TCO & Security of Enterprise Grade Mobility
Compliance, Control, Cost and Consumerisation: What
businesses can learn from the public sector about best-practice
mobile enterprise management.
Mobile Workforce Strategies Service
Andrew Brown, abrown@strategyanalytics.com
October 2012
�Whitepaper Snapshot
The last few years have seen significant momentum behind the “Consumerisation of IT” in
the enterprise and mobility has undeniably been a key factor in these developments.
Smartphones and tablets running multiple operating systems and supporting a multitude of
applications, while offering increased choice for users, are creating a new set of challenges in
the workplace, where IT departments face the challenge of protecting data, intellectual
property, and ensuring compliance.
This is especially evident in the UK Public Sector, where multiple departments handle areas
as diverse as delivering social security, administering urban planning and managing national
defence requirements. In order to provide control elements such as policy and assistance on
the security of communications and electronic data, the UK government has a body called
CESG*, the National Technical Authority for Information Assurance (IA) that protects the
interests of the UK by providing policy and assistance on the security of communications and
electronic data, working in partnership with industry and academia.
As part of CESG’s work, it has undertaken a series of minimal due-diligence risk assessments
for a variety of smartphone platforms including the BlackBerry OS, iOS, Symbian and Windows
Phone. Android was not assessed. It has also identified the network topology and system
interconnections required to support the various platforms and summarised the risks of each
offering when holding Impact Level 2 data.
Impact levels (IL) summarise the consequences to an organisation or a given security
evaluation if data is leaked, damaged or lost, or the integrity or...