The Importance of Enforceable Mobile Device Security Policies - dummies

The Importance of Enforceable Mobile Device Security Policies

By Rich Campagna, Subbu Iyer, Ashwin Krishnan, Mark Bauhaus

Before you get into the nitty-gritty of the various components of mobile device security policies for your enterprise, it is important to understand the need for them. If every one of your users were an intelligent, security-savvy, self-regulated, and enterprise law-abiding citizen, you could do away with enforcing the policies altogether.

The only aspect of the policies that you would need to worry about would be the creation and education pieces. However as you know, life is not cut-and-dry, and your users are typically very innovative when it comes to skirting the rules and constantly excel in their ability to figure out loopholes.

Therefore, your security policies need to include the following:

  • Unambiguous terms and definitions that are universally understood.

  • Language that enables enterprise IT – you – to codify the rules of engagement so that both you and your users can adhere to an unambiguous set of documents.

  • In the event of a breach of policy, the ability to take remedial action with the primary aim of protecting the enterprise and, in the event of violation due to nefarious intent, to follow prescribed guidelines against the errant individual.

  • The ability to adjust the policies based on user feedback and deployment-related learning.

There are five stages that an IT policy lifecycle passes through, and this is applicable to a mobile device security policy as well. Here is a brief description of the five phases:

  • Define the policy. This stage stipulates the policy in clear and concise terms.

  • Educate the users. In this stage, it’s critical that you clearly communicate the policy to the users. Make sure you get your message across.

  • Implement the policy. This stage sets into motion the actual policy itself.

  • Audit the policy. This is the data collection and feedback stage to assess how the policy is performing versus its stated objectives.

  • Modify the policy. This is a crucial but often overlooked step: to be able to adjust the policy based on the results of the audit and the feedback gathered.

    The IT policy lifecycle.
    The IT policy lifecycle.