Oct 28, 2011
Rolling With the Changes
As you develop mobility policies, your ultimate goal should be the certainty that any data contained within a device, or any connectivity profiles—VPN or Wi-Fi—that provide access to corporate networks, is completely secure, even if the smartphone or tablet is lost or stolen. Can you look into an auditor’s eyes and say that with confidence?
Because the trend is toward personally owned devices, if an MDM system can’t differentiate between enterprise data and the owner’s data, don’t buy it. But this is just one in a long set of important, and nice to have, features. In general, candidate MDM platforms should support iOS and Android, with management links to RIM’s BES a big plus. It should be able to differentiate security capabilities by OS type, because not all operating systems are created equal. It should normalize controls regardless of platform, so IT doesn’t have to know the gory details. It should consume user-role data from centralized directory services so that changes that are fed from the central directory—including termination—affect the profile experience on the end device. Self-service functions, such as provisioning and bringing a device back into compliance after missteps like loading an app considered risky, help reduce the help desk load. In this report, we’ll examine trends in mobile device management and security and delve into policy development. (R3321111)
Survey Name: InformationWeek Mobile Device Management and Security Survey
Survey Date: August 2011
Region: North America
Number of Respondents: 323 respondents from companies with 50-plus employees involved with determining mobile/wireless strategy or evaluating, recommending or purchasing mobile devices.
Purpose: This survey strives to gauge respondents’ secure use of mobile computing technologies such as smartphones and tablets and the importance of the supporting security structure. By polling for trends in the overall use of mobile devices as well as the applications in use by respondents’ organizations and their relative significance, it becomes clear which are the most mission-critical and would cause greatest disruption should they become unavailable. We also delve into the policy components governing the use of mobile technologies. Our aim is to determine the importance of mobile data protection to organizations, as well as whether mobile data policies are in place. On the tactical end, we asked about the most popular security controls being used, as well as centralized mobile device management systems and the rationale for seriously considering their use as a security control to enforce organizational mobile security policy.