Governance the key if you don't want mobile workers escaping your control
On the move but not on the loose
Mobile computing is great. No longer are we chained to our desks when using technology and doing proper work. Not only are laptops getting smaller, lighter and cheaper, it is also possible to do real, productive stuff even more freely using phones and tablets.
As is always the case in computing, though, the positives of convenience and functionality are offset by some negatives. And in the case of mobile computing the big one is governance.
IT governance has many definitions. In my day job, governance is all about ensuring that the manner in which we connect and use our IT systems is auditable, trackable and accountable, primarily in the context of security and confidentiality.
We will look at governance in the specific context of mobile devices: they are, after all, far harder to control and manage than the kit that sits on your office desks.
Yours and mine
The important differentiation is between devices your company owns and the ones it doesn't. You have absolute control over company owned devices, and the correct way to work is to control them utterly without compromise.
When devices are owned by users, you need to put a barrier between the device and the corporate network. Don't, for instance, let them directly ActiveSync email between your mail server (more about how to do that later).
The main rule for choosing a company device is that you should establish a standard and stick with it. You are not in the business of giving employees whatever cool toys they want to play with in the pub; you are in the business of providing them with devices that enable them to do their job when on the move, while ensuring that the effort and expense of supporting the devices is acceptable.
The general process tends to be:
- Decide the requirements for mobile usage by talking to the people in the business who know what they are. I wish I had a fiver for every company I have seen that plumped for a cool-looking device, only to discover that it couldn't actually run the apps that the business needed. Decide what types of device you will let people have.
- Smartphones are the obvious one, of course, and laptops also appear on the list, but do some people warrant a tablet instead, or as well? Is a big phone better than a small one and a tablet? Try to settle on standard kits and have as few options as you can.
- List the platforms that exist for each device type and confirm that every application the users need can work on each platform. In many cases you won't be able to run an app natively on a device so you will have to present it via another means (such as a Windows session presented via a Terminal Services type connection). Cross off the platforms that can't do the job, then decide how you implement your standard kits with as few platforms as possible. If, for instance, you have the option of Apple or Android for smartphones but only Apple on tablets, go for Apple on both as it will be cheaper and easier to support a single operating system.
- With user-owned devices, don't try to support everything that people bring in. Decide what you can afford to support, and tell users with other devices that there are no guarantees and they can have best-efforts assistance at most. And if you have a bring-your-own-device policy where the company contributes to the purchase of users' machines, state clearly the types of device you are willing to contribute to and ban users from buying anything else.