Your business may be at risk from a zombie (mobile device) apocalypse

Mobile devices that you think are dead or disabled may still be alive after all--sucking budget dollars and posing a potential risk to the organization.

The zombies are coming. Yes, I know that zombies is quickly becoming a very tired cultural reference. We did werewolves, then vampires, now zombies. I think maybe it's about time to move on to something else. I vote for poltergeists. We haven't talked about those for decades.

What happens to a company-issued mobile device when an employee leaves the company? In some cases, the employee surrenders the device before walking out the door. But, many businesses--especially organizations striggling to define and manage the consumerization and BYOD trends--allow the employee to retain the device itself, and simply transfer financial responsibility to the now ex-employee. 

That's all fine and dandy...if it happens. According to research conducted by Amtel, however, in about 10 percent of the cases the transfer doesn't occur, and the company continues to unknowingly pay for a mobile device that no longer belongs to it. 

Let's go back and examine what happens when an employee turns a device in. The smartphone or tablet still belongs to the company, but there's no employee to give it to right now, so it goes into a box at the back of the closet...I mean datacenter. Service for the device should be suspended or terminated since it's not being used, but again about one in ten times the company fails to take the necessary steps, and instead continues to pay for service. 

Depending on the size of the organization, these zombie devices can add up quickly. According to a blog post from Amtel, "During an audit of mobile devices for a large multi-national biotech firm, 2 percent of the mobile phones were found to be Zombie phones with an annual bill of $70,00."

Amtel is in the mobile device management (MDM) business, so it has a vested interest in beating this particular drum. That doesn't alter the reality of the math, though. Are you sure you're not still paying for service for mobile devices that don't even belong to your organization any more, or devices that are sitting in a box somewhere?

Aside from the financial implications, there are also security risks posed by these zombie devices. If you aren't even aware that you're paying for service on smartphones and tablets you're not using, odds are fair that you also haven't taken steps to de-authorize and de-provision the devices in other ways. Those zombie devices may still contain sensitive company data, or have VPN connectivity to internal company resources.

Don't let zombies take you down. Regardless of how you choose to address the problem, make sure you have a process for de-provisioning mobile devices, and the right tools in place to make sure you aren't continuing to pay for service and expose your organization to unnecessary risk from zombie mobile devices. 

Security Smart: 4 Common Password Myths ... Debunked!