If the number of Google listings on the topic is any indication, enterprise and small and medium-sized businesses (SMBs) are doing a poor job of developing and instituting mobile policies and procedures.
These documents can cover a lot of ground, from security to billing. They are vital as the amount and value of data stored and trafficked outside the enterprise continues to rise and the ways in which the mobile workforce communicates multiply. But mobile policy isn't getting the kind of ubiquitous attention that almost anyone would agree -- at least in theory -- it should.
That must change, and a small step in that direction was taken last week. Philippe Winthrop, an analyst for Strategy Analytics, has worked with Visage Mobile on a tome titled "The Enterprise Mobility Policy Guidebook: Business Policy Edition." At his personal blog, Winthrop discusses the motivation for the guide:
Well, the fact of the matter is, less than half of companies I surveyed have a mobility policy in place. Then, when I talk to companies and they share with me what they actually include in their policy, it becomes pretty evident that they are struggling with a detailed policy document that they can track and enforce.
The post and this press release go on to describe the guidelines that he and Visage Mobile suggest.
The category of mobile regulatory compliance overlaps security and mobile policies. This description at Fiberlink-which is a teaser for a white paper-describes two elements of compliance. There are general requirements for reasonably extending precautions against "foreseeable risks" and requirements for specific recommendations such as personal firewalls, anti-virus software, encryption and up-to-date patching.
Perhaps Winthrop is correct, and the holdup is that creation of mobile policies is just too difficult for many companies to jump into cold. Perhaps, however, there are a few handy backdoors. One could be telecommunication expense management (TEM). This is a growing field that seeks to put a handle on meandering, mysterious and highly disorganized telecommunications spending.The potential tie-in with mobile policy is that a TEM program focuses on the organization getting a handle on its mobile communications spending. Such an overview could create a roadmap for the institution of policies and procedures. In other words, TEM can be a first step to useful and effective mobile policies by helping to clearly defining the task.
The other is security. The security gurus in a reasonably well-run company have detailed information about the nature of the mobile workforces, including what devices folks are using and the level of information they have access to. This intelligence, especially in tandem with TEM data, can be a good first step toward policy creation.