Download the new issue of InformationWeek TechDigest, distributed in an all-digital format (registration required).

In most companies, support of mobile devices hasn't been IT's finest hour, particularly when it comes to helping employees use new devices. In fact, the process of embracing mobility for workers in many companies follows painfully close to the Kübler-Ross model of the five stages of grief -- denial, anger, bargaining, depression, and acceptance. The process has been far from the warm, welcoming embrace IT has given to technologies such as virtualization or solid state storage.

When it comes to mobile support for external customers, though, IT leaders are of an entirely different mind. For customers, IT has jumped at the chance to build mobile apps and support connections via smartphones and tablets, seeing this new link as the best thing IT can build to contribute to the company's digital strategy.

Supporting a mobile workforce and connecting to a mobile customer base are both critical to companies looking to build what we're calling frictionless IT -- an IT strategy and infrastructure that would allow companies to quickly react to new opportunities. Because mobility for internal users has taken a markedly different path to acceptance than mobile customer support has, we'll look at each separately. However, elements of the mobile strategy can and should be universal, even if the goals aren't.

The Simplicity Of Youth
It's hard to fault the grief process reaction to bring-your-own-device smartphone policies. Prior to BYOD, most IT teams had it down. Lots of people got laptops from the company, complete with security and management software. Fewer people got BlackBerrys from the company, but the built-in security and management and limited browsing capability made the BlackBerry pretty easy to manage. The iPhone, iPad, and Android devices changed that all in an instant. IT went from supporting two or three end-user systems to five or six -- or perhaps dozens, depending on how you approached Android. And from IT's point of view, the company got very little in return. Workers just got to use a fancier device of their choosing.

According to our 2014 Mobile Security Survey, two-thirds of organizations have a mobility policy that allows employees to bring their own devices. A similar percentage said they had such a policy in 2013. Policies are split between allowing a limited range of devices (46%) and letting users bring any device as long as they agree to abide by the company's policies (43%) -- and the trend is toward supporting only a limited range of devices.

Policies differ significantly between company-owned devices and personally owned ones. For company-owned devices, 86% of respondents said it is OK to store company data on the device, though 41% require the use of an encrypted container. For personally owned devices, only 53% said it is OK to store company data, with a third requiring the use of encrypted containers.

This huge gap between letting data on company-owned versus personal phones is a bit of a head-scratcher. IT's main concern for mobile devices is that they'll be lost or stolen (72%), followed by users forwarding data to cloud-based storage like Google Drive or Dropbox. Whether or not the device is owned by the company, it can easily be left in a cab or at a restaurant. Policies around security need to be shaped around the data people are using, not based on the device or who owns it.

The goal for IT should be the ability to say "yes" to allowing data on most any mobile device; if business users have a legitimate use, then they should have access to their data. After all, it's their data, not IT's. Policies on encryption and the shareability of data need to be predicated on the data's nature and value to the company. At the device level, IT needs to think about security in terms of enabling data access. Unfortunately, while that mindset leads to a good consistent policy, device makers are now going to extra lengths to make their devices safer. All in all that's a good thing -- but when each device maker gives IT a different set of protection mechanisms, it's all but impossible to craft and enforce a consistent policy. The bottom line is that you'll need some sort of enterprise mobility management software that works on all devices and operating systems that you're going to support.

To read the rest of this story,
download the entire July 2014 issue of InformationWeek TechDigest.