For part one of this series, click here.
Mobility governance refers to the people, processes and policies associated with mobility deployment within the enterprise. With few exceptions, enterprise mobility deployment is reactive and tactical. The lack of a corporate mobility strategy results in the deployment of incompatible point solutions, coordination issues and inconsistent policies.
In addition, most enterprises have no coordinated approach to mobility funding. This includes decisions to deploy a wireless LAN, purchase mobile devices, and select mobile cellular service plans. Some managers demand that business case analysis be applied to the decision-making process for such things as wireless deployment and social networking implementation. IT managers often express frustration over the difficulty of developing a business case for mobility products and services. Other managers go to the other extreme and simply mandate mobility technology deployment without any upfront analysis.
Personal-use policies on handheld devices often vary widely. Some enterprises prohibit personal calls, forcing employees to carry two phones -- one for business use, the other for personal calls. Others allow personal phone calls only if employees do not exceed their minutes-of-use plan. Some enterprises have a "no text messaging" policy, although it is unclear how that policy can be enforced if the employee owns the phone.
Similarly, handheld ownership policies vary widely. Most enterprises allow only company-owned devices to access the network. Some allow personal laptops to access the network when using an enterprise-provided USB key that contains an approved bootable image.
Enterprises often struggle to balance the needs of IT staff to secure and manage mobile devices with the desire of employees to use mobile devices whenever and wherever they want. Some organizations opt for a laissez-faire approach that provides users with broad device usage and ownership flexibility. However, this approach often exposes the enterprise to inordinate security and legal risk. Alternatively, concerns over insufficient mobility security and management, coupled with the lack of coherent mobility governance, cause many IT organizations to simply reject user demands for greater mobility solutions. This approach can lead users to find ways to bypass the IT staff and enterprise policies.
Some enterprises are using the Information Technology Infrastructure Library (ITIL) for mobility service management. ITIL is a widely adopted framework for IT service management. ITIL can help organizations create a mobility strategy, personal-use policies, security best practices, and funding procedures.
Enterprises should consider the following recommendations:
- Embrace mobility as a strategic initiative rather than simply a technology purchase decision.
- Consider applying the ITIL concepts and policies to the challenge of enterprise mobility.
- Consistently adhere to security best practices, and avoid making exceptions to security policies.
Enterprises often deploy mobility in an ad hoc, department-by-department fashion, in much the same way that local area network technology was deployed in the mid-1980s. Such an approach results in coordination issues, incompatible point solutions, inconsistent policies, increased security risk, and costly mistakes. Enterprises can avoid many of these problems if they embrace mobility as a strategic initiative, consider applying ITIL concepts, and consistently adhere to security best practices.