Tackling IT Consumerization Phenomenon
One of the primary security concerns for us over the past few years has been the IT consumerization phenomenon; in particular, the proliferation of mobile devices and the endless array of available applications.It was clear to us that many of our employees were working in non-traditional ways, often remotely, not necessarily connected to our network, and in most cases, using their own devices. This motivated us to implement an enterprise mobility program. We figured that if we did nothing, our tech-savvy colleagues would go further underground and create their own solutions.
Implementing the program has been a journey, but that seems to be the nature of any new program. Since launching the program, we’ve received positive employee feedback, and at the same time, we’ve benefitted from the security that gets layered around the mobile device. I credit our program’s success with having a user-centric vision and strategy that is built on sound IT risk-management principals.
Before we moved forward with the mobility program, we socialized it with our executives and IT Steering Committee. Having their support upfront has paid dividends, especially with upholding the program’s standards. We expected employees to look for loopholes in the program and ask for policy exceptions, so having a committed senior management team has been helpful to contain this.
One of the most important foundational tasks was defining our mobile support model. That is, we identified the extent to which we would support employee-owned devices versus company owned. Once we did that, many of the tactical decisions seemed to fall into place naturally.
Next, we created our mobility roadmap, which meant deciding which technologies we were going to deploy and when. When we launched Bring-Your-Own- Device we did so using mobile device management (MDM), and then immediately went to work on Phase 2, which included providing access to approved business applications. Implementing Phase 2 meant we needed to create secure containers to put those applications into, which then led us to introduce mobile application management (MAM) into the mix. Some organizations may choose to go straight into a MDM/MAM environment; that’s when your roadmap comes in handy. It helps set the expectations of management and the user community, as well as planning and scheduling investments.
Throughout the design phase, we planned for key security considerations, such as balancing the need for strong authentication with ease-of-use. As a result, we included elements for single sign-on and streamlined multifactor authentication. We viewed these as technologies that would both enhance the user’s experience and strengthen our security. As a bonus, we plan on leveraging those same investments across the enterprise, so people can use single sign-on from their office computers or remotely through their mobile device.
In a nutshell, our successful process included:
• Communicating the strategy and vision to senior upfront
• Getting smarter on the mobility subject and product space and finding partners who could advise us, and validate our work at various stages
• Defining the IT Mobile support model
• Developing an implementation roadmap, and selecting and implementing appropriate tools
• Publishing the new Mobile Device Policy; and having users acknowledge it