One of the biggest technology trends this year has been the continuing influx of consumer-oriented devices into the workplace. From iPads and iPhones to Android phones and tablets, 2011 will go down as the year the consumerization of IT reached a critical mass. It's no longer a question of whether IT departments will support and embrace consumer-first devices, bring-your-own-device (BYOD) programs and the expanded sphere of mobile platforms -- now, the issue is more about when and how.
IT departments have a lot to keep in mind: identifying employee-owned devices on the network; selecting recommended platforms for users; provisioning devices for secure access and centralized monitoring (whether company- or employee-owned); dealing with lost or stolen devices; easily wiping corporate data from employee devices; coordinating volume purchases from public app stores (particularly Apple's); and publishing in-house apps.
Most of these needs can be handled with any of several mobile device management (MDM) suites such as MobileIron, Sybase Afaria, AirWatch, Tangoe and even RIM's recently announced BlackBerry Mobile Fusion. Each offers a specific set of supported platforms, features, and enterprise systems integration tools.
Security policies: The first policies should deal with device locking: requiring a passcode, designating passcode age and complexity, auto-locking a device when it's inactive, and wiping data after a set number of failed unlock attempts. Security policies often should go further: requiring whole device encryption, if possible -- or at least securing specific data; configuring VPN services; limiting access to device/platform features like app installation; or setting specific configuration options and preventing users from changing them.
Walking the tightrope
In very few cases will the bare minimum suffice. But the other extreme -- managing everything that you can -- doesn't really work well either. It'll simply hamstring users, add complexity to setup and management processes, and drain IT resources.
This allows you to automatically apply a number of profiles simply based on the type of device and its existing configuration. Devices that have security vulnerabilities -- a jailbroken iPhone or a phone running an outdated version of Android, for example -- would get a set of profiles that limit what internal resources the device can access.
Management examples for specific situations
While every organization will have its own needs, it's possible to offer some guidelines for the level and type of management appropriate to specific user types. Consider the following examples as a starting ground for developing a mobile management strategy. Note: You could easily mix and match several of the examples in a mobility strategy.
Business cloud service enabled: The device is preconfigured to access private or company-managed public cloud services.
Personal cloud restricted: Access to personal cloud services, including Apple iCloud, is limited or prevented entirely. (May be challenging when applied to employee-owned devices.)
Location data restricted: Either the device is prevented from using location services entirely or access to apps that work with location data is limited. This is a particular challenge given the ubiquity of location-based features in today's mobile devices. One solution: create a white list of apps allowed to use location data.