Though we’re nearly halfway into 2019, I’m still surprised that the enterprise adoption of mobile devices and apps by employees remains relatively low. Mobile is nothing new, it’s been around for decades. So, why is it that organizations still struggle with mobility, and the decisions around it—such as whether or not to allow employees to bring their own devices (BYOD)?
Over the past year I’ve worked with clients across many industries: financial services, retail, supply chain and travel, and have seen first-hand how companies still have difficulty delivering and leveraging mobile technologies across the enterprise. The concerns or blockers we heard about years ago are the same ones that come up this year:
- We’re concerned about having corporate data on employee devices
- Employees feel “big brother” is tracking everything they do or view on their mobile devices
- It just costs too much
These concerns may have been valid years ago, but now they’re just excuses. Instead of coming up with reasons not to deploy mobile technology across the enterprise, (or putting so many restrictions on the use of mobile that employees just won’t use it), companies need to figure out how to use mobile to boost productivity and deliver a great experience.
In a mobile world, the flexibility of working in a multitude of environments (office, home, remote, on-site, etc.) isn’t just a perk. It’s a vital way to remain competitive and achieve strategic business goals.
Now, while data leakage and loss are valid reasons for disallowing the use of mobile devices, security threats are not going away. Most companies simply lack confidence in mobile security and don’t understand today’s threats and how to mitigate them. Instead of locking everything down like Fort Knox, and only allowing employees access to applications and data while in the office on a desktop or laptop, because its more secure, companies need to appreciate all the ways employees can benefit from the use of mobile, and devise a plan to support enterprise mobility.
Key steps to increase confidence in your organization’s mobile security posture, and in the adoption of mobile across your enterprise
Identify where mobile can deliver value
Research the mobile use cases in your organization. Not every employee needs mobile technology to perform their job, but don’t discard the notion of mobility altogether without having a clear understanding of how employees perform their daily tasks and where mobile can be used to streamline business processes and boost productivity.
Mobile apps can be designed and architected to allow secure access to data for performing tasks (e.g. assisting customers in the field) without storing that data on the employee’s device. The benefit of mobile is enabling users to access information on-demand to make better-informed decisions.
Make Information Security your partner, not your enemy.
Partner with your security team to understand the top use cases and identify solutions to support mobile and protect your company’s data. Your Security team can use many strategies to protect your data and enable enterprise mobile solutions (e.g. containerization via MDM/MAM), but they need to understand who the users are, and where and how the devices will be used, in order to provide the best solution that mitigates potential risks and threats.
Our recommendation is to create a Policy Characteristics Matrix that identifies and defines the following:
- Mobile Policies
- Mobile Users (Executives, Employees, Contractors, etc.)
- Ownership (Corporate or Personal)
- Managed (MDM/MAM; Yes or No)
- Individual or Shared Device Usage
- Data Access Classification (Trusted, Semi-Trusted, Un-Trusted)
- Designated Users
- Mobile Use Cases
- Data Examples
- Data Asset & Risk Classifications
- Device & App Functionality
Defining this information helps Security understand the business drivers and use cases for mobile, and identify and implement the right mobile solutions that protect company and personal data.
Make sure your policies align with your mobile business drivers.
Review and update your policies to support your business drivers for enterprise mobile (e.g. increasing employee productivity, improving operational efficiencies, etc.), while ensuring your employees understand these updates are meant to protect their privacy and company data.
Blanket policies unclear on what the company monitors, and how it manages mobile device use (whether company-issued or personally-owned) are prevalent in the enterprise. This creates a “trust” issue and deters employees from adopting mobility, which means your investment in designing and deploying mobile apps will not generate a return on investment.
Review your policies (e.g. BYOD, Acceptable Use, etc.) to be sure they align with mobile business drivers, clearly describe their intent, and are well understood by employees.
Keep mobile users informed
One common reason BYOD programs haven’t taken off is because employees don’t understand the policies and believe MDM/MAM tracks everything they do on their mobile device—whether personal or business. While this isn’t the intent, most organizations write and present policies to employees without bothering to explain the objective of the policies and tools. It’s only human nature: if we don’t understand something we avoid it or do nothing.
I recommend first reviewing the policies with a select number of employees (e.g. focus group) to gain their feedback on how to improve the policies, ensuring they clearly define intent, and provide equal protection for employees (privacy) and company (data security).
Be clear which devices are acceptable. One benefit of BYOD is letting employees use mobile devices they’re familiar with, however, organizations shouldn’t allow just any mobile device to access company data and perform daily tasks. Every BYOD policy must clearly define which devices and operating systems are acceptable, prohibiting jailbroken devices and apps that compromise security.
Many employees are uncomfortable with employers having access to their personal data (e.g. locations, photos, call logs, contacts, etc.). Setting your employees’ minds at ease about what is and isn’t appropriate access by the company can go a long way toward making device usage comfortable for all involved.
Enterprise mobile solutions deliver a ton of value to your employees and the organization. Don’t minimize the successes by restricting how employees perform their jobs and the tools they may use.
If you need assistance reviewing your mobile policies and would like recommendations for enabling the use of Enterprise Mobile Solutions or increasing the adoption of your BYOD program, please don’t hesitate to reach out. Anexinet has helped leading brands across industry verticals architect and deploy Enterprise Mobile Technologies that achieve strategic business objectives (e.g. boosting employee productivity) while protecting employee privacy and securing company data.