Companies that put in dedicated policies for trusted work systems are now faced with a deluge of mobile devices in the workplace, particularly consumer level products.
What Gartner VP and distinguished analyst, John Girard, suggests they do is adapt to this environment and quickly, starting with the basic configuration and security policies they feel the need to preserve.
Girard gave tips on how to develop and implementing a robust mobile device policy during the recent Gartner Security & Risk Management Summit in Sydney.
One of the several mobile device management (MDM) reality checks that Girard shared with the audience covered the pitfalls of the mandatory device reset.
“There was a case of a toddler who reset C-level daddy’s tablet that was left in the living room,” he said.
“Of course, daddy didn’t back up the data.”
Then there was the less than ideal hospital honour system.
“Doctors accessed patient databases and hospital scheduling systems via unmanaged and unsupervised BYOD practices,” Girard said.
Girard also spoke about how a mobile honour system failed when IT operations at a company enabled Microsoft ActiveSync through the firewall, however there was no credentials process in place.
In additions to setting limits on data exposure, Girard recommends that IT administrators also limit access to a certain extent.
“Have email pass through certification control and a basic MDM security policy in place,” he said.
“Having BYOD model restrictions is also necessary.”
Control and encryption also go hand-in-hand with a comprehensive MDM policy.
“A ‘trust nothing’ approach reduces policy headaches,” Girard said,
When it comes to managing multiple device and OS platforms and settings, there are some questions that Girard says need to be addressed.
“What’s your baseline and how thoroughly are your PCs managed?” he asked.
“Do you encrypt mails and work station data?”
In order for mobile device management to be effectively implement, Girard suggests people be prepared for enterprise concessions.
Some of the top policy failures that Girard highlighted included BYOD rules that are too rigid or lax, and policies that do not address use cases and job needs.
“If a company lectures but does not mandate, it’s not going to work,” he said.
“It also doesn’t help if management doesn’t support the policy.”
In order for a mobility strategy to work, Girard suggests that business give users the choice to opt-in to company’s MDM, and use “trust” and their supporting technology as a decision point.
