That phone in your pocket is really a PC. And it needs to be treated as such.
For years, it was pretty easy for IT pros to safely ignore mobile devices other than laptops. Even after mobile devices had started coming equipped with that quintessential business app, e-mail, a lot of IT departments refused to allow them to be connected to business systems.
Today, end users are increasingly bypassing feature phones in favor of smart phones, and they want to use them for business purposes. Because of continuing IT resistance, more folks are bringing these things into the office without the approval, sanction or knowledge of the IT department. The result is commingling of business and personal data on devices that IT departments haven't purchased and often have no means to control.
No IT department would allow an end user to bring in a personal laptop and connect it to the corporate network and systems. Any end user who tried to do that would get a stiff lecture from someone in IT at the very least, and possibly would risk being fired. Yet this happens all the time with phones -- phones that are, in reality, tiny computers that pack more power than the average desktop did just a few years ago. Not your problem? Wait until one of them gets lost or stolen. Are you really comfortable with the idea that a miniature PC that's had unfettered access to your network could fall into a competitor's hands?
I'm pretty sure you aren't. That's why you must have a clear set of policies in place to deal with mobile technologies. Here are a few ideas about what those policies should do:
1. Establish standards for platforms, not devices. There's too much change in the device market to make it practical to list specific approved mobile devices. Within six months, users who want the latest and greatest aren't going to find anything on your list that's capable of all they want in a smart phone. You're better off telling users which mobile platforms you'll support and allowing them to choose the devices and carriers that best meet their individual needs.
2. Enable easy device management. To be suitable for business, a platform must have the ability to be managed holistically. IT must be able to "remote-wipe" any device that is lost or stolen. Your policies must make it clear that all devices used on the network will be managed by IT, whether they were bought by the business or the user. Management policies should be clear about what the company will do with devices connected to the network and why.
3. Mandate password protection. Even in the best-managed environment, devices that are lost or stolen may go unnoticed for hours or days. I recently got into a cab in New York and found a BlackBerry. As I checked to see whether I could identify the owner, I found out a whole lot more. In addition to e-mail, the device contained a full corporate directory. And I could see it all, because there was no password required. Forcing users to enable password-locking can mean the difference between the hassle of restoring a lost device and the nightmare of a security breach.
This isn't the first time I've seen the phenomenon of end-user technology becoming an issue for IT. When Windows 95 was released, so many consumers were enamored with the operating system that they brought it to the office from home and took it upon themselves to upgrade their systems. IT departments that ignored what was happening discovered that by the time their migration plans were complete, many of their systems had already been "migrated" for them. Today, the smart phone is the new PC, and it's being adopted by more and more users all the time. Act now; things are only going to get worse in 2009.
Michael Gartenberg is vice president of Mobile Strategy at Jupitermedia. His weblog and RSS feed are at mobiledevicestoday.com. Contact him at mgartenberg@optonline.net.