Company officials at MobileIron, a provider of mobile device management solutions recently authored a blog posting about sustainability ideas that were discussed between CIGNA employees Craig Shumard, chief information security officer and Serge Beaulieu, director technical security strategy for the company.

A main point focused on during the discussion was “sustainable risk management” for enterprise mobility. In most situations, corporate IT organizations are forced to analyze potential information risks and then ensure that the network is protected at all times.

However, what happens within the mobile world? The blog revealed that although a similar approach is used due to the fact that the change of pace in mobile is so great, sustainability becomes crucial in the development of mobile risk policy.

Many organizations believe that sustainability is very easy to quantify and measure and that the policy should be adopted immediately, while maintaining relevance forever.  

In the mobile world, many policies that are currently being applied are quickly shown to be unsustainable for many reasons including that users don’t see the benefit or necessity of third-party email apps, users can’t easily understand or remember the policy including apps they are not given permission to view, user requirements reach beyond where IT limits rest—for example only one type of smartphone is allowed where there are multiple brands on the market, social norms have changed as in most situations social networking is now used as part of business operations and users can’t get the value such as apps or a browser that they expect from a mobile device, the blog revealed.

“The more enterprise security compromises the mobile user experience, the less sustainable is the underlying policy,” officials stated. Or to put it in different words, as a CIO in the Federal system stated when he visited MobileIron: “The more the CIO says ‘no’, the less secure the organization becomes.”

Many factors can affect sustainability such as innovative technical trends, social norms, and basic human nature. End-users need to utilize the technology to finish the job they are required to do and if security policies hinder a task from being completed, user will find a way to work around it. Specifically in the mobile space that relies heavily on satisfied customers, minor distractions that users may have been compliant with when working on a desktop are now big problems that they refuse to go along with in the mobile industry.

An unsustainable policy will be high in price, hard to handle and will change constantly. These elements combined will all in effect lead to the policy’s demise.

So how do users develop a sustainable, yet effective mobile security policy? According to the writer of this blog, “In my experience, in these early days of enterprise mobility, many organizations have been spending a lot of time implementing what feels effective but far too little time designing what will be sustainable.