Tiered Trust Model – Supporting Corporate Mobile Devices2018-08-09T12:34:12+00:00

Trade-off between risk, usability and cost

Supporting corporate mobile devices within large corporations or government agencies brings new and very real challenges compared to managing a fleet of desktops and laptops.

Whether supporting BYOD or corporate mobile devices, there is always a trade-off between giving workers usable mobile solutions, and addressing the data security requirements at a cost that is acceptable to the business.

It is generally not possible to satisfy cost, usability and security requirements without making compromises in one or two areas.

Tiered Trust Model 

To balance the equation for risk, cost and usability with corporate mobile devices, Mobile-Mentor advocates a trust-based model.  This allows a range of scenarios from no security at one end of the spectrum to high-trust at the other end of the spectrum.

Different policies, configurations and device standards apply for each model.  For example, a “low-trust” project (e.g. roster management for shift workers) may require a BYOD Android device that is un-managed and connected to public WiFi.  However, a “high-trust” project (e.g. reviewing patient notes) might require a fully managed corporate iPhone, fully patched with encryption, certificate integration and two-factor authentication for specific clinical apps.

Risk management framework

The 4 categories below form the basis of a simple risk management framework.  It will then be up to each business unit or department to choose the appropriate level of protection based on regulatory compliance, external reputation, operational and financial impacts.

This kind of risk management framework allows new mobile solutions to be assessed in a consistent manner across multiple projects.  It is recommended that the data owners, IT and the business collaborate to forming a view, of what the impacts are for each new mobile project.

For example, here is a sample blueprint for 4 mobile projects with very different requirements across the security spectrum and the resulting requirements for each one.  This is intended to be for illustration only and our engineering team can design a more complete model as needed.

Want to discuss a tiered trust model for your business?