Mobile messaging, mobile voice and instant messaging continue to grow as popular communications media, yet many enterprises are still far behind user demand.
This series on enterprise mobile messaging by Paul DeBeasi, senior analyst at the Burton Group, provides mobile managers with an in-depth view of mobile messaging applications. It includes enterprise mobile email and mobile instant messaging, mobile voice, and mobile security and management.
In this series, you'll learn about mobile messaging technologies and how your enterprise can benefit from them.
Mobile messaging overview
A Queensland University of Australia study found that short message service (SMS) text messaging is as addictive as cigarette smoking. This same addiction applies to mobile email (just ask any user who refers to a BlackBerry as a "CrackBerry"). Mobile voice usage is exploding. According to a Nokia-Siemens study, the number of voice minutes-of-use on the mobile cellular network now exceeds that on the plain old telephone system (POTS) network. The obvious conclusion is that users demand mobile messaging (i.e., mobile instant messaging/email/voice). But why hasn't the enterprise fully embraced it?
Mobile instant messaging
Mobile instant messaging (IM) is the ability to engage in an IM conversation from a mobile device. Note that there is a difference between SMS -- aka "text messaging" -- and mobile IM. Text messaging is a network operator-provided service, whereas mobile IM integrates with enterprise IM systems and possibly with popular consumer services such as AOL, Yahoo Messenger and Google Talk. In addition, SMS lacks the session persistence, buddy lists and presence status that IM has (see Table 1).
Vendors such as Research In Motion (RIM), IBM, Microsoft and Sybase iAnywhere provide enterprise IM products. Most enterprises have been slow to adopt these products, however, because of concerns over security and manageability.
|Capabilities||Instant Messaging||SMS Text Messaging|
|Addressing method||IM handle||Mobile phone number|
|Billing impact||Uses mobile data plan||Uses text message plan|
Table 1: Instant Messaging versus SMS Text Messaging
Access to mobile email is evolving from being an "executive perk" to a mainstream enterprise application. Mobile employees are driving this transition by demanding that IT provide them access to email while they are on the go. In some cases, mobile employees find ways of working around IT by using consumer email services to perform business email. To be fair, IT staff must ensure that mobile email is secure and manageable. Features such as remote data wipe, password protection and data encryption are critical. In addition, data roaming charges are unpredictable and potentially very costly (see the iPhone $5000 roaming fee story). Recently, the European Union (EU) telecommunications minister proposed price controls for data roaming fees that will help reduce costs.
Leading enterprise email vendors include RIM, Microsoft, Sybase iAnywhere and Motorola Good Technology. (Nokia recently stated that it was dropping further development plans for its Intellisync product line.) The products vary in their support for a wide array of mobile devices, scalability, manageability and security.
If you're reading this article while sitting in an office, there's a very good chance that you have two phones available for use: an enterprise desktop phone (that's increasingly based on Voice over IP [VoIP]) and a mobile cellular phone that's in your pocket, attached to your belt, or in your handbag. Within an enterprise, a mobile phone is typically located within about six feet of a wireline phone.
The reason for these "redundant" phones is quite simple. The wireline phone is usually part of an enterprise premises-based phone system -- private branch exchange (PBX), for example, or IP-PBX -- provided by the employer. In contrast, most mobile phones typically belong to employees, reflecting their desire for mobility and their need to make personal, non-business calls. Some enterprises supply mobile phones to their employees who need them off-site or during travel, but most of these workers have an enterprise desktop phone at the office as well.
Some enterprises have begun to integrate the mobile phone with the enterprise PBX. Fixed mobile convergence (FMC) products will link mobile phone users with the enterprise PBX, thereby providing a single mailbox, a single phone number, and access to PBX features. FMC products will also enable unified communications and provide presence-enabled voice, video and text communication that can be integrated with enterprise applications.
Mobile messaging (i.e., mobile IM/email/voice) has permeated our business and personal lives. Support for mobile messaging has been slow to take hold in the enterprise, however. This is due to issues such as security, manageability and cost. Some employees, frustrated by the lack of support for mobile messaging, bypass the IT department and use consumer services.
