Minding Your Mobile Assets

By Samuel Greengard  |  Posted 2009-10-26

Ask any executive for a list of game-changing technologies, and mobility is likely to appear near the top. Smartphones, PDAs, laptops, netbooks, Wi-Fi, cellular broadband and a variety of other tools make it possible to exchange e-mail, sales leads and other data from almost any point on Planet Earth. The widespread availability of real-time communication has ushered in a new era of opportunity and efficiency.

Forrester Research reports that 73 percent of global enterprise work forces will be mobile by 2012. Managing a plethora of devices, developing coherent policies and instituting adequate security are no small tasks.

“CIOs and other IT executives face enormous challenges,” says Sean Ryan, research analyst for Mobile Enterprise at IDC. “With so many devices and so much fragmentation in the marketplace, it’s difficult to develop sound policies, procedures and practices that address all the issues.”

Unfortunately, the situation isn’t getting any easier. While executives may clamor for BlackBerrys, a sales force may demand iPhones. While some workers connect their laptops via secure cellular connections, others tap into the network via unsecure Wi-Fi.

Then there’s the issue of business versus personal use. With so many options and possibilities, IT can find itself reeling. Who provides the devices and who pays for them? Should an organization standardize on one or two platforms, or create an open environment? And what security policies are required to keep corporate assets safe?

There is no one-size-fits-all approach. “It’s important for an organization to thoroughly understand its business processes and workflows—as well as who is using the devices and how they are using them,” says Bill Clark, research vice president at Gartner. In addition, it’s vital to build a framework that’s flexible and cost-efficient. “A cradle-to-grave viewpoint is essential,” he adds. “Without strong oversight, it’s difficult to manage mobility effectively.”

A Sound Approach

Mobile technology has emerged as a mainstream tool that reaches every level of an enterprise—and beyond. However, getting a handle on mobile assets and developing a strategy for managing them can prove daunting. Although software applications can handle the mechanics of keeping track of devices, they do nothing to help an organization develop a coherent strategy for purchasing, issuing, and overseeing the technology and the way it is used.

A 2009 mobility study conducted by Motorola found that the biggest challenges facing a mobile enterprise are cost of hardware; security concerns and risks; cost of software, integration, service and support; difficulties in employee training and support; and difficulties integrating mobile applications into the existing infrastructure. Although the survey focused on the hospitality industry, it’s clear that these issues are something that all organizations must cope with.

A starting point, Clark says, is to identify what tasks take precedence, and then map devices and tools to specific roles across the organization. While BlackBerrys may be ideal for executives who message heavily, an iPhone loaded with the right CRM application or database tool may unleash the full potential of a sales force or field support agent. “It’s important to eliminate steps, simplify data entry and access, and make people more strategic,” he says.

Of course, no two businesses are created equal. Safelite AutoGlass repairs and replaces automobile windshields at facilities and mobile service vans scattered across every U.S. state. The company, headquartered in Columbus, Ohio, found that by consolidating on a single platform—in this case, BlackBerrys equipped with a Bluetooth pen and a printer—it could streamline an array of processes and manage scheduling and field transactions far more efficiently. It adopted the mobile platform four years ago. Today, it has more than 3,300 smartphones in the field, says Chris Delong, director of open systems and infrastructure.

Standardizing on a single platform was all about dollars and sense. Since field technicians require the devices for messaging and handling transactions, the company installed a BlackBerry Enterprise Server and created a blacklist and whitelist of Web sites. There are no limits on voice calls. Instead, the company uses trip wires that indicate only whether an employee is placing international calls or venturing beyond an established threshold for calls or text messages.

Safelite allows some executives to use iPhones or Windows Mobile devices because they have more complex requirements. “There is a smattering of other devices but, from an operational perspective, the BlackBerry is the device of choice because it simplifies IT management and provides tight controls,” Delong notes.

In fact, the company oversees the entire mobile device environment with a four-person IT staff. “Standardization, along with a mature, robust BlackBerry platform, has allowed us to maximize ROI,” he adds.

Standardization Is Difficult

Safelite’s situation is not typical, and many firms find it difficult to standardize on a single mobile device or platform. Different departments and employees have diverse needs, so locking in on a single system can undermine productivity. As Gartner’s Clark puts it: “An organization that lacks flexibility and the right tools can find itself at a strategic disadvantage.”

