Do You Need a Formal Policy for Managing Mobile Devices?

Wednesday, March 28, 2012

Kyle Lagunas


Do you need a formal policy for managing mobile devices? Survey says... quite Possibly!


Employees using their own devices (smart phones, tablets, PCs) are able to use the technology they’re most comfortable with--which has a positive impact on productivity. But as anyone in IT can tell you, this has risks.


To address those, some organizations are creating BYOD (Bring Your Own Device) policies that establish guidelines for proper use.


Last month, Kyle Lagunas of Software Advice launched a survey to get a pulse on what companies are doing to manage employee-owned mobile devices.


Kyle’s share a few highlights with us here. You can find the full report of his findings on his Blog.


Fact: Employees Are Already Using Their Own Devices for Work


The question many business leaders are asking their HR partners is: “Do we need a formal policy for managing mobile devices?”


This is not an easy question to address, as it requires perspective on what employees are doing with their mobile devices. To that end, we asked a couple of questions around usage.


Figure 1: Ownership of devices employees use for work-related purposes.


The most important question when discussing BYOD, of course, is whether or not people are even using their personal devices for work-related purposes. As shown in Figure 1, the majority of employees (77%) are using their own devices to some extent--either exclusively or in addition to company-issued devices--to do work.


Of course, “work-related purposes” could be something as simple as checking their email. So we wanted to gauge what else they’re doing.


Figure 2: Employee uses of mobile devices.


According to our respondents, employees are using mobile devices at a roughly equivalent frequency for personal and business use. As shown in Figure 2 above, 67% of employees are using devices for business correspondence (email, phone calls, etc.), and 44% are using their device--company-owned or not--for professional networking.


Whenever employees are using mobile devices to access company data (48%), one would think a policy with guidelines for proper use is a must. However, another survey question revealed that only 30% of respondents’ companies had a policy for managing personal mobile devices in place.


Is there a disconnect here? Survey says... Quite possibly.


Will BYOD Become a Higher Priority?


Considering the majority of employees are already using personal devices for work-related purposes, we were surprised that only 12% of organizations without a BYOD policy plan to adopt one in the near future (half of those are currently developing policies). 30% of participants without BYOD policies said that instituting one wasn’t a priority, 33% plan to modify their plans for managing use of personal mobile devices in 2012.


Security risks associated with BYOD policies continue to intimidate some--one respondent said he is “scared to death of security vulnerabilities”--but what would do more to minimize risks than to adopt an official policy?


Are organizations better served by addressing issues as they arise? Or should leadership elevate mobile device policy as a priority for 2012?

Possibly Related Articles:
PDAs/Smart Phones
Information Security
Enterprise Security Mobile Devices Hardware Smart Phone Employees Policies and Procedures BYOD
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.