access corporate data, collaborate with colleagues and communicate with customers. But increased mobility comes with risks.

Smart IT executives are mapping out strategies for managing their organizations' mobile risks and benefits. More than half (52%) of the 334 IT executives who responded to Computerworld's 2013 Forecast survey said they're ramping up mobile risk management efforts, and more than one-third (38%) said they're seeking help from outside providers.

Yet the results also show that many organizations haven't yet adopted a formal mobile device management strategy. Only 46% of the respondents said they have such a plan in place.

Those companies that have launched mobile strategies are getting a handle on the risks. Chicopee Savings Bank in Chicopee, Mass., with seven branches in western Massachusetts, began deploying Windows smartphones about five years ago and has since moved to Android devices.

"We initially deployed these devices to meet the business need of keeping corporate email, contacts and calendaring continually available to a small subset of our executive, sales and support employees -- whether they were in or out of the office," says Darlene Libiszewski, senior vice president of IT.

The bank launched an assessment to identify the risks and benefits of mobile devices. "A formal risk management discipline has always driven where we invest our resources," Libiszewski says.

Confidential information residing on mobile devices was among the security risks. "To minimize the risk effectively, we realized we needed to own the device to implement and manage the controls," she says.

But to minimize the cost of deploying smartphones, the bank is now considering adopting a bring-your-own-device (BYOD) program.

Forecast survey base: 334 IT executive respondents; June 2012

Managing risk is an ongoing process, Libiszewski says. "But I would say that more risk management focus has been placed in the mobile space because it is developing so rapidly and customer adoption is huge -- and face it, this space is the new frontier to be exploited," she adds.

Technology Plays Enforcer

Technology plays a huge role in helping IT manage devices and maintain security. Georgetown Hospital System, a healthcare provider in Georgetown, S.C., relies heavily on systems such as BlackBerry Enterprise Server, Microsoft Exchange Server and mobile device management technology from AirWatch to safeguard mobile devices such as Apple iPads and iPhones, Android smartphones and RIM BlackBerries.

Forecast survey base: 334 IT executive respondents; June 2012

"The phones are primarily used for email and calendar access, and they're used by senior administration, managers and approved employees [who] either travel or work on-call schedules," says CIO Frank Scafidi. Tablets are used mainly by managers and senior administrators, and increasingly by doctors, to access applications.

The AirWatch product, which Georgetown deployed in 2010, enables IT to place restrictions on devices, enforce security policies, remotely secure and wipe devices, and monitor usage, Scafidi says. The organization plans to move BlackBerry users to the AirWatch environment and decommission the BlackBerry server to maintain a unified mobile management environment, Scafidi says.

1 2 Page
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies