Herding the Mobile cats

As CIO you think that computer security is looked after, intrusion tests have been completed, security patches applied, and the auditors gave you a passing grade. But wait a minute! Did you know that the quickest way to access your organization’s confidential information is not by hacking the system or breaking through your firewall, but through a rogue BlackBerry? It gives instant, unauthorized access to the company’s e-mail system, contact information and calendaring.

Most IT organizations treat PDAs the same way they treated PCs 20 years ago, as toys or a fad. They let users connect their personal PDAs to the network and download and update enterprise data. You’d think we’d have learned from our experience with PCs.

According to Gartner Group, less than 30 per cent of PDAs are “sanctioned or managed at any level”. The majority of devices fail against even a mild security attack because users either never activate or in fact disable the security features of their PDAs! But, you say, all of our PDA users have passwords on their devices and if they misplace them they notify us immediately. You are kidding yourself! The first chance a PDA user gets, he or she will disable the password feature and unless there is a strict policy in place, the PDA user will be too embarrassed to let you know about a misplaced PDA until days, sometimes weeks, after it is lost. One of the many challenges in managing PDAs is that a user will generally consider it his or her own (until something goes wrong with it) and carry it around day and night.

So what is a CIO to do?
At a recent CIO Association of Canada (www.ciocanada.net) e-forum, CIOs discussed some of the best practices for managing PDAs. Here are some highlights:

  • Standardize on a couple of device types and supported platforms so that you don’t end up supporting and maintaining a variety of mobile devices and service plans that come in as many flavors as Ben and Jerry’s ice cream.
  • Don’t allow the connection of privately owned PDAs to your corporate network. There will also be an issue with having proper back-ups and generally adhering to standards.
  • Budget money for managing the devices. Make it understood organization-wide that supporting PDAs costs money and puts demands on IT resources. These devices are often used by managers and executives who usually demand instant attention when there is a problem.
  • Establish clear policies on PDA use, targeting items such as business versus personal use, playing games, downloading inappropriate material or using it to share family pictures.
  • Make sure users know what to do when the PDA breaks (do not send it to a repair shop with corporate data on it, but to IT) and how to get a replacement.
  • The user misplaces or loses the PDA for more than e.g. two hours. This is easiest to manage with BlackBerries as they can be erased (and restored when the BlackBerry is found) remotely.
  • The employee leaves the company. We’ve all heard the example of the Morgan Stanley ex-employee who thought he’d erased all the information before putting his device up for sale on E-Bay, but he did not and all the corporate information was available for everyone to see.

Statistics show that employee productivity increases through the use of mobile devices, However, the old adage, the (security) chain is as strong as its weakest link, fits PDAs all too well.

Catherine Aczel Boivie is senior vice-president, IT for Pacific Blue Cross.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Catherine Aczel Boivie
Catherine Aczel Boiviehttp://www.boivie.ca
Dr. Catherine Aczel Boivie is a widely respected executive with over 30 years of experience in the leadership of advancing the value of information technology as a business and education enabler. Prior executive roles includes: CEO Inventure Solutions and Senior Vice President of Information Technology/Facility Management for Vancity Credit Union; SVP of IT and Chief Information Officer at Pacific Blue Cross and Canadian Automobile Association of British Columbia. Catherine is also an experienced board member serving on several boards, including those of Commissioner for Complaints for Telecom-television Services, Canada Foundation for Innovation and MedicAlert Canada. Dr. Boivie is the founding Chair and President of the Chief Information Officers (CIO) Association of Canada that has over 400 Chief Information Officers as members across Canada. She has been publicly recognized for her contributions, including being named as one of Canada's top 100 most powerful women by the Women's Executive Network in the "Trailblazers and Trendsetters" category and the recipient of the Queen Elizabeth Diamond Jubilee medal for being a "catalyst for technology transformation".
Previous article
Next article

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs