How can employee-owned mobile devices be secured and managed on corporate networks?

Companies increasingly allowing employees to keep their iPhones or other devices, but with strings attached

With the rise of personal mobile devices, a growing number of enterprises have scrapped the homogeneity mandate: instead of requiring employees to use a standard smartphone, more IT departments are now looking at some degree of control over employee-owned (or "employee-liable") devices, to manage and secure them.

With the rise of personal mobile devices, a growing number of enterprises have scrapped the homogeneity mandate: instead of requiring employees to use a standard smartphone, more IT departments are now looking at some degree of control over employee-owned (or "employee-liable") devices, to manage and secure them. 

"The corporate standards dam is breaking, as platforms like Android and iPhone push their way into the enterprise," says Gartner Vice President Phillip Redman. "Most companies will accept these, and prepare guidelines and processes for managing and securing them."

More wireless burning questions:

Should you bother with Windows Phone 7?||||||

How to deal with the bandwidth crush from mobile devices?

Is Sprint losing its WiMAX/4G gamble?

What's the enterprise impact of carriers' new "capped" wireless data plans?

How can wireless/wired security be united?

How are big Wi-Fi networks affecting radio management?

Best practices, Redmond says, include "segmenting users into work styles by mobility and application requirements, and matching up device choices." Another key: adopting of a mobile device management platform or service to help manage the use, configuration and security of these devices.

The approach needs to be systematic and comprehensive, says Khoi Nguyen, group product manager for the mobile security group at Symantec. Crucial elements are: general device and application management; security features to ensure policies are in place, enforced and up-to-date; and alerting and reporting on unauthorized access.

Whatever the details, the overall process "boils down to a regimented and policy-driven approach that recognizes that smartphones and other mobile devices need equal treatment because they've become equally important with other IT assets," says Tom Henderson, managing director of ExtremeLabs.

"Nothing technologically prevents this," says Enterprise Mobility Foundation President Philippe Winthrop. Instead, he says, the real issues are cultural. "There has to be a recognition by the individual [employee] that e-mail is corporate intellectual property," Winthrop says. "And if you're looking at more than e-mail, then the company has every right to secure that information." (See "Endpoint security: managing enterprise smartphone risk".)]

A growing number of companies are formulating written mobile policies and requiring employees to read, understand and sign them before they have access to e-mail and other data from their device. One of Winthrop's neighbors bought a new iPhone 4, and his company's IT department installed, via the App Store, the corporate-mandated secure messaging platform. That will become increasingly common, Winthrop says.

"The big question surrounds legal issues -- agreements between employees and employer -- and placing an enterprise-owned agent on an employee's handset," says Craig Mathias, of the Farpoint Group mobile consultancy.

It's the start of whole new relationship between mobile device users, in dual roles as individual consumer and employee, and the company for which they work.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies