A corporate mobility policy, also called a mobile device policy is a set of guidelines that govern the use and security of mobile devices such as smartphones, PDAs and tablets within the corporate network.
The need for a corporate mobility policy is driven by the need to protect the security of corporate information assets against theft or loss, and ensure that the corporate is able to demonstrate compliance with prevailing regulatory guidelines and other legislation affecting corporate data. Consequently, one of the first goals of a corporate mobility policy is to define the means to secure data both at rest and in flight.
The notions of education and responsibility add other dimensions to the corporate security policy. Education involves training mobile device users about device protection, data encryption and backup, and password management techniques. Responsibility delineates the proper courses of action in using mobile devices within the corporate network, and taking the correct actions in response to various situations such as responding to a lost or stolen mobile device, the devices supported by the corporation, the tools and technologies used for data protection, and so on.
The last element of many corporate mobility policies includes a consideration of enforcement, which outlines the requirements and repercussions of the corporate mobility policy. Enforcement may require the use of encryption and secure connectivity, preventing unauthorized devices from accessing the corporate network, and mitigating mobile user costs.