Mobility

5 steps to take command of mobile

Eric Rife

The hottest topic in enterprise IT is secure mobility — in other words, allowing secure access to the enterprise infrastructure from any device, anywhere and at any time. Successful mobility solutions require deliberate implementation, disciplined security plans, careful consideration of who needs to be mobile-enabled, and the implementation of a sophisticated, secure, mobile enterprise infrastructure.

Here are five steps to take command of your organization’s mobility initiative.

1. Create a policy. Before committing enterprise resources to secure mobility, you must determine which job functions truly need to be mobile and why. Letting everyone go mobile without restriction is unrealistic, so define what job functions require mobility and set up user profiles accordingly. For instance, many workers will only need secure mobile access to e-mail rather than an entire suite of applications.

2. Make security dynamic. Borderless anytime/anywhere mobility presents genuine security challenges, and obviously, the consequences of a breach — especially of government networks — are extremely serious. A security plan must be dynamic enough to change as hackers’ tactics change and incorporate the latest multilayered credentialing technologies. Moreover, any security strategy must strive to eliminate vulnerabilities while presenting a fast-response action plan for dealing with a breach or failure. The plan should be at least as strong as the security plan at the physical office, with the addition of the capability to automatically lock out mobile devices that exceed security allowances set up in the user profile. For instance, device lockout can occur when someone uses unauthorized software or applications. User profiles can enforce corporatewide policies or be individualized.

3. Decide which devices to allow. Mobility doesn’t mean a device free-for-all, and an organization obviously cannot support all hardware, software, devices and apps. In other words, what does bring your own device (BYOD) really mean? What policies should be in place to screen or prepare devices for use on a secure network? Administrators of secure networks that are mobility capable must define the rules for allowable hardware and software (down to the version level) and might need to go even further. Will all types of browsers be allowed? Which apps must users have on their mobile devices before they can access the network remotely? You should set those policies early, while also creating a process for reviewing.

4. Set standards for hardware and software. For anyone who is granted network access, are there limits to resource allocation? Once those limits are set, then the real battle begins. Every single time a mobile device attempts to access your network, it must be compared against some type of standard to validate if the device meets the most current security criteria. If a violation occurs, predefined remediation steps should occur. As mentioned above, you should be prepared to lock out devices that suddenly appear to violate their approved profiles or have unauthorized software or applications.

5. Put someone in charge. Does your agency need a new position, role and title for mobility? Defining the security requirements for a mobility network will require sophisticated leadership, to say nothing of the ongoing rules and policies that must be put in place as devices, networks and threats change. Administration of the network isn’t a part-time job, so consider a dedicated mobility officer or a consultant who can provide the required level of expertise and attention. In today’s BYOD world, a chief mobility officer has to be part of every IT conversation.

About the Author

Eric Rife is director of collaboration at Red River, a provider of IT products and hardware-related services to the U.S. government.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above