Mobile devices such as smartphones and tablets have become increasingly popular in the enterprise. The combination of easy-to-use applications, ready access to the Internet, and large numbers of Web- and cloud-based applications makes personal devices logical enterprise tablet or business smartphone choices for many employees. Unlike other elements of IT infrastructure, end-user adoption has largely driven the use of mobile devices, not centralized IT planning.
Smartphones and tablets in the enterprise
Part 1: It’s a business smartphone! It’s an enterprise tablet! It’s a consumer device!
Part 2: BYOD policy basics: Defining and enforcing a successful policy
Part 3: Enterprise apps help consumer devices go corporate
Part 4: Personal devices on enterprise networks change IT’s role
As a result, IT departments can succumb to catch-up mode in trying to provide support and to define policies that govern the use of personal devices as business smartphone or enterprise tablet options. To compound these problems, many of the infrastructure management tools that enterprises have in place were not designed to accommodate mobile devices. In the past, you could safely craft policies under the assumption that devices such as servers and workstations were owned and controlled by the business. That is no longer the case.
An enterprise supporting mobile devices needs to consider several risks and management concerns, including deployment, application testing, security and new governance issues, particularly with bring your own device (BYOD) policies.
In cases where companies provide a business smartphone to employees, IT departments have to activate, configure and install applications on each device. Since many of these devices were designed for consumer use, they may have apps for a single person to configure a single business smartphone or enterprise tablet, such as setting up iTunes on an iPad, rather than an enterprise provisioning application. (Research In Motion Ltd.’s BlackBerry devices and related applications are the exception to this rule.)
If you plan to support more than one business smartphone or enterprise tablet, consider using a mobile device management (MDM) application, which enables large-scale provisioning, configuring and monitoring of mobile devices. When selecting an MDM system, remember that you may need to support multiple mobile device platforms, such as Android, BlackBerry, iOS and Windows.
A business smartphone or enterprise tablet deployment may also require changes to enterprise apps. You may need to update Microsoft Exchange ActiveSync policies or add an MDM system that works with ActiveSync. For example, IT pros can use ActiveSync to remote-wipe a device, which resets the device to factory-default settings. Add-on MDM apps can enable selective data wiping while leaving other data intact.
Web applications that work well on desktop platforms are not necessarily suited for mobile device use. In addition to testing for browser compatibility, evaluate usability on mobile devices’ smaller screens, especially those of a business smartphone. Test the performance of apps over Wi-Fi and cellular networks, which may be significantly slower. The results from such testing can help support a decision to revise service-level agreements.
With large-scale use of personal devices, mobile device security is one of the most important concerns. If an enterprise tablet or business smartphone is lost or stolen, it can result in the loss of private or confidential information. It's easy to block employees who have been terminated from using enterprise-controlled devices, but what about the data on their business smartphone? Security measures you can use include Secure Sockets Layer (SSL) certificates, full disk encryption, desktop virtualization and remote wiping of devices.
SSL certificates should be installed on a business smartphone or enterprise tablet when your organization needs to authenticate client devices accessing its applications. In the past, SSL certificates authenticated servers so that end users had some assurance they were using a legitimate website. Today, it is just as important for businesses to ensure that mobile devices have been authenticated to mitigate the risk of access from unauthorized devices.
Full disk mobile data encryption is one way to reduce the risk of a data loss. A potential drawback is that some mobile device applications may not work on fully encrypted devices. This can be especially problematic when employees use their personal devices for business.
Remote wiping can make device data inaccessible. Employees should understand what remote wiping does to a device and under what circumstances it would be used. As with full disk encryption, this can become a particularly sensitive issue when employee-owned devices are involved.
Desktop virtualization systems provide access to centrally managed and stored desktop applications and data. Users can run virtual desktops on mobile devices without the risks associated with downloading confidential data to these devices or having to install applications locally, except for the virtual desktop client.
Mobile devices are an increasingly important component of IT infrastructure. MDM systems complement existing IT management systems and support a range of operations, including deployment, monitoring and remote wiping. Web applications should be tested on mobile devices to identify which apps can be supported on enterprise tablet or business smartphone browsers and which may be better supported using a virtualized desktop.
About the Author
Dan Sullivan, M.S., is an author, systems architect and consultant with over 20 years of IT experience with engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence.