Shahin Pirooz

Policy Review: Do You Have Mobile Device Management Coverage?

Friday, 04 January 2013 16:13
Policy Review: Do You Have Mobile Device Management Coverage?

by Shahin Pirooz

If you’re in enterprise IT, then you’re probably painfully aware that more employees are using their own mobile devices – such as iPads and Android-based smartphones and tablets – to work from any place at any time, whether you want them to or not.

While this bring your own device (BYOD) concept provides obvious benefits for both employees and the company, it is causing a paradigm shift for the IT department. In this scenario, IT can no longer easily control when mobile devices are updated or what software resides on them, like they did when only a particular device was supported. Instead, they need to figure out how to be ‘endpoint agnostic’ in order to enhance overall worker productivity and employee satisfaction.

To ensure your company can effectively handle all the new devices employees are using for work, you need to first develop a mobility policy. Mobile device management (MDM) should essentially be an extension of your general IT or acceptable use policy and applied to any device that is used to access the network.

Because technology – and how employees use it – is evolving so quickly, your mobility policy should be strict enough to protect vital corporate data, but flexible enough to address the proliferation of new devices and applications coming to market, as well as mobile security concerns. Here are some basic steps to take when developing a mobility policy to meet your organization’s needs:

  1. Decide whether the company will provide all devices, or if you will allow employees to use their own smartphones, tablets and/or service plans. a. If the company decides to provide all devices and service plans, the rules of usage can be as strict as you want – including a limit on roaming, personal calls and data use, and wiping data and collecting the equipment once an employee leaves the company.
    b. If employees are allowed to bring their own devices, but the company pays for the service plan, your policy must consider whether or not to limit usage, how to handle the apps that are downloaded and the business implications of an employee leaving, but taking the phone number with them.
    c. In the case that employees use their own devices and service plans, it’s difficult for an enterprise to dictate what data or services they purchase. Enterprises can choose to provide a stipend or allow the employee to expense all, or a portion of the service costs. If the employee leaves, you will need to figure out how to remove the corporate data on the device, most likely through a “selective wipe” process.
  2. Identify which groups within your company are allowed to use mobile devices, and if you need to differentiate policies based on their job functions. For example, a salesperson may require his or her own device and service plan because the wireless provider selected for corporate-wide use does not have sufficient coverage in the geographic territory where he or she works. But an employee at your headquarters location may be required to use the service plan and device offered by the company. You also may have to develop different policies to govern access to services for various stakeholders and constituent groups based on their job functions.
  3. Consider federal or state regulations about securing corporate data. For example, Massachusetts and Nevada now require any company that has data from customers located in those states to encrypt the mobile device; what’s more, many other states are currently considering similar protections.
  4. Consult with your human resources and legal teams about any internal compliance concerns, government mandates or industry regulations (such as ones applicable to public companies or the medical industry) that your company’s mobility policy must address.
  5. Research other companies’ mobility policies, best practices and solutions. In August, the White House introduced a toolkit for managing a BYOD program that offers some sound advice. You may also want to consider consulting industry associations or other professionals in your line of business to see how they deal with mobile device management. Most importantly, you will want to stay current with how to manage the ever-changing types of mobile devices on the market, and find a solution that is able to evolve to meet your needs.
 

What You Should - and More Importantly - Should Not - Move to the Cloud

Thursday, 25 October 2012 16:44

by Shahin Pirooz

Businesses today are increasingly relying on the cloud as a better and cost-effective way to manage, secure and support their IT infrastructures. But moving to the cloud isn’t as simple as moving your network infrastructure and software to a hosting company, because not every aspect of your business can be successful in a cloud environment. Before you commit to the cloud, you need to ensure that the cloud services you select can deliver the benefits you expect.

To start, you must determine if your business is “cloud ready.” Doing so entails a thorough assessment of your IT environment to verify how much of it can be moved to the cloud, and what is better suited to remain in-house. For example, you should examine three key components:

  • Network – Do you have sufficient bandwidth to support access to cloud services, and will the hardware you have in place handle the demands of the cloud? The network directly impacts the quality of performance of cloud services, and can be a big factor in your satisfaction with hosted solutions.
  • Server – Can you consolidate servers and eliminate ones that may not be required to provide redundancy or disaster recovery once the move to the cloud takes place?
  • Application – Can key applications, such as customer relationship management (CRM) and enterprise resource planning (ERP), be virtualized? You need to consider how the performance of these applications, and their ability to interact with other ones, may be impacted if they are moved offsite.

Once your assessment is complete, you need to consider that parts of your IT environment may not be suited to reside in the cloud. For example, file access and Windows authentication do not ideally belong in the cloud because they can be hampered by latency resulting from the protocols they use, which were designed for LAN environments. Printing is another function that may be better done locally, since most printers lack sufficient memory to support the documents that could be sent to them at any given time. And finally, there are some vendor-specific applications that may not be supported if they are placed in the cloud or a virtual environment.

As you consider your move to the cloud, it is critical to first define the results you wish to achieve, then determine which components of your IT environment can – and cannot – effectively be hosted. By developing this strategy and selecting the most appropriate cloud provider to meet your company’s needs, you will be able to achieve the full promise of the cloud.

In my next installment, I will discuss why, if you’re not already thinking about it, it’s critical to develop a mobile device management policy for your company.

Time to Get Your Head in the Clouds

Tuesday, 21 August 2012 17:17

By Shahin Pirooz

For more than a decade now, I’ve witnessed the evolution of the cloud services market and have had a hand in bringing the many benefits of the cloud to the mid-sized enterprise market in my role as CTO of CenterBeam.

In this blog, over the next several months, I plan to discuss some of the hot topics in the cloud community, and offer ideas about ways in which your company can implement enterprise-class cloud solutions to improve employee productivity, minimize security threats and more effectively manage all of your IT resources – whether public or private, or in the cloud or on premises.

First up on my list of topics will be what to move to the cloud, and when. When considering a move to the cloud, you need to realize that it’s not as simple as eliminating your physical network infrastructure and software and moving everything to a hosting company. Not every aspect of your business can be easily and effectively moved into the cloud, so you must do your homework to ensure that the hosted services – as well as the cloud provider itself – can deliver the true benefits you wish to achieve.

On the agenda for future blog posts will be mobile device management – or how to deal with employees that subscribe to a “Bring Your Own Device” mentality, preferring to use their own iPads or smartphones, rather than ones provided to them by the company. We’ll also explore the issue of cloud security, including how to ensure that your vital corporate data remains secure,; as well as how you can create a single way to dynamically manage all of your resources across the technology stack. We’ll conclude with a look at some of the myths surrounding Big Data, and the strategies that CIOs can employ with regard to storing documents onsite or in the cloud to improve access to the right data at the right time.

Shahin Pirooz, chief security officer and chief technology officer of CenterBeam (www.centerbeam.com), has a wealth of experience in operations management, account leadership, project management and customer relationship management. Pirooz has served in leadership roles with organizations including EDS, with responsibilities for key clients including Palm, Philips, VLSI, Netigy and others.

Editor’s note: The opinions expressed in this blog are those of Shahin Pirooz and may not represent those of Computer Technology Review.

Sign Up for Breaking News and Top Stories in the CTR+ Newsletter (enter email below)

IT Security Journal