Managing Smartphones Calls for New Realism and Flexibility

The smartphone's impact on the enterprise can be seen in a small bank in Needham, Mass., where its full-time staff of 95 forms a mobility microcosm. Today, over one-quarter of them are using Apple iPhones and more recently iPad tablets, where once they used Microsoft Windows Mobile phones.

[Also read: How to best manage enterprise mobility]

"Apple met the minimum requirements to make [the iOS operating system] enterprise-friendly for me," says James Gordon, Needham Bank's vice president of IT. For the bank, that means support for Microsoft Enterprise ActiveSync to connect users with Exchange Server e-mail, calendars and contacts, and to support a range of basic management features as well as on-device encryption.

The mobile users can connect remotely and securely to their Windows desktop PCs via Array Networks' DesktopDirect application and appliance, often from inside the bank's headquarters or one of its five branches. One bank executive was using this connection to type Exchange e-mails with his iPad's onscreen keyboard while almost within arm's reach of his desktop keyboard, Gordon recalls. Citrix, with a similar approach, also offers an iOS version of its Connector.

"In the past we had Windows Mobile devices," Gordon says. "But I dumped them as soon as I could, and ate the early termination fees." Laptops, long the staple mobile computing platform for the enterprise, are a non-starter at the bank. "For as mobile as we are, very few people use laptops," Gordon says. "And when they do, they pray 'Please God let this work.'"

His comment highlights the dramatic changes occurring in enterprise mobility, confirmed by data from a new enterprise IT survey by Aberdeen Group (see chart). Companies are embracing smartphones with modern mobile operating systems like Apple iOS and Google Android, despite the fact both lack the traditional server-based support infrastructures of RIM's BlackBerry OS and Microsoft's Windows Mobile. Another change is that more companies now are willing to let employee-owned smartphones have at least some access to corporate networks and data.

Mobile management strategy

Managing smartphone mobility requires a new realism about what can and can't be done. Done badly, smartphone deployments can result in "increased security risk, growing usage costs and diminished information technology (IT) control," wrote Paul DeBeasi, a research director at Gartner, in a July report titled "Evaluation Criteria for Smartphone Mobile Device Management."

Today, he notes, mobile device management (MDM) is a bewildering collection of applications that often focus on very specific, very narrow issues, though many vendors are working toward products that take a comprehensive view of mobile management.

Many enterprises are aware of the relative immaturity of the new mobile platforms and deploy accordingly, says Jay Gordon, vice president of Enterprise Mobile, a Watertown, Mass., mobile integrator which is 70% owned by Microsoft. Nearly a dozen of its enterprise clients are deploying iOS devices, in numbers ranging from a few hundred to several thousand.

"They all plan on [initially] deploying iPhones in a fairly basic format," Gordon says, mainly for access to Exchange e-mail and PIM data. "They'll be expanding functionality and usability over time." In many cases, at least to start, these companies are relying on the combination of policies and capabilities in Exchange and Microsoft Enterprise ActiveSync for iOS management and security.

DeBeasi identifies five broad "evaluation categories" when considering MDM products:

* The level of control required over applications installed on the smartphone.
* Security features such as authentication mechanism (including password control and enforcement), encryption and remote data wipe.
* Defining and enforcing mobile policies for groups of mobile users.
* Support for the specific operating systems and devices being used, including OS updates, and removable media such as SD cards.
* Helpdesk and technical support capabilities to troubleshoot mobile problems.

These criteria are a way to identify the key differences not just in third-party products but also in the underlying mobile operating systems. The management capabilities offered in Apple iOS 4.2, in Android 2.2, and the initial release of Windows Phone 7 vary widely.

Different requirements mean IT groups may have to support different platforms with different capabilities for different groups of users.

Apple iOS shows maturity

Of the three, iOS is the most mature. And that's reflected in some large-scale enterprise deployments such as RehabCare, a rehab hospital provider that's deployed nearly 9,000 iOS devices, most of them iPod touches.

In iOS 4.0, Apple made available a set of device management APIs (and added with file-based encryption), developed by working closely with MDM vendors such as MobileIron and Sybase (which offers the Afaria product). Other vendors include Absolute Software, AirWatch, Boxtone, TrustDigital and Zenprise. With the just-released 4.2 version, these APIs and additional management and security features are now available for enterprise iPads.

Apple's approach is to use an App Store download to set up a direct link between the iPhone and a server application from one of the vendors, says Jesse Lindeman, MobileIron's director of product management. Technically, the downloaded app has no other function, and the MDM server's capabilities are limited to what Apple has enabled in iOS, such as pushing a configuration change to the iPhone without involving the end user, or downloading native enterprise-built iOS apps.

But some vendors, such as MobileIron and Sybase (Afaria), are adding value to their on-device clients to enable additional features, such as running tests to determine if the iPhone has been jailbroken (allowing it to load applications outside of the App Store), or to make use of the phone's location information.

By contrast, Android 2.2 is not as advanced. It added support for Microsoft Exchange Server, and lets IT set password policies on Android phones, remotely lock them, and if needed reset them to factory defaults (thereby wiping them of data, but not data stored on an SD card). MobileIron, for example, issues a second command to erase the card.

"I don't see Google [yet] having the same approach as Apple in terms of the level of study, collaboration and software development to address enterprise management and security," says Andrew Borg, senior research analyst at Aberdeen.

Borg's ongoing surveys of enterprise IT groups confirm the very rapid adoption of smartphone platforms. The most recent study, "Enterprise-Grade Mobile Apps: Secure Information When and Where It's Needed," reveals that those companies seeing the most dramatic measurable payback from smartphone mobility are those who are now rapidly developing a new style of application.

These are lightweight, simple, highly focused apps - of the type pioneered by the iPhone - which can pull data from wherever it resides and bring it to smartphone users, singly or in groups, to be used in quickly making critical business decisions.

The increasing importance of such mobile apps underscores the need for effectively managing these diverse and fast-changing deployments.

"It is impossible to provide identical levels of support for all users and all smartphone platform types," according to Gartner's DeBeasi. "Enterprises must put in place policies and procedures that enable the management of mobile diversity."

John Cox covers wireless networking and mobile computing for Network World.


Blog RSS feed:

Read more about wireless & mobile in Network World's Wireless & Mobile section.

For comprehensive coverage of the Android ecosystem, visit

Subscribe to the Best of PCWorld Newsletter