Most enterprises use email for communication and collaboration on their desktop and laptop devices. However, email usage on mobile devices (e.g., mobile phones) is not nearly as widespread. Gartner claims that there are currently 30 million enterprise mobile email users. That sounds like a lot until you consider that 30 million is less than 1% of the 3 billion+ mobile phone subscribers worldwide. The mobile email market has a lot of growth potential and is becoming more pervasive in the enterprise. But what is the best approach to deploy mobile email in the enterprise?
There are three architectural approaches for enterprise mobile email deployment: enterprise data center, network operations center, and service provider. The enterprise data center approach is the most common (see Figure 1). The enterprise deploys the email application servers in their own data center along with a mobility server such as the Research In Motion (RIM) BlackBerry Enterprise Server (BES).
The mobility server provides functions such as:
- Secure and reliable connection with the mobile device.
- Mobile device provisioning, policy administration, and monitoring.
- Email, calendar, and address book synchronization.
- Remote device wipe and access control.
The advantage of this approach is that the enterprise retains control over the servers and the end-to-end data flow. The enterprise can lock down the application servers and mobility server in their data center and thereby control the storage/journaling/retrieval of confidential information contained in the email messages. In addition, many enterprises will lock down the mobile device using device encryption, access control mechanisms, and remote wipe capabilities. Lastly, the enterprise can achieve fault tolerance by deploying redundant servers in backup data centers. Vendors such as RIM (BlackBerry), Microsoft (Exchange Server with Active Sync), Motorola (Good Technology), and Sybase (iAnywhere) provide leading solutions.
The drawback to this approach is that the enterprise must establish and manage contractual relationships with operators around the world. The enterprise shown in Figure 1 has relationships with only two mobile operators (AT&T and Vodafone). But what if a multinational corporation has mobile employees in 20 countries? They will need to establish and manage quite a few mobile operator relationships. This can be costly and time consuming.
The network operations center (NOC) approach solves the problem of maintaining many operator relationships (see Figure 2). A vendor-managed (e.g., RIM) NOC maintains the contractual relationships and physical connections with mobile operators around the world. The NOC simplifies the solution for the enterprise because it need only maintain a contractual relationship with a single entity. The leading enterprise NOC solution provider is RIM, whose BlackBerry devices and BlackBerry Enterprise Server provide a secure and manageable solution that enterprises have embraced.
This approach has its own drawbacks, however. An NOC failure can cause the enterprise email system to come crashing down (the RIM NOC suffered a major failure in 2007 that disrupted email access for more than 24 hours). In addition, confidential enterprise email messages and attachments must pass through NOC servers. Some enterprises view this as an unacceptable security risk and opt for a different solution.
The last approach is the service provider approach (see Figure 3), where the enterprise uses an email service. The email server and mobility gateway are deployed in the service provider data center. The enterprise manages the provisioning of users and leaves the rest of the tasks -- such as security enforcement, device management and server management -- to the provider. The main advantage of this approach is simplicity. The major drawback is that the enterprise lacks control over the servers and confidential information messages. Vodafone (BlackBerry Enterprise Service), AT&T (Xpress Mail Enterprise Edition), and Verizon Wireless (VZEmail Service) are examples of service provider email services.
Enterprises can choose among three approaches for mobile email deployment. The approaches vary in simplicity, security and control. Most large enterprises will choose to deploy the enterprise data center or network operations center approach because they provide much greater enterprise control over email security than a service provider solution does. Alternatively, many small to medium-sized enterprises will opt for the greater simplicity of a service provider email solution.
Mobile IM and voice
Instant messaging and mobile voice services were designed for consumers, yet they are increasingly being used in the enterprise. What options exist for enterprises to offer these services in a way that is secure and manageable?
Mobile instant messaging
Mobile instant messaging (IM) provides the ability to engage in short, text-based conversations between mobile users. There are three types of mobile instant messaging. The most popular is the short message service (SMS), aka "text messaging." Text messaging is a widely successful mobile operator service, and message volume continues to grow at a rapid pace (see Figure 4).
The genius of text messaging is its simplicity. There is no file transfer, no chat history, and no enterprise features such as message logging. Unfortunately, employees who use text messaging for business communication circumvent the ability of IT staff to enforce enterprise mobile messaging policies.
Consumer IM services such as AIM, Google Talk and Yahoo Messenger are now available for mobile devices (e.g., AIM Mobile). These services are more sophisticated than text messaging because they provide capabilities such as file transfer, chat history, and voice/video communication. Consumer IM users typically communicate with other members of the same service. However, services such as Trillian can aggregate multiple consumer IM services together using a single client. As with text messaging, employees who use consumer IM services for business communication circumvent the efforts of IT staff to manage mobile messaging.
