Business Information

Technology insights for the data-driven enterprise


Manage Learn to apply best practices and optimize your operations.

Security, data usage policies must-haves for mobile app management

Making corporate data available on mobile devices calls for careful management to keep business users from going down wrong paths in using the info.

MiTek Industries Inc. caught the enterprise mobility bug almost by accident. The Chesterfield, Mo., company's interest in mobile business apps unexpectedly grew out of a need to provide a secure file transfer system for sharing proprietary information about its construction design software and structural connectors with customers, said Justin Daniels, an IT manager at MiTek.

After the IT department settled on file-sharing software from Accellion Inc. that includes a central data repository, MiTek's CEO soon recognized the repository's value for his sales department: He wanted to make sure sales reps could access it to view the latest versions of product slides on their iPads and smartphones while on the road.

Meanwhile, there already were a lot of mobile devices in use at the company -- more than 20 different ones among the global sales force, according to Daniels. Like other organizations, MiTek had become a bring-your-own-device zone for employees looking to use their smartphones and tablet PCs in the workplace. "We've seen a lot of BYOD," he said. "Managing all those is becoming quite a bit of a challenge."

Because of the ad hoc way that the company began implementing enterprise mobile applications, mobile app management issues weren't addressed up front. "We're approaching it sort of backwards," Daniels said, noting that MiTek started developing BYOD and mobile security and governance policies only after personal devices had become a common presence.

It isn't that the company's data needs any special preparation to be used on mobile devices. The information "doesn't have to be changed or manipulated -- data is data," said Daniels, who is MiTek's manager of Web services and software engineering IT support. But the company did have to scramble to integrate mobile apps with existing systems. And for MiTek officials, the biggest source of mobile-induced paranoia centers on maintaining "ownership of content," Daniels said. "I just want to make sure that we can control our data."

When they're out, they're out

More about mobile app management

Read about managing mobile application security in a world of BYOD

Get tips about enterprise mobile application management in this guide

Learn about the pros and cons of developing hybrid mobile apps

Ensuring that the company's intellectual property is protected with mobile security measures involves providing users with secure logins to enterprise applications on a host of different devices. That's so no one needs to carry a flash drive containing corporate data outside the office. In the case of the file transfer system, for example, Accellion's software integrates with Microsoft Active Directory, which means access to corporate information is denied if an employee's Active Directory account is disabled. When people leave the organization, their devices can easily be locked out of the system, Daniels said.

Security is also a big mobile app management concern for Novation LLC, a health care supplies purchasing company in Irving, Texas. As at MiTek, many of the mobile devices being used for business purposes at Novation are employee-owned, limiting IT's control over how they're used and what's installed on them, said Hari Subramanian, the company's director of mobile applications. Steps Novation is taking to address the security concerns include deploying mobile device management software, enacting stricter data usage and governance policies, and creating a corporate app store, from which employees can download approved mobile apps, Subramanian said.

Properly classifying data is another key step toward protecting sensitive information, according to Christian Kane, an analyst at Forrester Research Inc. in Cambridge, Mass. For security as well as regulatory compliance purposes, companies need to develop a keen understanding of what data can and can't be exposed to mobile devices, Kane said. In many cases, he added, that "requires a rethinking and re-examination of data" -- a process that could go as far as developing new data models to aid in the classification effort.

Know your mobile app limits

At the Association for Information and Image Management (AIIM), an educational and research organization for information professionals that's based in Silver Spring, Md., all 40 or so employees were issued iPads with data plans about a year ago, primarily for collaborating on projects while traveling. In addition, the workers use "a healthy blend" of their own Android and Apple phones, said Laurence Hart, AIIM's chief information officer.

Like Daniels at MiTek, Hart said that AIIM's data doesn't require special handling or treatment before it can be used on mobile devices. But there are limits to the types of information and applications that make sense for mobile business uses, he added: "When you get to heavy content creation and analysis, that's where it starts to become more challenging -- mainly because of the device form factor."

He also agreed with Daniels that organizations looking to support mobile workers should make sure security and governance factors are addressed from the start.

Hart sees protecting mobile devices and enterprise systems from malware and viruses as the biggest security issue facing him and his staff in enterprise mobility management. But IT managers also need to be able to remotely wipe sensitive data from a smartphone or tablet "in case the device is lost or the employee quits," he said. "The ability to remove information is key."

It's possible, though, to be too heavy-handed, Hart added. Mobile security mechanisms shouldn't be overly intrusive or complicated for business users, he advised. For example, requiring mobile users to enter a username and password numerous times to get onto a virtual private network and then open different applications could amount to mobile app management overkill that discourages users from even trying. "If you make it a slight inconvenience and they understand why, they'll do it," he said. "If you make it twice as hard to gain access, they won't. There has to be a meeting in the middle."

Freelance writer Beth Stackpole contributed to this report.

Follow on Twitter: @sDataManagement.

Article 5 of 9

Dig Deeper on Enterprise data architecture best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Business Information

Access to all of our back issues View All