The availability of mobile devices has allowed organizations to synchronize their internal information and applications virtually everywhere. However, this flexibility comes with certain challenges and risks that must be considered when preparing your organization for mobile computing. Defining a mobile strategy includes establishing a clear set of goals, determining the performance and security ramifications and developing and adhering to a written acceptable use policy for all users.
Begin by determining the goals for using mobile data: Which business processes are enhanced by putting information into the hands of trusted parties? Usually this is determined by which job types internal to your organization are performed outside of the office (e.g., sales or field staff). Then consider how users who are typically office-based may become more efficient by having access to information from home or off-hours.
Once goals are established and a policy is in place, consider whether your current server and network architecture can handle the demands of mobile data users. With voice, video and data so widely available on personal devices, tolerance for downtime or poor performance has diminished in recent years.
Work responsibilities are also more time sensitive, not only because certain issues require quick turnaround, but also because employees expect the work to be available to them when they are ready to focus on it. They may even dedicate a certain time to address work issues, and if the network or application is unavailable, not only will they be less productive, they may also be less willing to adopt the mobile technology that you are counting on them to use.
Extending the enterprise generally means making information available via public networks or via networks over which you have less control. The combination of personal information and surfing can also jeopardize the integrity of a company asset. Begin by deploying tools (e.g. VPN) that allow for secure remote connectivity and have policies in place that speak to the personal use of business devices.
We also recommend managing all wireless devices on a company-paid corporate plan, instead of having users “bring your own device” (BYOD). Let’s face it, employees will use their company-paid wireless services to make personal calls, surf the Web and conduct personal business.
Yet, while the management of a corporate plan introduces a higher level of management and administration than simply letting employees expense part of their personal wireless devices, a corporate plan allows your organization to fully audit wireless devices because the device, service and number are all company-owned assets. In the case of BYOD, employees can put your business functions at risk without your ability to audit and mitigate potentially harmful activity.
Acceptable Use Policy
For organizations that must abide by Sarbanes-Oxley, Health Insurance Portability and Accountability Act, Payment Card Industry, Freedom of Information Act or other types of compliance and regulatory constraints, the ability to send and receive data of any kind, anywhere and anytime means that a formal, written policy must be in place regarding the use and dissemination of information. Formalizing and adhering to an acceptable use policy are the first steps in keeping the benefits of mobility from becoming a Pandora’s box for your organization.
How has increasing mobility improved business performance at your organization? What challenges have you come up against?