The mobile world is undergoing explosive growth. Luckily, enterprises are beginning to realize the potential gains and losses this technology offers, enabling them to act appropriately. Smart phones, such as iPhones and BlackBerrys, as well as USB memory sticks, netbooks and tablet computers are forcing a quantum change in our computing paradigm.

This is the Third Wave of Computing. For those old enough to remember, the First Wave included the large mainframes of the 1960s and 1970s, which gave way to the second wave—the client server model of the 1980s and 1990s. The client server model is now giving way to the mobile world of the 21st century.


Over the next few years, we will see mobile devices that are more powerful than ever. As a result, it is critical to ensure that good governance is in place over these devices, before we wind up in the same conundrum we have with the client server world, re-inventing the security wheel. This article explores some principles of good governance in the following key points based on the ISACA’s Certified in the Governance of Enterprise IT (CGEIT) domains.

1. Define, establish and maintain a governance framework. This framework consists of the leadership and organizational structures and processes that help ensure alignment with enterprise governance, installation of good practices and assurance of compliance with external requirements. Mobile technology needs to be considered in the enterprise’s business strategy and, hence, in the IT strategy. Is there a corporate standard for the purchase of mobile devices with a focus on one type of device and operating system? Enforcing one brand and operating system might help ensure easier compliance to existing corporate security standards and allow for easier data wiping on lost or stolen devices. Governance committees such as the IT strategy or business needs committee should be actively involved in the future of secure mobile technology in the enterprise.