Platforms and preferences are key issues facing the Nationwide Mutual Insurance Co. The Columbus, Ohio, firm, with $1.7 billion in 2008 sales, has traditionally relied on BlackBerrys for messaging and voice communication. It has also used cellular broadband-equipped laptops for certain situations. “The goal has been to make data widely available within a secure, managed environment,” says Robert Burkhart, director of new technology.

In the past, Nationwide owned smartphones and various employee-used devices, but it may soon shift to an employee ownership model. The proliferation of iPhones and other devices—along with more advanced management and security capabilities—is forcing decision-makers to rethink things.

“There’s no reason for people to carry two or more devices,” Burkhart says. “And pricing plans have come down to the point where limits for personal calls and minutes aren’t necessary.” But the firm will likely continue to impose caps on data usage.

To embrace a more open and flexible environment, Nationwide turned to Sybase Afaria, which supports Open Mobile Alliance Device Management standards. Burkhart says the environment also helps reduce costs by offering troubleshooting and help-desk capabilities, while passing the bulk of the responsibility onto manufacturers and carriers.

Gartner’s Clark says it’s essential to understand organizational roles and usage patterns so the enterprise doesn’t overspend on devices or on calling and data plans. “Not everyone needs an iPhone,” he says. “Not everyone needs a data plan loaded with minutes. An organization must look at the efficient use of resources and basic cost-containment issues.”

Dialing Into a Strategy

It’s critical to create a strategy for managing a mobile environment. Applications such as Sybase Afaria, Trellia, Microsoft Systems Center Device Manager and Odyssey Software Athena provide increasingly sophisticated mobile management features. These include the ability to configure devices remotely, enforce different sets of policies for different users and devices, and view applications running on all of them.

Many of these packages also provide diagnostics features and support troubleshooting and help desk activities. The latter is important because mobile devices travel off premises and away from hands-on IT support.

IDC’s Ryan urges enterprises to examine device management applications carefully. And there’s no single template even within the same industry. “Some organizations support only a single platform, and others support multiple platforms,” he says. “You have to understand what you want to achieve and where you’re headed so you don’t wind up getting boxed in.”

Flexibility is only part of the story, however. Mobile device management also involves thinking through a spate of practical issues, such as who pays the phone bill, who owns the phone number, how to deliver tech support, and which applications the enterprise allows on smartphones and laptops. Further complicating matters, various groups of employees usually have entirely different needs and usage patterns.

These are all issues that Soberman LLP, a Toronto-based public accounting firm, faced when it moved to a mobile platform. The 150-person company has specialists who spend about 90 percent of their time in the field providing accounting and auditing services. In some cases, they are at a client site for a week to 10 days. As a result, mobile tools are essential, and staying connected to enterprise systems is unavoidable. What’s more, security, privacy and confidentiality are vital, notes Susan Hodkinson, chief operating officer.

Soberman has turned to a mix of devices and systems. Accountants mostly carry BlackBerrys, but employees also rely on laptops equipped with dial-up, 3G data cards, Wi-Fi and WiMax. And a few executives carry netbooks.

Within this environment, it’s crucial to achieve a high level of IT compliance and security. So Soberman opted for a Trellia mobile management system that provides provisioning, simplifies compliance and standardizes various processes. The solution also helps the company track billing and cost issues, including which devices make sense for various user groups.

No less important, the application allows the firm to designate which Wi-Fi networks employees are allowed to connect with and the order in which they can connect. “Creating a whitelist and a blacklist is enormously important,” says Robin Persaud, senior network engineer at Soberman. “We’re able to secure the devices and the network far more effectively.”

These systems can assist in other ways. Many organizations, including Safelite and Soberman, are moving away from a reimbursement model for mobility devices and are adopting an employer-paid model. This approach makes it easier to control the device and phone number, while also amping up security. It also sheds paperwork by eliminating expense reports for mobile devices.

“For many companies, it makes a lot more sense to set limits and look for exceptions, rather than tracking everyone and everything,” says IDC’s Ryan.

Making Security Count

Although mobility offers compelling advantages, it also presents an array of security concerns. For example, it’s estimated that 70 percent or more of enterprise data now resides in some form on mobile devices. Remarkably, approximately three out of four organizations lack comprehensive formalized policies for dealing with mobile devices and data.

