Feeds

Mobile security: the right way and the wrong way

Should users be pushed or pampered?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Mobile workshop The team here at Freeform Dynamics has reviewed a lot of projects and gathered a lot of feedback from organisations implementing mobile technology over the years. One of the things we hit on in a report we put together earlier this year was how importance it is to engage and train users to minimise mobility related security risks in the right way.

The "human factor" is, in fact, important to get your head around in across the mobile space, and there's a general consensus among those with more experience of mobile working projects that you ignore this at your cost. The message we hear time and time again is that you need user input when specifying solutions to ensure that devices and applications are fit for purpose and will actually be used as intended to deliver the result you are looking for. You also need users to cooperate in terms of behaviour and practices to keep both risks and cost under control.

One Reg reader, Brett, summed up a lot of what we would regard as best practice in relation to user involvement in a recent mobile workshop post. Here is an extract from what he said:

"I treat our user community as adults. That means that I (as CIO) discuss their needs with them, listen carefully to what they want and what their issues are, then provide a list of solutions that covers their needs. Things like security, confidentiality, improper use of corporate assets - these are open and thoroughly explored, with feedback from the users individually as well as a community incorporated into our mobile technology planning. And it has paid off handsomely for us: our users understand the fundamental issues we're addressing from the company standpoint and have been remarkably resistant to misuse of corporate resources - mainly because we insure that the company takes care of their personal needs as well. We have a consistent set of policies that cover ALL aspects of personal communications, most of which reflects the user's requirements as well as the common corporate goals."

You can read the rest of Brett's post here, along with some other very good feedback from readers.

But does all this just amount to "pampering" users unnecessarily?

Well, some might think so and advocate a more dictatorial approach by the IT department in which users "get what they are given". Others might like the idea of a collaborative approach, but just think it is impractical in their environment, which is fair enough - Brett, after all, works in a relatively small company, and at the other extreme, getting sensible input from a user base of hundreds or thousands can be a challenge.

Whatever you view of what's desirable or possible, though, we appreciate hearing it, so if you have a minute, why not let us know what you think in our latest poll below:

READER POLL

How many employees do you have in your organisation that connect to your systems or applications from a handheld wireless device for business purposes?

None
1-10
10-50
50-250
250-1,000
More than 1,000

How do these users break out between "professional" and "blue collar" workers (forgive the gross categorisation here, just trying to get a flavour of your installation)?

Exclusively professional
Mostly professional
Even mix
Mostly blue collar
Exclusively blue collar

To what degree have you standardised on devices for professional workers in particular?

We are highly standardised and only support a single model of device
We have a range of standard models that we issue according to user role and need
We have a range of standard models that users can select according to preference
Users can select any device they want, provided they meet certain criteria
Users can select any device they want, with no restrictions
Not applicable

If you have any level of standardisation, to what degree are professional users involved in the standardisation process?

Users drive the process and IT has to fall into line
Users drive the process, but take IT opinion on board
Users and IT collaborate and drive the process together
IT drives the process, but takes user opinion on board
IT drives the process and users have to fall into line

How effective do you think your current policy is at meeting business requirements on a scale of 1 to 5?

1 - Totally Ineffective
2
3
4
5 - Totally Effective

What about meeting the requirements of the IT department in terms of maintenance, management, support and so on?

1 - Totally Ineffective
2
3
4
5 - Totally Effective

As you look forward, do you think your policy needs to change to provide:

More freedom of choice to professional users
Less freedom of choice to professional users
Neither – we have it about right
Not relevant

And with regard to the selection of standard devices, how should your policy change here (if relevant)?

More involvement from professional users
Less involvement from professional users
Neither – we have it about right
Not relevant

Any other thoughts, comments or recommendations?

Thank you, we'll report back at the end of the week.

Gartner critical capabilities for enterprise endpoint backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?