Controlling mobile access with device management policy: Case study

Omnicom CIO Kenneth Corriveau explains how he keeps employees happy by allowing them to use their own gadgets, but also secures his network by ensuring insecure devices are kept at bay

. What's this?

By , Senior Editor

June 30, 2011CSO

Like CIOs at many organizations, Kenneth Corriveau saw the writing on the wall. The employees in his company wanted to use their own devices for work and were going to keep asking, regardless of what policy might state about using personal technology to connect to corporate networks.

"It really increased in the last 18-24 months when mobile devices starting becoming more and more prevalent," said Corriveau, CIO of Omnicom Media Group, a global advertising and marketing communications services company. "About the same time, users really started going out and purchasing their own equipment. There was this shift from whatever we issued at the office was what everyone used, to having users that worked on their own personal computers at home and were saying they have a mobile device and it was their platform of choice for work. That was a tipping point when we decided we had to put a plan together."


[See also: Just say yes: Why banning consumer devices makes your organization less secure]


With a presence in 80 countries and a lot of grumbling from a wide swath of users, Corriveau wanted to open up access for Omnicom employees — but he wanted to do it securely. That meant getting a handle on the visibility of all mobile devices trying to touch his network, and then implementing discreet controls that would allow people access within corporate policy limits.

Today, Corriveau's team manages approximately 10,000 nodes - everything from iPads, iPhones, Androids, Blackberries, laptops, desktops, conference room computers and more. With his current policy enforcement system in place, Corriveau notes the platform no longer matters, as long as the device is up to snuff with his policy. Here, he explains how his system works.

CSO: Where were you with device policy a few years ago?
Kenneth Corriveau: We had a policy, and still do, that only corporate devices can connect to the corporate network. But there was a tone out there; we were noticing a trend and more requests were coming through for access to the network, usually to read email, on non-standard or non-corporate devices. That was where we started to see the trend.

So, we started to have some focus groups and talking to different constituents about what would help them. Our population skews younger in our environment. That played a role as well. The younger population seems to have more of an affinity for technology, for using their own gadgets and we knew we had to make it possible for them to do that securely.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER