According to IDC, the mobile enterprise application market will surge to $3.5 billion by 2010. As this wave gains momentum, few enterprises can afford to be left behind. But those who dive in without planning will almost certainly end up on the rocks. In this tip, we discuss the critical considerations that can make or break a mobile deployment.
Understand your mobile users
Perhaps the biggest mistake is to assume that all users can be satisfied by a single solution. For most businesses, nothing could be further from the truth. Start by breaking your workforce into roles and defining how each would benefit from mobility.
What business applications must users in each role reach from a mobile device? Think beyond email and voice, including horizontal applications like CRM and vertical applications like patient care. Focus on mobilizing applications of greatest benefit first, while using the bigger picture for long-term planning.
What wireless access is needed by each? Will those applications be accessed periodically at the office or constantly while on the road? Different roles may require different connectivity to be productive and avoid frustration.
To which corporate systems and data will mobile access be required, and when? For example, will mobile devices synchronize directly with corporate desktops or use a mobility server as a conduit to back-end systems and data?
Do any users require real-time access, or should data be copied to/from mobile devices so that users can continue to work without connectivity? If the latter, how often must suitable connectivity be available for data upload/download?
How much time will users spend on voice calls and data transfers, and how much bandwidth will they consume? Be realistic. Aiming too low will blow your budget, but aiming too high can lead to paying for unused services.
Choose your mobile devices
There's a big difference between a notebook and a cell phone, but there's a plethora of devices that fall somewhere in between. Apply your understanding of business applications to pick the best mobile device(s) for each user role.
Do you have users who require near-continuous on-the-go use of both voice and display-based data applications? If so, consider giving them converged mobile devices (e.g., smartphones, PDA-style phones, etc.).
Do you have users who require true keyboard data entry but must economize on size and weight for very frequent use? If so, try ultra-mobile PCs (UMPCs).
Do some jobs require non-keyboard data entry (e.g., touch-screen, pen)? If so, give those users a tablet or convertible PC. Depending on user environment, you may want a ruggedized model.
Do some users need to run local full-blown Windows applications? For those users, consider both sub- and mainstream notebooks. Sub-notebooks are more expensive, but they are lighter and smaller, designed for frequent travelers.
Is more than one mobile device required to meet a given user's needs? If so, look for interfaces that let those devices work together (e.g., Bluetooth pairing).
In addition to size, weight, input method, supported applications, and cost, consider battery life requirements. For example, some mobile users may require DC adapters or AC converters for sustained in-vehicle use.
Select your vendors
Mobile devices can be sourced from carriers, device manufacturers and systems integrators. When choosing a vendor, consider the following questions.
Can one vendor supply all of the mobile devices that you need? Conversely, if you go with one source, will that artificially limit your upgrade options?
If you purchase devices directly from the manufacturer, what limitations and consequences will that have on your connectivity options – especially your choice of wireless carriers?
If you purchase devices from a carrier, what service plans, features and terms will you be required to accept, and how well do they mesh with connectivity needs?
Can your vendor (manufacturer, carrier or ISV) provide packaged solutions that meet not only device needs but also business application and mobility server needs? Compare that with the feasibility and cost of rolling your own solution.
When selecting a wireless carrier, obvious (and critical!) considerations include cost, coverage, reliability and speed. In addition, do some users access carrier and private networks from the same device? If so, ask about the carrier's support for seamless cross-network roaming and call handoff/application persistence.
Develop a management strategy
Although most enterprises know how to manage notebooks, few have a comprehensive strategy for managing other mobile devices. In a recent survey of U.S. companies, eight out of ten CIOs said that carriers should take the lead in providing mobile device management. But what functions are needed in a mobile management solution?
You cannot manage what you don't know you have. Do you have the ability to inventory not just some but all of your mobile devices, both for asset tracking and ongoing administration?
Can you use automation to improve management effectiveness and reduce cost? For example, look for management systems that can detect, authorize and provision mobile devices upon first connection, preferably over the air.
The only constant is change. Do you have the ability to push software and policy updates to users in the field the very next time they try to access your network? Or is the risk and cost of deferred, on-site and/or manual updates acceptable?
Do you have the ability to track and assess how mobile devices are really being used by your workforce? This visibility is critical to proper planning, accurate budgeting and – of course – security.
Secure your mobile workforce
Owing to platform limitations, lack of IT management and under-appreciation for the threats they pose, mobile devices tend to be under-secured. For many companies, this means that growth in mobility will be accompanied by increased business risk. The following questions can help you put mobile risk into perspective and take appropriate countermeasures.
Which mobile devices carry sensitive business data or customer information subject to regulation? Those devices should be protected with stored data encryption, unlocked by robust user authentication.
Which mobile devices have wireless access to your corporate network? Those devices require some type of authenticated protection for data-in-transit, ranging from secure email to mobile VPN.
Which users will depend on mobile devices and would be unable to perform their job if that device were lost, stolen or broken? These users require a strong back-up and rapid recovery solution.
Whether due to the data they store, the access they have, or their business importance, what threats would be posed by a compromised mobile device? Although mobile malware is still relatively rare, most mobile devices will eventually require firewall, IDS and antivirus/anti-spyware defenses.
Do you need to centrally define and enforce a mobile security policy, not just on notebooks but on all mobile devices? Consider both internal and external requirements, including compliance with industry regulations and privacy laws.
Have you created a plan for educating and training your workforce about mobile threats, business risks and required countermeasures?
While this checklist is not comprehensive, it represents a good start for assessing your needs and planning a successful mobile deployment. Many implementations involve multiple phases: Start with a small pilot, followed by a trial, and then a larger incremental rollout. Review your answers to these questions after each phase, refining your plans to reflect what you learn. Then reassess your needs periodically even after deployment. After all, users, devices and applications will all continue to evolve – and so must your mobility strategy.
About the author: Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.