This is the Third Wave of Computing. For those old enough to remember, the First Wave included the large mainframes of the 1960s and 1970s, which gave way to the second wave—the client server model of the 1980s and 1990s. The client server model is now giving way to the mobile world of the 21st century.
Over the next few years, we will see mobile devices that are more powerful than ever. As a result, it is critical to ensure that good governance is in place over these devices, before we wind up in the same conundrum we have with the client server world, re-inventing the security wheel. This article explores some principles of good governance in the following key points based on the ISACA’s Certified in the Governance of Enterprise IT (CGEIT) domains.
1. Define, establish and maintain a governance framework. This framework consists of the leadership and organizational structures and processes that help ensure alignment with enterprise governance, installation of good practices and assurance of compliance with external requirements. Mobile technology needs to be considered in the enterprise’s business strategy and, hence, in the IT strategy. Is there a corporate standard for the purchase of mobile devices with a focus on one type of device and operating system? Enforcing one brand and operating system might help ensure easier compliance to existing corporate security standards and allow for easier data wiping on lost or stolen devices. Governance committees such as the IT strategy or business needs committee should be actively involved in the future of secure mobile technology in the enterprise.
2. Consider how mobile technology will assist in delivery of key business objectives. Is it considered in strategic planning efforts? Aligning IT initiatives with business objectives and associated security efforts, and determining how the mobile environment might be used to assist, are key aspects of strategic alignment. How can applications be securely modified to fit into the mobile world? Will this be a defined strategy or will it occur regardless in an ad-hoc fashion? Whether it is a considered implementation or ad hoc, applications will migrate to these platforms. Will mobile technology function as an enabler or a utility? Or, put another way, will it help deliver some new business function or help run an existing business system? Can you tie direct, incremental, cost avoidance or intangible benefits to the use of your mobile technology? For example, can it provide application help to front line staff or sales staff as they deal with customers? Can it be used to enhance user awareness and security policies or ensure that the traveling sales staff have secure information at their fingertips so they can instantly respond to a client’s query? What key objectives will mobile technology assist with in the enterprise?