"The phones are primarily used for email and calendar access, and they're used by senior administration, managers and approved employees [who] either travel or work on-call schedules," says CIO Frank Scafidi. Tablets are used mainly by managers and senior administrators, and increasingly by doctors, to access applications.
The AirWatch product, which Georgetown deployed in 2010, enables IT to place restrictions on devices, enforce security policies, remotely secure and wipe devices, and monitor usage, Scafidi says. The organization plans to move BlackBerry users to the AirWatch environment and decommission the BlackBerry server to maintain a unified mobile management environment, Scafidi says.
In addition to deploying security technologies, companies are developing policies on appropriate use of mobile devices. HomeTown Bank in Roanoke, Va., four years ago implemented a customer information security and acceptable use policy that outlines the bank's mobile device strategy. The bank is required by law to have employees review and accept the policy annually, says Michael Wright, vice president and director of IT.
The policy "is designed to educate bank employees on customer information and security awareness," Wright says. "It's kind of a living document" that evolves as mobile technology changes. It also requires that users implement features such as locking mechanisms and encryption for certain types of sensitive information.
Users of devices such as iPads must agree to let the bank remotely reset and wipe data on devices if necessary. Only individuals in the company who require access to corporate email to do their jobs have access to the network via mobile devices, Wright says. All devices that have access to corporate email must have a locking mechanism so that repeated failed attempts to guess a PIN will wipe the device.
Looking ahead to 2013, IT executives will continue efforts to use available tools and services to reduce the risk from mobile devices.
"I anticipate BYOD being an area of focus in 2013, and therefore I may seek help with anything from writing the policy to evaluating and implementing solutions for mobile device firewalls, [antivirus tools] and management software," says Libiszewski.
HomeTown Bank plans to use a software-as-a-service mobile device management tool to ensure that devices are being used properly. The software will let the bank define PIN requirements, remove an application from a device remotely or perform a full data wipe if needed, says Wright.