You can’t go mobile with a desktop mindset -- but that’s just what too many IT organizations do. The most commonly applied mobile app policies are holdovers from the PC environment, like two-factor authentication and selective access based on Active Directory membership. These measures may be useful in a traditional computing setting, but they’re woefully inadequate for the new world of enterprise mobility. They fail to account for concepts like jailbroken devices, bring-your-own-device (BYOD), untrusted public networks and offline usage.

To make enterprise mobility both secure and fully productive, you need to apply new policies designed specifically for the way mobile users work today. It’s not just about introducing restrictions and roadblocks -- you also need to empower people to do even more with their mobile apps and devices to enable greater business value.

Let’s step back and consider why we’re talking about mobile app policies in the first place. Just a year ago, many organizations thought mobile device management (MDM) would be all they needed for secure mobility. But with so many different kinds of workers in the organization -- full-time and part-time employees, contractors, temps, partners -- it quickly turned out that we needed a more sophisticated approach. You can’t manage a device that belongs to a freelancer or partner company, and your own employees probably don’t want your hands all over their BYOD devices, either. What really matters is managing the apps themselves. Hence, the rise of mobile application management (MAM).

The essence of good MAM is flexibility and granularity -- being able to apply different policies for different apps, user types and mobility scenarios. If you get those policies right, your enterprise mobility security strategy is off to a strong start. Here are five you won’t want to leave out.

1. Block app access if a device is jailbroken or rooted

It happens every day. An employee leaves his tablet lying on the kitchen counter after work and his teenage son grabs it to play games. Before long, he’s jailbroken it to sideload the cool new Android game all his friends are talking about -- the one you can only get in a private app store. Hello, malware.

From now on, everything that employee does on the device is vulnerable to location tracking, data theft and other threats. The device may even have been rooted, allowing broad access to its Android functionality and settings.

To protect your business, make sure to block jailbroken devices from accessing your corporate apps and network.

2. Selectively allow copy/paste

Sometimes it’s fine to allow people to copy and paste content among mobile apps, like when an attorney uses a secure mobile email solution to send some contract language from her firm’s document management system to a client. But you sure wouldn't want her to put that same language into her personal email -- or, heaven forbid, on Yahoo! Mail.