Written by Luke Medland
Adopting any new technology is a daunting prospect for most IT departments, where standardised platforms are the key to operational success. Current and emerging mobile technologies are invading the corporate enterprise.
Here at the National Skills Academy for IT, we have a number of users who synchronise our Microsoft Exchange based email servers with their personal smartphones, enjoying the unity of work and personal life on one device. This might sound like a nightmare to some of you, but a lot of senior management are enjoying this synergy even though we offer a full BlackBerry mobile environment for every employee. But the mindset of allowing staff to connect their personal devices to work resources is hard to stomach, especially if you work in data-sensitive environments. My background is in private healthcare IT systems, where adhering to ISO 27001 information standards and securing corporate data was of the highest priority. Now in my position at the National Skills Academy for IT, I no longer have to put up barriers and prevent new ways of working. I prefer to at least investigate possible use of personal devices rather than disregard due to policy.
Let's take a look at smartphones; I'm talking about iPhone, Android, Windows Phone 7, Symbian, HP WebOS and potentially MeeGo. What are some of the advantages in allowing staff to connect their personal smartphones to corporate systems? Allowing users access to corporate information systems potentially would increase productivity, allowing staff to read and respond to important emails regardless of contracted working hours. Staff can download attachments and read them on the large vibrant mobile screens and edit documents on the fly. They can check the calendar on their commute into work and prepare for the day ahead. You get the picture. Okay, I might be living in a work/life balance euphoria but the functionality is there and works with the right type of people.
In most companies the IT strategy dictates preferred mobile devices and platforms. Now's the time for CIOs and IT departments to embrace new mobile technologies rather than trying to uphold stringent IT policies crafted years ago, which are often impossible to enforce for the reasons I have already highlighted.
Configuration
So you have bitten the bullet and given in. What's the best way of configuring these devices; and how do I still maintain control? Most of the more popular mobile platforms provide enterprise tools to remotely deploy and configure mobile devices. iOS devices such as iPhone and iPad have corporate deployment tools allowing IT departments the chance to configure options such as passcode policies, wi-fi settings, VPN, e-mail, LDAP and advanced cellular services. These configurations or profiles can be deployed in many ways, by physically connecting the devices to a PC, within an email message, from a website or simply over-the-air. Android offer similar services and a number of third parties have created specific software packages to manage Android devices in the enterprise. ZenPrise offer a MobileManager product with a feature-rich platform to configure devices and even directly interact with a device and kill live processes and apps. All the major mobile platforms have their own tools to make deployment and integration of personal devices easier. Microsoft Exchange can help deploy and configure Windows Phone 7, and can to some extent help configure other ActiveSync platforms such as WebOS and Symbian.
Security
Great, you can configure the devices but what about security and protecting my company’s data and information systems? Most mobile platforms have a number of options to help secure both the device and data. Most of you will no doubt be using Microsoft Exchange as your email server - simply enforcing SSL authentication through ActiveSync is often enough security for most companies, providing an encrypted channel for email, contacts and calendar synchronisation. In addition, most mobile platforms also offer VPN connectivity for SSL, IPSec, L2TP and PPTP supplying a secure way to give employees access to work resources such as file servers, intranets and internal web based systems.
But what happens if they lose their device? There's a potential that company data could be compromised. Most, if not all, platforms now provide a way to remotely manage their devices, both giving options for locating the device using inbuilt GPS location services and also to wipe the device completely. Using Microsoft Exchange EAS policies an IT administrator can issue wipe commands remotely which will not just wipe work email but will also wipe the entire device. Again, there are a number of off-the-shelf products that can provide more detailed control but the basics included in the Exchange email platform are generally enough for most corporates.
The landscape is changing as more enterprise users expect support for their personal devices, often senior managers. It's now time to break away from traditional standardisation to accommodate new ways of working.