The issues with mobile security device management is a many headed beast. It makes sense to bring your iPad to work but the IT dude kind of freaks out.

One Friday afternoon I chatted with an IT guy, very senior, who faced a weekend of working through a slew of iPads that he had to manually provision.

But it’s not just a manual hell storm for the IT manager. Wasabi Roll, which has the best tag line ever: (IT News, Served Cold with a Kick! Remember Cheap ≠ inexpensive…) makes an important point. The CIO knows that the mobile devices are not just for messaging anymore. They are app machines. They access the Web. And they are used for messaging.

But there is a huge gap. Yes, the devices are valuable tools but people lose them all the time. And often, the smartphone has all kinds of sensitive data.  If just one gets in the wrong hands it can mean trouble and expensive meetings with the lawyers.

Wasabi Roll blogger Rick Ricker cites a survey og 300 IT decision makers in companies of 500 employees or more. “Three-quarters of those surveyed say they are worried that staff will find other ways to access corporate networks through their chosen device, with or without the IT department’s help, while nearly 30 percent have experienced a security breach based on the use of an unauthorized device”

Mobile Device Management is the answer. There are a number of vendors out there and many more startups that have designs on how to solve this problem. We’ll explore some of these startups in a later post. But for now, here are Ricker’s top 10 things to consider for Mobile Device Management:

1. As with your employees, segment the groups of devices following the Dept. vernacular to easily manage the p/l.
2. Make sure you allow flexibility in your device enablement, because you’re always going to have “Hip Pocket” rouge devices not on your radar otherwise.
3. Invest in MDM, duuuuuh…
4. For convenience, make sure you get a solution that has a Web-based console for Management and Security, that promotes the anywhere anytime ability.
5. Have a process in place for request, acquire, and terminating devices
6. Include an appropriate use paragraph in you employee handbook (you should already have this…)
7. Clearly define the what constitutes mobile expense, avoid the exception calisthenics
8.  No company logos on devices, electronic or otherwise… security folks…
9. Consider Security policies like lost or stolen call number on lock screen, strong password, and remote wipe after 10 tries encryption.
10. Have a document portal to limit, local storage requirements

Services Angle

There may be no greater need right now in the enterprise than how to deal with mobile device management.  By the end of this year,  there will be about as many smartphones in the workplace as PCs. People still spend far more time doing work on their PCs but how does the device become part of the workflow and how does security fit into that process?