Feeds

Mobile security: the right way and the wrong way

Should users be pushed or pampered?

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Mobile workshop The team here at Freeform Dynamics has reviewed a lot of projects and gathered a lot of feedback from organisations implementing mobile technology over the years. One of the things we hit on in a report we put together earlier this year was how importance it is to engage and train users to minimise mobility related security risks in the right way.

The "human factor" is, in fact, important to get your head around in across the mobile space, and there's a general consensus among those with more experience of mobile working projects that you ignore this at your cost. The message we hear time and time again is that you need user input when specifying solutions to ensure that devices and applications are fit for purpose and will actually be used as intended to deliver the result you are looking for. You also need users to cooperate in terms of behaviour and practices to keep both risks and cost under control.

One Reg reader, Brett, summed up a lot of what we would regard as best practice in relation to user involvement in a recent mobile workshop post. Here is an extract from what he said:

"I treat our user community as adults. That means that I (as CIO) discuss their needs with them, listen carefully to what they want and what their issues are, then provide a list of solutions that covers their needs. Things like security, confidentiality, improper use of corporate assets - these are open and thoroughly explored, with feedback from the users individually as well as a community incorporated into our mobile technology planning. And it has paid off handsomely for us: our users understand the fundamental issues we're addressing from the company standpoint and have been remarkably resistant to misuse of corporate resources - mainly because we insure that the company takes care of their personal needs as well. We have a consistent set of policies that cover ALL aspects of personal communications, most of which reflects the user's requirements as well as the common corporate goals."

You can read the rest of Brett's post here, along with some other very good feedback from readers.

But does all this just amount to "pampering" users unnecessarily?

Well, some might think so and advocate a more dictatorial approach by the IT department in which users "get what they are given". Others might like the idea of a collaborative approach, but just think it is impractical in their environment, which is fair enough - Brett, after all, works in a relatively small company, and at the other extreme, getting sensible input from a user base of hundreds or thousands can be a challenge.

Whatever you view of what's desirable or possible, though, we appreciate hearing it, so if you have a minute, why not let us know what you think in our latest poll below:

READER POLL

How many employees do you have in your organisation that connect to your systems or applications from a handheld wireless device for business purposes?

None
1-10
10-50
50-250
250-1,000
More than 1,000

How do these users break out between "professional" and "blue collar" workers (forgive the gross categorisation here, just trying to get a flavour of your installation)?

Exclusively professional
Mostly professional
Even mix
Mostly blue collar
Exclusively blue collar

To what degree have you standardised on devices for professional workers in particular?

We are highly standardised and only support a single model of device
We have a range of standard models that we issue according to user role and need
We have a range of standard models that users can select according to preference
Users can select any device they want, provided they meet certain criteria
Users can select any device they want, with no restrictions
Not applicable

If you have any level of standardisation, to what degree are professional users involved in the standardisation process?

Users drive the process and IT has to fall into line
Users drive the process, but take IT opinion on board
Users and IT collaborate and drive the process together
IT drives the process, but takes user opinion on board
IT drives the process and users have to fall into line

How effective do you think your current policy is at meeting business requirements on a scale of 1 to 5?

1 - Totally Ineffective
2
3
4
5 - Totally Effective

What about meeting the requirements of the IT department in terms of maintenance, management, support and so on?

1 - Totally Ineffective
2
3
4
5 - Totally Effective

As you look forward, do you think your policy needs to change to provide:

More freedom of choice to professional users
Less freedom of choice to professional users
Neither – we have it about right
Not relevant

And with regard to the selection of standard devices, how should your policy change here (if relevant)?

More involvement from professional users
Less involvement from professional users
Neither – we have it about right
Not relevant

Any other thoughts, comments or recommendations?

Thank you, we'll report back at the end of the week.

The essential guide to IT transformation

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
BT customers face broadband and landline price hikes
Poor punters won't be affected, telecoms giant claims
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.