Managing Mobile Device Usage Agreements
How do you relate to your mobile phone? Greg Baylis, Snow’s Mobility Expert and I were discussing this just the other day and acknowledged that users have a completely different mindset towards their phones than they do to their computers.
Users tend to treat the mobile much more ‘personally’ so behave with a more relaxed way in how they use their mobile device. It’s up to the enterprise, therefore, to ensure it enforces user policies around the device (if corporately owned) and its data as there are security, licensing and cost implications that may adversely affect them.
WHO OWNS WHAT?
It’s mine. Well no, it’s not. If it’s a corporate device that’s been personally enabled (COPE) then it actually belongs to the company. If it’s a bring-your-own-device (BYOD) yes, technically the device is yours but the corporate data that you access most definitely isn’t.
Whether owned by the company or ourselves we treat our smartphones and tablets in much the same way, we load them up with the apps and games we want, take photos, listen to music and much more. Say I have a COPE device – I’ll probably personalize the phone, choose what wallpaper I want, download the apps I need for work and play and use it for both personal and company email.
I’m unlikely to give a moment’s consideration as to whether those apps could be harmful (either giving those apps access to my photos and contacts or that they could even have malware on them), or whether email could leak sensitive information, or if I’ve gone ahead and downloaded an app to access corporate information for which the company should pay a license, or whether it’s appropriate in a business situation to use a picture of my dog pulling a funny face as wallpaper and so the list goes on.
If I own a BYOD phone perhaps I’d feel justified in downloading exactly what I want on it, I may choose to use an app such as Truecaller for my calls, which in return for being free, it will upload all my contacts and numbers to its worldwide database, or I may use Dropbox to share files with colleagues, not realizing that I should have a corporate license to do so.
ADHERING TO COMPANY POLICY
Many companies have introduced policies on employees’ use of data and devices – contributing to specific sections of the company handbook. Yet a number don’t actually have a policy written towards downloading mobile apps rather they concentrate on usage around making calls and have policies around laptops and PCs.
Having spoken to some of our customers that do include a policy on apps we’ve discovered that users just treat this as typical yadda yadda that they just say yes to when downloading an app – not necessarily recognizing that failure to adhere could put the company at risk in terms of compliance, security and cost.
So let’s take a look at the company handbook. Have you put in place as robust a policy around mobile devices as you do for computers, and the use of hardware and software? If not, why not? A mobile device has much the same computing functionality and many of the same risks that a laptop or PC would pose:
For example, in regards to the hardware a company may require that:
“No equipment be attached to the network or modified without the consent of the Technical Director. Laptops are expected to be treated with due care and attention and maintained to good working order and long life as well as be kept secure when taken offsite, with reasonable measures to minimize the risk of data loss through theft.” As for software: “A PC will be set up by the Technical Director and must not be altered by the user…under no circumstances may you purchase or load any software without approval from the Technical Director. This includes games, screen savers, wallpaper, downloads from the internet and email attachments. If a specific application program is necessary for your work, then the Company will consider its purchase for your use subject to the cost and availability of the item in question.”
We all download apps, we all create our own wallpapers and play games. Why wouldn’t you include mobile devices in the same breath as a PC or laptop in your company handbook? Should users be allowed to access company data on one?
Email has become a ubiquitously installed program as have many other work productivity apps such as Skype for Business, SalesForce as well as accessing work files via the likes of Adobe or Microsoft apps.
Have you thought about what happens when the device is lost stolen or damaged? Is it up to the company to have ensured that two-factor protection has been enforced? And what about the return of company property if an employee is leaving the company? Have you included mobile devices in the Return of Company property section of your handbook? You should ensure you are covered for mobile devices and passwords.
Consider this scenario: a user that’s leaving has had a COPE device where they’ve been issued an iPhone and used their own Apple ID to download apps and access the iCloud. Unless they remove that Apple ID when they leave the company it becomes a pretty useless $600 paperweight overnight.
It can’t be reallocated to another user until the iCloud access is removed. Even if it was given a factory reset the device will still require the user’s password. So Greg and I have looked at the policy areas that need addressing.
The next part is to look at making the management of mobile devices easy and simple. If you’re finding that managing mobile is a headache? We’d agreed if you don’t have an Enterprise Mobility Management solution in place
CONTROLLING THE MOBILE ESTATE
Enterprise mobility solutions, such as Snow Device Manager can alleviate all the above scenarios, and can enforce your company policy whether the device is COPE or BYOD. With full visibility of the devices and app usage, Snow Device Manager brings the enterprise mobile fleet security, improves support handling, facilitates role-based app distribution and controls access to internal documents and data.
Its EMM functionality can prevent users from running apps that could compromise security such as those that record phone calls or access a user’s contacts. It can highlight unnecessary costs, such as excessive data use by certain apps and identify apps that cause direct or indirect licensing issues.
Indeed the organization can remove the native app stores that come with the phone operating system instead provide a company one which only has approved (whitelisted) apps that users can download – this removes issues around licensing as the app store will only feature paid and licensed (where necessary for corporate use) apps.
If an unlisted app is required the administrator (or licensing committee) can consider making it available via to the app store once it’s been vetted, tested, approved and licensed for use. From a hardware standpoint, certain device types that haven’t been built with tough security levels wouldn’t be allowed to contact the corporate network.
With EMM users get the apps and devices they need, administrators have visibility into those apps and data usage and service desk operators have the information they need to resolve first line support issues.
The enterprise benefits through cost and time savings and that all IT assets are secure and license compliant.
Are you considering the impact mobile devices has on your IT estate? You need to make sure Enterprise Mobility Management and Mobile Device Management is on your radar and your roadmap for future Software Asset Management projects.
We are pleased to provide you with complimentary access to the Ovum report ‘Is Mobile Device Management on your radar?‘