Sunday, February 05, 2006

Mastering Mobile Enterprise Madness

CIO has a lengthy feature article on how the proliferation of mobile devices in the enterprise are making people more productive, "and creating enormous management, support and security headaches for CIOs. The article states that "What CIOs need desperately is a strategy for managing mobile and wireless devices. Elements of a good strategy include: First identifying if there's a business need for a device; segmenting your employees by job function; deciding on a list of devices that IT will (and will not) support; and last, devising a training plan for users and help desk staffers as well as enforcement mechanisms that will ensure device security."

Roger Entner at Ovum said, "At least 70 to 80 percent of adherence to corporate security policies is self-enforced by the people. If they have a positive attitude, you will have much more cooperation [with security]." The article outlines "lessons from CIOs in four industries that cover the entire life cycle of mobile and wireless devices."

Regarding the cost-benefit of mobile devices in the enterprise, Eric Maiwald at Burton Group said,"It's no different than use of desktop PCs or laptops. CIOs should use those same requirements and analyses with handhelds. The use of handheld devices may increase employee productivity, but it may also increase the risk to the organization."

Maiwald noted a device's features and function should also match the job role. He said, "The added communication capability may introduce a higher cost and [security] risk without materially benefiting the organization. You don't just willy-nilly give the devices out. You have to do the proper requirements analysis [of each group]," says Burton Group's Maiwald.

For executives, Ovum's Entner commented, "Most executives are oblivious to the security challenges. You have to disarm all the security stuff because the executive can't figure out how to work it."

On the topic of standardizing on a specific mobile platform or device, CIOs need to walk a fine line. Entner said, "You need to find a balance between minimizing the support costs and making your people happy and cooperative."

The article suggests for "organizations where users may not be quite so sophisticated (or difficult), CIOs should offer as much training as the user base needs." Entner stated, "Training costs time on the front end, but it really saves a lot of time on the back end because you don't have 25 people asking questions later, one by one."

Enforcement of device security policy is one of the biggest pieces of any overall mobile device strategy. Burton Group's Maiwald said, If CIOs are going to "allow these devices, then they need to make sure their policies are enforced." But Ovum's Entner added, any mobile device "is only as secure as the human operating it. No amount of software can change that."