As with all business initiatives, when companies begin an enterprise mobility journey, they must assign responsibility to ensure accountability. Because mobility impacts so many areas of an organization, however, assigning responsibility\u2014especially in smaller companies where mobility may be driven by a single executive\u2019s edict\u2014can be tricky.\nStart with policy\nWhile the initial focus of mobility is often on users getting devices, every successful mobility program should start with the careful development of policies designed to protect the data that users will access.\nResponsibility for developing these policies falls onto a number of groups that must work together to understand the following: who needs mobile access; what they need access to; what the legal and compliance ramifications are; whether IT is capable of ensuring data security and enforcing the policies that are created; and whether the policies, when enforced, will enable business users to be productive. For the best results, the committee that formulates mobility policies should include representatives from HR, legal, compliance, security, IT and business users.\nStriking the right balance between risk and productivity is essential. Lax security can lead to data breaches; however, making access too difficult can compel business users to circumvent security policies, leading to the rise of shadow IT.\nModels of device ownership\nOnce policies are set, you can decide on the proper ownership model for the devices:\n\nCorporate owned\u2014The company owns the device and takes responsibility for its entire lifecycle, including device management, remote access, applications needed and security strategy. This model is best suited for highly-regulated environments.\n\n\nChoose your own device (CYOD)\u2014You offer a list of supported devices and operating systems, then employees choose from them. Like a corporate-owned approach, the company controls the entire device lifecycle. While this model represents more work for your team, there\u2019s more flexibility for employees who may need or want different types of devices.\n\n\nCorporate owned, personally enabled (COPE)\u2014More common in Europe, with this approach you own and control the device, but let employees put certain data and personal apps from public app stores on it.\n\n\nBring your own device (BYOD)\u2014The employee owns and is responsible for the device, while you are responsible for any enterprise data on the device. With BYOD, however, you has no real control over the data, unless a secure workspace is used.\n\nBe aware, one mode doesn\u2019t always fit all. It is common for organizations to offer both corporate-owned devices for employees accessing highly regulated data and BYO devices with secure workspaces for employees accessing less sensitive information.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\nWhile it may seem that the onus is on you, employees also have a responsibility. No mobility strategy that balances productivity against risk can be successful unless employees take security seriously and follow required guidelines. As part of rolling out any mobility program, it\u2019s essential that a group, whether from HR or IT, be assigned to conduct training on security features and processes\u2014and clearly communicate the consequences of disregarding them.