As workers try to connect their personal devices to a corporate network and access Microsoft Exchange Servers and other applications, the potential headaches mushroom. Typical corporate asset management and security issues are also magnified by the fact that mobile and wireless devices travel beyond the physical boundaries of the enterprise. Moreover, content streams past the corporate firewall, and smartphones and computers are easily lost or stolen. There’s also the issue of ensuring that devices can no longer be used to access corporate data after an employee leaves the company.

When IDC asked business leaders whether their organizations have deployed mobile device management tools to track handheld devices used by employees, only 53 percent answered yes. Although this figure is a major improvement over 2008, when only a third of companies had management and security systems in place, it still translates into a huge risk. As Ryan puts it, “Mobile management and security are closely linked.”

In fact, Vodaphone UK found that 25 percent of all businesses have experienced security breaches as a result of employees using their laptops and mobile devices outside of work—and essentially ignoring company policies. Moreover, half of all workers weren’t aware that different policies exist for using devices and systems for work versus outside of work. No less unsettling: One-third of the respondents either didn’t know their organization had an IT policy or they had never read it.

Administration and security issues are inextricably linked at Addison Avenue Federal Credit Union, which serves 140,000 members at companies scattered across 10 states and Puerto Rico. It also reaches members around the world through its online channels. Three years ago, the company, based in Palo Alto and Rocklin, Calif., developed a policy framework for meshing business requirements with a mobile strategy.

“We spent a lot of time talking to users, and we put a control group in place to better understand how they use devices,” says Ken Smith, director of customer support and information security. From this, the firm created a policy document for its employees, including the sales force. This led to specific administration and security strategies.

Addison Avenue divides mobile accounts into two tiers: company-liable and employee-liable. The organization owns the devices and phone numbers for the first group. “We pay the bills,” Smith says. The second group, however, required a bit more analysis. “These individuals select and provision their own device,” he says. “They get the bill, and we reimburse them for certain uses. We know that they do need to use the device for business purposes from time to time.”

That meant defining a set of standards and security policies—and ensuring that the employees understood and acknowledged them. Whereas a BlackBerry Enterprise Server provides much of the protection needed for the company-owned BlackBerry devices, Addison Avenue is testing security for other devices, including iPhones and Windows Mobile smartphones. In addition, the company uses device locks for time-outs and has remote management and wipe capabilities on company-issued devices.

IDC’s Ryan says the ability to track and lock devices, encrypt data and use a remote-wipe feature is essential. “Smartphones, netbooks, notebooks and other devices constantly go missing,” he points out. “With the amount of data stored on these devices—and the ability to access enterprise applications and databases—there’s no margin for error.”

Moreover, the right software slides the dial on device management from policy to practice. There’s no possibility of employees forgetting or sidestepping a rule. Finally, organizations can implement blocking features or lock down specific components, such as camera phones, that may pose a security risk.

Connecting to Success

Mobile device management isn’t likely to get simpler any time soon. Ryan sees the consumerization of mobile devices continuing and various platforms—including BlackBerry, iPhone, Windows Mobile, Palm, Android and Symbian—remaining viable over the next few years. What’s more, complex business requirements, greater regulatory concerns and rapidly changing technology make mobile device management a challenging

IT proposition. “It creates issues that don’t exist for traditional IT,” he says.

The good news, says Christopher Isaac, a partner at PricewaterhouseCoopers Advisory Practice, is that the Internet and the maturation of mobile and wireless technologies are ushering in greater simplicity and an ability to connect various platforms and systems. Also, growing competition among providers translates into opportunities for astute companies.

“Convergence means that hardware suppliers are competing with software providers, who are competing with service providers,” he says. “In such circumstances, opportunities abound to negotiate favorable service agreements.”

Nevertheless, organizations must take a proactive stance. Those that plot out a business case and develop policies and procedures for handling mobile devices are likely to reduce costs, improve efficiency and trim risk. There’s no single route to success, but a focus on managing the environment holistically pays dividends.

“The genie is out of the bottle,” cautions IDC’s Ryan. “Employees expect leading-edge mobility tools, and the enterprise requires them to compete effectively. So it’s up to IT to manage the environment effectively.”