_How to set up a mobile strategy?

Find out More
_It is very important for companies to develop an IT strategy specifically tailored to mobile devices that follows the Mobile First approach. Learn from the experts at BLAUD, CWSI, EBF, mobco and Nomasis about how to design a mobile strategy, with a focus on security aspects.
Analysis
_1.

_Analysis

Firstly, carry out analyses to establish how your mobile landscape is currently set up and assess its maturity level, answering the following questions in the process:
  • How many devices are in use, and what kind of devices are they? (Manufacturer and operating system?)
  • Are these purely company devices, or are private devices also in use? Do employees use the devices for both professional and personal purposes?
  • What processes can be carried out on mobile devices today? Are mobile devices only an extended arm for existing processes or can they enable new processes or optimize existing ones?
  • Who needs to access what data and from where? How sensitive is this data?
  • Are employees exposed to a higher security risk when working on their mobile devices? Can the risk be quantified, e.g. financial/economic/image damage?
  • Does the company have its own apps and if so, how many?
  • What technologies are used today?
  • How is software supplied today?
Concept
_2.

_Concept

It is now possible to draw up a concept for mobile devices based on this analysis.
_This process should cover all the various departments to assess all requirements for the business itself and the individual employees, and to ensure that the employees are on board at an early stage_ Philipp Klomp Founder and CEO Nomasis

Crucial to this is ensuring that the concept incorporates a degree of flexibility so that the system can be adjusted to allow for new technology trends, legal changes, or other developments.

_We recommend designing the concept for a 24-month period and checking it on a regular basis_ Ronan Murphy CEO CWSI

You should also allow for a large enough budget to implement the strategy from the outset. EY’s 20th Global Information Security Survey 2017–18 discovered that 87% of businesses require up to 50% more funds to cover their security requirements.

_2.1 Security concept

The security concept for mobile devices must be based on the company’s general security guidelines. Security standards for mobile devices are derived from this and cover your specific needs. They form a hugely important part of your mobile strategy and need to answer the following questions:

  • Device registration: What steps do users have to take when registering their devices? Are there any fixed settings?
  • Password guidelines: What criteria must be met for a password to be secure?
  • Update guidelines: When do software and app updates need to be performed?
  • Encryption standards: How should data be encrypted?
  • App guidelines: Are users allowed to download all apps? Are there any apps that must be installed?
  • Countermeasures: What steps need to be taken if a device goes missing, or in the event of compliance breaches or a cyberattack?
  • Personal use: Can company devices also be used for private purposes? Is the use of personal devices permitted? Are there any rules governing this aspect?

_2.2 Device concept

State whether you provide company devices for use by your employees, and if so, which particular devices, whether they may also be used privately, and whether personal devices may be used for business purposes. Depending on the legal situation, this will determine the company’s authority to administer the devices. For instance, in Germany, companies are not entitled to completely wipe data from a private device under any circumstances, and are instead limited to deleting only the company data.

_As a rule, businesses tend to have very diverse offerings with a range of device types and operating systems to be taken into account_ Thierry Lammers CEO BLAUD

_2.3 Process, application and data concept

Define the operations employees are to perform via their devices, and the applications, interfaces and data they require for this purpose. Classify data according to its protection requirements and specify which applications employees should or should not install.

_2.4 Technology concept

Decide on the most suitable solution for your requirements. For example, this might be Enterprise Mobility Management, where all mobile devices can be managed on a central basis; container software, in which private and professional applications and data are kept separate; or other, additional security software.

MDM, EMM, UEM – What’s the difference?

Mobile Device Management (MDM) makes it possible to centrally configure, manage, control and secure mobile devices such as tablets and smartphones via one single platform.

MDM is part of Enterprise Mobility Management (EMM), which represents a holistic approach and also enables central administration of apps and content.

The Unified Endpoint Management UEM goes one step further and is not limited to mobile devices, but enables central management of all end devices.
_In this case, it is particularly important to think very carefully about the most suitable solution for the business. For example, a simple solution, which may help protect against phishing attacks sent by e-mail but does nothing to protect against attacks circulated via a messenger service or apps, will not be sufficient. This is why working with a mobile IT expert is highly recommended, as they will be able to help you make the right decision_ Ulrik Van Schepdael CEO mobco

Businesses that already use security software but are looking to make a change can opt for tried-and-tested technologies for this purpose.

_Even changing an EMM system, which may seem like a lot of effort, can be automated to a considerable extent, and implemented quickly and easily by using tools such as the EBF Onboarder_ Marco Föllmer Founder and Managing Director EBF

_2.5 Resource and operating concept

Decide where the software is supplied, whether the solutions need to be installed in your own computer center or in the supplier’s computer center. In the latter case, there is the possibility of using a public cloud solution, which may be used by a number of businesses, or a private cloud solution where a specific service is set up for your business.

This decision depends on the following factors:

  • Need for a customized solution
  • Level of control over the solution
  • Service level required
  • Implementation, maintenance, and support costs
  • Availability of human resources, expertise, and infrastructure capacity

_2.6 Implementation concept

Draw up a detailed implementation concept describing the initial requirements, installation and configuration of mobile solutions, as well as rollout phases, personnel resources and outlay.

Implementation
_3.

_Implementation

Now you can put your concept into practice and draw on the expertise of an enterprise mobility expert.

This expert will help ensure that the concept is introduced seamlessly, will be on hand to guide you and your colleagues expertly through the process and will advise you whether adjustments of the concept are necessary over time.

You will benefit from the expert’s many years of experience in a range of implementation projects and an in-depth knowledge of enterprise mobility solutions.

By applying a mobile strategy in this way, you can make efficient and secure mobile working a reality for your employees, while making the most of the potential offered by mobile devices. We would be delighted to help you define your requirements, identify and implement the right solution for you, and offer you ongoing advice on your mobile strategy and mobile IT matters Feel free to contact us for more information.