Enterprise IM systems such as BlackBerry Messenger, IBM SameTime and Microsoft Office Communication Server (OCS) add enterprise network management and security features. For example, Research In Motion (RIM) encrypts messages and maintains an audit trail for offline message storage, retrieval and analysis. Enterprise IM systems can launch voice and video chat sessions and are usually integrated within a broader unified communication product portfolio. Finally, some enterprise IM systems can federate with consumer IM services, enabling employees to communicate with consumer IM users. Table 2 summarizes several of the major differences among text, consumer and enterprise IM solutions.
|File Transfer||Chat History||Voice & Video||Message Audit||Encrypted Messages|
Table 2: Mobile Messaging Comparison
As more enterprises hire GEN-Y employees, they will increasingly need to deploy an enterprise IM system. GEN-Y employees rely upon text messaging rather than email as their primary method of communication. These employees will use whatever IM technology is available to them for business communication. If they choose to use a consumer IM service, IT staff will not have visibility into that communication exchange. Enterprises should deploy enterprise mobile IM systems now in order to provide an alternative to consumer IM and text messaging services.
Mobile voice usage continues to grow rapidly. In fact, mobile voice minutes now exceed public switched telephone network (PSTN) voice minutes (see Figure 5). Many enterprise users are leaving behind their desktop phones and are opting to use only their mobile phones. This trend is quickly transforming "advanced" Voice over IP (VoIP) desktop phones into antiquated "bricks" that restrict employee mobility.
Mobile phone proliferation drives IT staff to integrate these devices into the enterprise telephony system. For many enterprises, the first step is to deploy a solution that enables mobile phone integration with the telephony directory, provides a single voice mailbox, and facilitates a single phone number that rings all phones (e.g., desktop phone, mobile phone, softphone clients, and Wi-Fi phone). Products from Avaya, Cisco and Ascendant/RIM provide this capability.
Some enterprises are moving beyond this first step to deploy fixed mobile convergence (FMC) solutions using dual-mode (Wi-Fi/cellular) mobile phones. FMC can exploit synergies between wireless and wireline network technologies to deliver important new capabilities. For example, mobile phone users could automatically switch to a wireless local area network (WLAN) whenever they moved within close proximity of a WLAN access point (AP) and then have their calls routed over fixed wireline networks. Internet Protocol private branch exchanges (IP-PBXs) could provide call control and enterprise telephony applications for both wired desktop and wireless phones. And FMC can apply to multimedia (e.g., video and messaging) as well as just voice communications.
Imagine an enterprise office worker who begins a telephone conversation on a mobile phone while at an office location. While continuing to talk on the phone, he takes public transportation home and concludes the conversation on the same mobile phone while sitting at home.
Nothing about this scenario is very unusual today, as a typical mobile operator's cellular network probably provides sufficient geographic coverage of his office, home and in-between commuting route, at least in most urban or suburban areas of developed countries. What makes FMC different, as shown in Figure 6, is that the voice call could start on an enterprise-site WLAN (A), automatically transfer to the mobile operator network during the worker's commute (B), and then automatically transition again to his residential WLAN after he arrives home (C).
FMC products from vendors such as Agito, Divitas and Tango Networks provide PBX-agnostic FMC solutions. FMC deployments have been slow to emerge in the enterprise because of integration complexity, product immaturity, and a limited set of supported mobile phones. This market continues to move forward, however, as FMC vendors work to address these issues.
IT staff must find a way to get ahead of the "mobile messaging curve" if they want to influence the use of this technology within the enterprise. They should deploy enterprise mobile IM systems as an alternative to consumer IM and text messaging services. They should consider mobile voice solutions that integrate the mobile phone with the corporate telephony system. Finally, they should continue to monitor the progress of FMC solutions.
Mobile security and management
There were approximately 40 million smartphones shipped in the third quarter of 2008. Most of these phones were purchased for personal use. However, a growing number of employees expect to connect their personal device to enterprise networks in order to retrieve email, synchronize calendars and download files. Although the enterprise may not own the device, it does own the information assets stored on the device. Therefore, enterprises must evaluate mobile device threats and implement mitigation techniques.
