You have a number of factors to consider when crafting or updating your organization’s mobility policy -- and there isn’t a one size fits-all solution.  Not only is every organization different but even within a single organization, there’s a need for a broad spectrum of policies to be implemented with surprising granularity. 

You have number of factors to consider when crafting or updating your organization’s mobility policy, and there isn’t a one-size-fits-all solution. Not only is every organization different, but even within a single organization there’s a need for a broad spectrum of policies to be implemented with surprising granularity. 

Although it’s tempting to issue a broad policy that is applied to every iPhone, iPad and Android device used by employees and executives, that approach has some major problems. 

Problem 1: There is the technical issue that different platforms offer different management capabilities. And different versions of the same OS as implemented across a variety of devices poses real fragmentation concerns. With a single policy applied to every device, you’re going to have to find the lowest common denominator of what’s available. This means that you’re throwing away the option to take advantage of policies based on actual up to date management and security. 

Problem 2: Another major issue is ownership. On a company-owned device, it’s reasonable to limit installable apps, device features like the camera, and restrict access to several device settings. It’s also more reasonable for employees to expect that device and app usage may be monitored for security, content and loss prevention reasons. 

With personal devices, there’s an inherent expectation of privacy and that users can configure their device however they want. There’s a need for subtlety and trust. You are after all asking for a level of control over a device that contains very personal information from family photos to personal contacts to health and banking data. If you try to manage it as you would a company device or a PC, many users will opt to go rogue, unenroll their devices and continue using them with no safeguards or ability to track corporate data used on them  ̶  a far from ideal situation. 

Related: Mobile privacy policy becoming a truly big deal

Problem 3: Then there is the question of what individuals or groups actually need. This will vary across an organization based on department, job role, active projects, location and which side of the firewall a device is on at any given time. If some of those items sound familiar, that’s because they’re some of the ways Windows Group Policies are applied within Active Directory. That existing trove of organizational hierarchy that manages Windows is fair game for mobile devices. 

Virtually every enterprise mobility management (EMM) or mobile device management (MDM) product offers the ability to integrate with Active Directory. This means that you can pull all the user, group, policy and related data and apply it to your mobility approach. You can even get very granular with some solutions and apply conditional access rules that flag or block access based on things like a device’s location, time of day and device state (jail broken/rooted being the chief states you absolutely want to know about) or OS version. 

It’s also important to remember that there are a wide range of policy rules available that not only implement security functions, but also install apps and configure them for use in your organization or segments of it, as well as configure device settings and import enterprise content like contacts. If planned and implemented well, each user should have a device tailored to your organization as well as their specific needs based on the work they do. 

The best way to achieve this goal is to use a range of relatively small or discrete payloads. This means that your overall approach will be to layer policies together using the granularity of your directory and identity solution (typically Active Directory). Much as Active Directory allows you to assign very specific access rights on different criteria that are combined when the user logs in, EMM solutions allow you to apply multiple rules that mesh together to create a tailored experience. 

From a user perspective, once a device is enrolled it should be ready for use immediately with apps, configuration data, security posture and restrictions. The process should be a seamless one that requires no special skills during the enrollment process. 

Related: Keep your mobile workforce safe: understand the threats

This can seem like a daunting prospect and to some extent it will be. There’s no getting around the fact that a fair amount of thought and research will go into it and that it will never be a completed process because the nature of mobility is one of constant change. At the very least, it will be important to revise your approach on an annual basis as major OS releases and new devices come to market. 

There are a few general considerations that will make it more manageable if you plan ahead:

Related: Meeting the demands of a mobile workforce

Ultimately your mobility policy will actually be a large number of interlocking policies that are as diverse as your workforce. They’ll give users the best experience balanced with needed security. They will always be a work in progress. You will need to sweat these details. But done right and with the right information ahead of time, you can make mobility a true win for your IT department and your organization as a whole.