Security Leaders Must Assess their Current Device Security Strategies

What is a Device Security Strategy?

To enable digital agility, organizations need a device strategy with security baked in. The strategy should encompass a unified vision, meet the needs of various teams, and balance an organization’s risk tolerance with its business needs.

It’s easy to say that leaders need a device strategy. But what exactly does that entail? A device strategy will enable the organization to answer the following questions:

What devices are allowed?
Who decides what devices are allowed?
How do they decide?
How do we audit against adherence to the policy?
Who is responsible for tracking devices and ensuring that they’re updated?
Do we allow exceptions to the policy? If so, how do we manage exceptions?
If someone deploys unauthorized devices, how will we know? What actions will be taken?
Do we have one policy for all devices, or different policies for different types of devices?
How are we ensuring that our policies adequately reflect the needs of end users?
How are we ensuring that our policies adequately reflect the needs of line of business managers?
How do we ensure that people are aware of the strategy and incorporate that into their way of working?
How do we change and adapt the strategy over time to react to changes in technology and the business landscape?
If we are willing to accept devices with known vulnerabilities, who is authorized to approve them, and how will we hold that person accountable for accepting the risk?