Mobile device threats
The use of mobile devices exposes the enterprise to security threats such as:
- Device loss or theft -- A recent Credant study estimated that there were more than 31,500 mobile phones left behind in New York's yellow taxicabs during a six-month period in 2008.
- Data leakage -- Any sensitive data stored on a mobile device can be easily transferred to other storage devices and computers.
- Unauthorized wireless usage -- Wireless security policy violations can expose the enterprise to system attacks (e.g., connection to a wireless ad hoc network can lead to man-in-the-middle attacks).
- Malware attacks -- An increasing number of malicious software attacks target mobile devices (e.g., viruses, Trojan horses, worms, etc.).
Enterprises should establish security policies that minimize mobile device threats without unduly restricting usability. We recommend that enterprises consider the following policies:
- Implement a continuous program of employee education that teaches employees about mobile device threats and enterprise security policies.
- Perform periodic auditing of device security configuration and policy adherence.
- Perform regular backup and recovery of confidential data stored on mobile devices.
- Adhere to product-specific best practices. For example, see the Microsoft Security Guide for Mobile Device Manager 2008 or the BlackBerry Enterprise Solution Security Technical Overview.
- Perform configuration and software upgrades "over the air" rather than requiring the user to connect the device to a laptop/PC.
- Encrypt traffic between the messaging server and other enterprise servers (e.g., between the RIM BlackBerry Enterprise Server and the Microsoft Exchange Server).
- Enforce strong passwords for device access.
- Enforce the use of virtual private network (VPN) connections between the mobile device and enterprise servers.
- Encrypt local storage, including internal and external memory (e.g., secure digital cards).
- Enforce the same wireless security policies that are used for laptop wireless security. Refer to the article "Best practices for securing your wireless LAN" for additional information.
- Consider the use of two-factor authentication in order to strengthen network access security.
A variety of device management products can help the IT manager mitigate threats. These include Microsoft Mobile Device Manager 2008, Research In Motion (RIM) BlackBerry Enterprise Solution, Sybase iAnywhere Afaria, and Motorola Good Technology. Unfortunately, features vary from product to product and device to device. Therefore, the features recommended below may not be available for all products and all devices. Most notably, the Apple iPhone still has a long way to go before it can be considered "enterprise ready."
Enterprises should ensure that their mobile device network management system enables the administrator to perform the following functions:
- Disable the device and restore the device to factory defaults (including the ability to delete all files and flush caches).
- Change the password and delete locally stored password history.
- Control system software upgrades (e.g., load new operating system).
- Control application installation and removal.
- Disable the ability of users to load applications, except those approved by IT.
- Control location-based applications (e.g., disable/enable GPS, control which applications can access GPS information, disable/enable the sending of device location updates to enterprise servers).
- Control use of Bluetooth (e.g., disable/enable Bluetooth usage, require use of a passkey to complete Bluetooth paring, disable Bluetooth discovery, encrypt Bluetooth communication).
- Control multimedia capabilities such as cameras and microphones.
- Control data transfer between the mobile device and servers (e.g., ActiveSync).
- Perform logging and auditing of all mobile messaging (email, instant messaging, etc.).
A growing number of employees expect to connect personal devices to enterprise networks in order to retrieve email, synchronize calendars, and download files. Although the enterprise may not own the device, it does own the information assets stored on the device. Enterprises should therefore consider the recommended security policies and implement the management features described in this section in order to minimize mobile device threats.
About the author:
Paul DeBeasi is a senior analyst at the Burton Group and has more than 25 years of experience in the networking industry. Before joining the Burton Group, Paul founded ClearChoice Advisors, a wireless consulting firm, and was the VP of product marketing at Legra Systems, a wireless-switch innovator. Prior to Legra, he was the VP of product marketing at startups IPHighway and ONEX Communications and was also the frame relay product line manager for Cascade Communications. Paul began his career developing networking systems as a senior engineer at Bell Laboratories, Prime Computer and Chipcom Corp. He holds a BS degree in systems engineering from Boston University and a master of engineering degree in electrical engineering from Cornell University.
Paul is a well-known conference speaker and has spoken at many events, among them Interop, Next Generation Networks, Wi-Fi Planet and Internet Telephony. Paul blogs at www.mobileparadigm.com.