Crafting a mobile device security policy

IT organizations (ITOs) are struggling to constrain the use of employee-owned mobile devices for work activity. On the one hand, the business benefits from increased productivity and employee satisfaction without a commensurate cost. On the other hand, organizations lose control of corporate data and set themselves up for higher transition costs later. How can organizations reap the business benefit of mobility without the loss of control?

META Trend: Investment in strategic security processes will focus on formalizing risk (2004/05) and trust (2005-07), with increasing attention to awareness/communication and policy. Demand for formal certification of security resources (internal, professional/managed services) will continue to rise through 2007. Statutory (privacy, cybercrime, critical infrastructure) and business requirements (corporate governance, mitigation of technology risk) will drive maturation of internal compliance programs until at least 2008, varying somewhat in time frame due to national/regional diversity.

Mobile devices such as laptops, personal digital assistants, smart phones, and USB storage are rapidly increasing in capability while also declining in price. By their very nature, mobile devices are more prone to loss and theft, are less mature, and often operate outside the network perimeter, making them highly vulnerable to attack. End users seeking to improve personal productivity and to achieve a better work/life balance are bypassing the budget-constrained IT procurement process and buying such devices themselves….fewer than 10% of organizations have a formal and comprehensive mobile security policy.When these devices are used for corporate activities, they open up a Pandora’s box of security and management concerns. Concurrently, organizations are struggling to more actively manage information risk in light of regulation and compliance issues. Although organizations have benefited from increased productivity and worker satisfaction at no cost, we believe security risk and future integration costs of this informal approach are rising rapidly.

Our research indicates that fewer than 10% of organizations have a formal and comprehensive mobile security policy. Organizations must develop a security policy appropriate for the type of device and the information it contains, and provide a program that will foster policy compliance without needlessly constraining personal productivity.

To get back in control of mobile security, organizations should perform the following:

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now