This article was originally published on CIO.com.
As mobile work experiences redefine how business gets done, managing an increasing number of devices across a modern workforce has become a growing challenge. Imagine the retail associate using a tablet to check inventory and pricing for customers, the UPS driver recording deliveries and updating the system, and the construction foreman referring to a device for building specifications on-site.
A 2022 Future of Work study found that “94% of organizations shifted to some sort of hybrid work structure due to the pandemic which then forced the creation of new, more efficient and potentially long-lasting workflows and processes (62%).” These are just some of the transformational business activities making work intrinsically mobile across every industry, creating opportunities, challenges, and imperatives for IT leaders to reevaluate and improve their mobile device management processes.
Mobile Devices: High-Cost Risk and the Need for Governance
While significant attention has been paid to the rise of mobile work, less has been paid to the ability to govern a mobile workforce that can become unwieldy. A high-profile example is the fintech industry – built on modern technologies with high reliance on smartphones to access financial records. In September 2022, the U.S. Securities and Exchange Commission (SEC) imposed over $1 billion in fines to 16 fintech firms for violating recordkeeping requirements related to federal securities laws. Concurrently, the Commodity Futures Trading Commission (CFTC) also enforced $710 million in penalties for “failing to diligently supervise matters related to their businesses.” At issue was how employees were using personal devices and unauthorized messaging apps for business matters and the inability to keep proper records to meet industry compliance.
Fintech companies and all types of businesses are reconsidering mobile device strategies to achieve higher levels of regulatory compliance and new Zero Trust precedents for security.
Most are Modifying Mobile Management Strategies
According to a recent report, 81% of companies plan to modify their mobile device ownership strategies to meet evolving business requirements for greater security and return on investment (ROI). While adoption of bring your own device (BYOD) strategies grew to meet hybrid work demands during the pandemic, more than half of respondents cited security (53%) and data breaches (50%) among their biggest concerns with Bring Your Own Device (BYOD) approaches.
The report states, “The security concerns are worth reiterating because at organizations with a BYOD policy in place, two thirds (65%) of the devices used to access company information are likely to be personally owned. This demonstrates how intertwined BYOD is with employee workflow. Even in the financial services sector, known for strict vetting and compliance procedures, over half (58%) of the mobile devices utilized in this capacity are personally owned. While it is possible that further restrictions control access to confidential information, even seemingly harmless data can be exploited by cyber criminals more easily in this manner, thus highlighting a challenging predicament for organizations to navigate.”
Gaining Visibility and Control over Your Mobile Fleet
When introducing mobile governance, it helps to address both mobile devices and cloud applications together, as the two are tightly intertwined. First take stock of your mobile devices, the ownership of each, and all applications in use. An accurate inventory is the primary step in gaining visibility and control for both recordkeeping compliance and security purposes.
Glean Intelligence from an Accurate Inventory: IT expense management platforms can identify all assets in the corporate fleet as well as all cloud applications (sanctioned and unsanctioned) in the IT environment. This will serve as a launchpad for policy decision making and Shadow IT discovery processes that can reveal both monitored and unmonitored communication channels needing tighter control and necessary recordkeeping. Usage audits and application security intelligence can also be helpful in knowing not just what you have but also how information is flowing and the risk of current usage.
Simplify Compliance using Technology: Can’t see into your devices? Consider Mobile Device Management software, or Unified Endpoint Management tools to insert more control over mobile devices and their applications. These technologies make it easier to manage policies, security and other aspects of both corporate-owned and employee-used mobile devices of all types. Businesses use this software to authorize and issue devices, track their use, monitor communications, enforce security policies, secure lost or stolen devices, and ensure compliance. In the case of BYOD, they also help partition personal applications from corporate ones.
Question Your Operating System: Whether you’re moving from a BYOD approach to a corporate-owned approach or tightening your existing policy, question whether standardizing your mobile device operational platforms will help ease the burdens of compliance. In response to the recent SEC news, for example, some financial firms are moving all mobile phones to one platform and one provider.
Consistency is Key: Compliance often slips through the cracks at key junctures in the mobile device lifecycle. This is particularly the case as employees enter and exit the firm or when newly purchased devices are set up or activated for service. As such, the key to consistent compliance is a disciplined approach across the full device lifecycle.
The Confidence of Mobile Compliance
It’s easy to feel overwhelmed by the vast responsibilities of mobile compliance but take comfort in the fact that most CIOs describe themselves as in a “governance phase” in 2023. That’s no surprise given remote work and accelerated digital transformation have gone unconstrained over the past three years. With the possible threat of fines, clear lines now need to be drawn to keep all work-related conversations on corporate networks where communications are accessible, can be captured, and managed.
Drawing those lines is a step-by-step process that starts with evaluating your current approach, understanding what assets are in use, and seeing where your fleet is falling short of security requirements and industry regulations. Don’t be afraid to make drastic shifts in your strategy, establishing all new mobile usage policies. This is far better than finding out the hard way, paying millions in fines to the federal government or to bad actors after a ransomware attack.
Learn more about mobile device management solutions.