ras-slava - Fotolia
While most organizations have a plan in place to deal with a refresh of computing systems such as PCs and servers, not all of them have a strategy for refreshing the now-ubiquitous business smartphone.
This may be a legacy of the days when organizations dealt with smartphone use on a limited basis, but that time is long gone. Organizations with mobile users should have a smartphone lifecycle plan in place, and here are some of the components IT must address to know when it should purchase new devices.
What factors should determine your smartphone lifecycle policy?
Smartphones don't last forever. Based on performance, most smartphones should be replaced about every two years. While some will point to the costs involved, any reduction in productivity due to performance and support needs significantly outweighs the cost of a new device over its two-year life. A 5% reduction in productivity for a worker with a $60,000 annual salary costs an organization $3,000 -- far more than the cost of a new smartphone.
Few organizations monitor smartphone data breaches, but modern devices have massive amounts of on-device memory: 32 GB, 64 GB or more. The amount of proprietary data users can carry is massive and could easily put an organization at risk. Android patches most of its old OSes to eliminate any significant security holes that hackers could exploit to gain access to corporate systems.
However, organizations should not allow any Google Android devices on its network that are more than two generations behind the most current version of Android OS. Any smartphone more than two generations behind cannot run the new OS when Android releases it. Older devices will have increased risk due to security holes, as well as potential productivity issues.
The diversity of Android devices out there makes OS updates a difficult problem to manage, so this is one area in which Apple iPhones have a significant advantage. IT can still update older Apple devices to the latest OS, but iPhones still need to be upgraded regularly -- about every two years -- for many of the same productivity reasons.
Many organizations still allow BYOD for smartphones, but even organizations that include BYOD for mobile users should have a smartphone lifecycle plan in place. BYOD users should only be allowed on the organization's network with corporate-approved devices for many of the security and logistical reasons above.
Organizations should provide a list of four to six devices that BYOD users can buy; any other devices should not be accepted for connection. IT must update this list every six months at the longest. The maintenance of this list may be somewhat of a burden for IT because it must specify and test devices for compliance to corporate needs. However, it's preferable in the long run to having an uncontrolled list of devices attached to corporate resources and requiring support.
It's not enough to just upgrade the devices. Organizations must also make sure that users have the latest versions of mobile apps -- corporate and purchased -- to guard against both security and performance issues and to minimize support requirements. This must include security patches, VPN components and on-device malware prevention. Organizations should have a means to log each of the components of each device and indicate which are not in compliance. This capability is often available in enterprise mobility management (EMM) and unified endpoint management (UEM) products.
Smartphone lifecycle plan implementation
To ensure the smartphone lifecycle plan works, organizations must ensure that IT manages these devices effectively, even if they are BYOD. Modern EMM and UEM products offer a considerable amount of functions beyond simple asset management.
Organizations that use the EMM or UEM functions properly can protect themselves and have a much clearer picture of each device and which might be problematic. Organizations should use the logging and analytics capabilities of an EMM or UEM tool to ensure that IT has the necessary insight over their users' smartphones. This will provide information about which devices need to be replaced.
Once IT identifies the underperforming devices, it can use an EMM or UEM tool that offers a smooth method for IT to transition users to a new device. These tools can eliminate the user setup process, provision a new device remotely and decommission the old one. These functions allow an organization to provide users with a new device without forcing the user to disconnect from corporate resources.
Once the user receives a new device, IT can perform the device switch. IT could even schedule this process to occur overnight, while the user doesn't need the device, to minimize any loss of productivity. Provisioning the new device and decommissioning the old one can take place as quickly as minutes or, at most, a few hours, depending on the connection. All this process requires is for an IT admin to set up the user profile for that particular device, which is a relatively simple process.