Unlike the Windows-dominated PC market, the mobile device market has a cast of operators, manufacturers, and OEMs that are all part of the mobile ecosystem. There is also no shortage of mobile device management (MDM) vendors and solutions. As these MDM solutions swing from on-premises to cloud and managed services, we could see a shift in the relationship between mobile operators and enterprise IT.

Significant technological advances by any of the players in the mobile ecosystem can change your mobile strategy considerably. Your responsibility is to lay out an agile strategy while remaining mindful of ongoing upheaval. With this in mind, Forrester recommends that IT professionals in both infrastructure and operations (I&O) and security and risk (S&R) roles work together toward the following goals:

1. Develop mobile device management capabilities. Many I&O professionals have already invested in an MDM solution. This essential technology allows I&O professionals to support multiple platforms and form factors, extend management and security policies to both corporate-liable and employee-owned devices, and automate service desk support. This is especially important as I&O develops a BYOD program to support the business needs and high expectations of an empowered workforce.

However, avoid investing in any monolithic infrastructure for the sole purpose of mobile operation and management. As much as possible, leverage services and technologies that are native to the platform and don't require a big footprint in your infrastructure. Also, avoid technologies that focus heavily on device management but provide little application- and data-level control.

[ For more on the challenges of developing MDM strategies, see MDM As Mobile Strategy, Career Necessity. ]

2. Create a BYOD program and introduce a phased rollout for empowered workers. Unless you have extremely strict security and privacy requirements, it's more than likely you will need to support employee-owned devices in your organization. To do this, you will need to adopt the necessary MDM and mobile security tools, but you will also need to define a strong mobile policy that clearly outlines eligibility and access requirements, support options, and of course, who pays for what. In addition, any successful BYOD strategy must include self-service options for employees. Portals that allow employees to quickly onboard devices and download available corporate applications can remove significant amounts of support time for IT professionals.

However, the devices in your BYOD program shouldn't stop at mobile devices. Bring-your-own-PC, for instance, is just a small mental leap from bring-your-own-smartphone. For this reason, IT professionals should craft a strategy that focuses on the fundamental capabilities that enable bring-your-own-device, rather than the nuances of supporting iOS and Android, for instance. Examples of fundamental technology choices and processes include universal NAC, an enterprise PKI (to enable certificate-based authentication for any device), virtual application delivery, and self-service.

3. Tier mobile device management based on applications and security risk. Instead of using a one-size-fits-all approach, tier device management based on applications and security risk. In a tiered model, employees eligible for company-owned devices might get a choice of BlackBerry or iPhone devices running a full suite of business apps and intranet access, while employees in the BYOD tier can use approved iPhone and Android devices but might get access only to email, a VPN-enabled browser, and virtualized applications.

4. Plan for an enterprise app store. Forrester anticipates mobile application management and provisioning to emerge as a new technology category over the next 12 to 18 months. Adjacent to MDM, this area will support asset and software management, chargeback, service desk, and request fulfillment capabilities in addition to offering a multiplatform application catalog, mobile experience monitoring, and a billing engine.

While nascent offerings native within some MDM solutions--such as AirWatch, MobileIron, and Zenprise--have begun to emerge over the past year, it will take another two to three years before IT professionals perceive this as mainstream "must-have" technology. This new management experience will push IT to adopt more self-service capabilities, move faster to embrace new technologies, and in essence deliver a more consumer-like experience to corporate users.

5. Anticipate the convergence of mobile device and PC management. I&O professionals are still at least three to four years away from being able to effectively manage all endpoint form factors--including smartphones, desktops, laptops, tablets, ultrabooks, and netbooks--through a single pane of glass. Acquisitions and strategic partnerships and an eventual convergence of roles within I&O will drive more firms to explore this possibility.

We're also still years away from deep product convergence, although some MDM solutions technically support PCs and some PC/client management solutions support some mobile platforms. Which vendors will take ownership of this convergence remains to be seen. Your five-year IT roadmap might call for an investment in MDM today, but you might need to shift your investment to a PC management, a carrier-based managed service, or some combination of the two tomorrow.

6. Support a user-centric approach to mobility. As devices such as cameras, cars, home electronics, and even musical instruments come equipped with microprocessors, we will see devices increasingly become conduits for businesses to deliver services and engage customers. While the one constant in this increasingly diverse world is the user, the notion of a user is not one-dimensional, as typified by identities in a corporate directory. Rather, users will be contextual--IT systems will consider the access rights of a user dynamically, along with the device state, geographic location, and even which apps the user is accessing at a given moment.

To stay relevant, your enterprise must pursue a steadfast user-centric approach to mobile device management and security while embracing new peripherals and meeting new business use scenarios. This means you must shift your attention from devices to the user. As a result, your strategy will dictate technologies that exert control within the greater user context--at the app and data level--rather than on the underlying device.

At this year's InformationWeek 500 Conference, C-level execs will gather to discuss how they're rewriting the old IT rulebook and accelerating business execution. At the St. Regis Monarch Beach, Dana Point, Calif., Sept. 9-11.