Forrester Research analyst Benjamin Gray was the featured guest at a Sybase-hosted webinar last week (December 15). As a good guest, Gray came bearing interesting data and anecdotes about mobile uptake in the enterprise, as well his recommendations gleaned from hundreds of CIO interviews for the best ways to manage and secure your mobile devices.
Let's start with the data and anecdotes. There is a "huge influx" of mobile devices into enterprises, as illustrated by North American and Western European survey data from earlier this year showing that half of enterprises already support more than two mobile platforms, with 29% supporting three or more (click on the slides to see a larger version).
More than 50% of enterprises have bowed to worker pressure and support personally-owned smartphones. Among the rest, there are a lot of IT managers and "even C-level execs" now making it a priority to draw up such a policy and develop a management strategy.
Despite the influx of worker-owned devices, BlackBerry and Windows Mobile remain surprisingly strong, at least they did in Q1 when this survey was conducted. That won't stay the same for long, says Gray, who expects Android and iPhone to emerge quickly. But neither OS will ever dominate, he said. That means extra work for companies, but leaves individual workers the winner in this scenario.
As for best practices, Gray has 20 tips. First and foremost, enterprises should start by researching their user population and creating policies based on that. This could involve a baseline policy one that can apply to everyone from the delivery truck driver to the CEO, with stronger layers on top.
However, few enterprises today properly segment their user population. As a result, most IT organizations over-secure and over-manage 80% of their employees, but underprovision their 20% most important ones, said Gray.
Gray also advises enterprises to "embrace mobile-device-agnostic mobile device management solutions" (full disclosure: like Sybase's Afaria) in either software or service form, especially one that offers a "single pane of glass". And while he advises that companies put their telephone number on the locked screen to call if the device is lost, Gray doesn't believe in putting a corporate logo on the device, as it presents too much of a temptation to data thieves.
To combat hackers, IT managers need strict policies on passwords, failed authentications (fail ten times and the device data is automatically locked or even wiped) and data storage (encrypt all data).
Gray advises enterprises to invest in the "right multi-platform solution" as he believes it is a better long-term investment in terms of IT time and cost. He offers five other closing tips that enterprises can act upon now.
Does your organization implement some or most of these mobile best practices? What might be missing?