iPads Run Amok: Does Your Company Need a Tablet Policy?

When RehabCare executives started asking IT for the Apple iPad several months back, CIO Dick Escue didn't skip a beat.

Unlike many of his peers in the healthcare industry, he had no real qualms about security, despite the specter of compliance with the Health Insurance Portability and Accountability Act.

Nor did he have misgivings about users loading up the devices with personal stuff like photos and music. As for worries about putting an additional support burden on his IT staff -- according to Escue, not a problem.

While these concerns have other IT shops scrambling, the RehabCare team was well ahead of the game. Thanks to a widespread deployment of the Apple iPhone a couple of years back, the company had a formal deployment strategy for the iPad and, potentially, for other emerging tablets.

Rather than trying to ban mobile units or deploy them haphazardly, RehabCare's IT group implemented new corporate policies and standardized on mobile management technologies that opened doors for the iPhone, and now the iPad, to participate in the enterprise in a secure, centrally managed fashion.

Based on this prior experience with the Apple iPhone, Escue was already well aware that users, not the IT department, are rapidly becoming the driving force behind new technology adoption -- a trend some call the consumerization of IT. (For more on the "bring your own technology movement," see Computerworld's recent video chat with Carfax CTO Gary Lee.)

"There was a time when work was where you got new technology, but that day is over thanks to unbounded innovation in the consumer technology world," explains Escue, who heads up technology efforts for RehabCare, a nationwide operator of acute care and rehabilitation hospitals.

Managing the tablet surge

With the recent introduction of the iPad 2, Motorola Xoom, RIM PlayBook, and new versions of the Samsung Galaxy Tab, tablet mania is taking the enterprise by storm.

Gartner estimates that 69.8 million media tablets will be shipped in 2011, and analysts and forward-thinking tech managers say it's time for IT execs to do more than simply take notice of that surge.

As with the iPhone before it, the iPad is cropping up in all corners of the enterprise, brought in by C-level execs, sales folks and worker bees who purchased the device for personal use and, now hooked, are hungry to use it on the job.

Regardless of whether staffers work on their own tablets or are given corporate-issued gear, the influx means IT needs a systematic approach for managing, tracking, securing and supporting these devices, just like they do for any other corporate computing platform.

"What the iPhone started to show us -- and the iPad is absolutely making clear -- is that these devices are coming in whether you like it or not," says Leslie Fiering, research vice president at Gartner. "That means that IT has its work cut out for them."

Specifically, industry experts and seasoned tech execs advise IT to do the following:

* Craft or amend usage policies to enforce security best practices for tablets, including use of multilevel passwords and device certificates, and the ability to remotely wipe the device if it is lost or stolen.

* Establish tiered access to network resources to secure critical data and applications.

* Re-architect application delivery mechanisms.

* Determine what levels of support IT will provide, depending on whether units are owned by the employee or the company.

If that list seems a bit daunting, read on to learn how enterprise IT managers have had success in trying to wrap their arms around the tablet.

Mobile device management to the rescue

In the early days, enterprise-level security for the iPhone was nonexistent, but that's not the case anymore. Apple's iOS 4.x for both the iPhone and iPad supports an array of fairly robust security features, including encryption, centralized management and remote data wipe.

Dozens of enterprise mobile device management (MDM) tools extend those capabilities to other smart mobile devices beyond the iPhone, enabling IT to do everything from remote configuration and policy setting to creating "enterprise sandboxes" -- secure virtual areas where personal data can be kept separate from corporate data using tools like passwords and encryption -- and performing remote wipes if a device is lost or stolen.

IT shops that already have such systems in place for smartphones are well positioned to address security and management concerns from day one of a tablet deployment.

Have your say

Will your department keep tablets on a tight leash or let them run free?

Tellabs is leveraging many such capabilities to manage a growing fleet of a couple hundred company-owned iPads. The firm delivers broadband access and network management services to telecommunications providers.

Tellabs' supply chain professionals, sales reps and other employees are using iPads to access email and calendars, as well as enterprise applications that allow them to approve customer shipments and provide better service.

In order to access those resources, however, users have to enter credentials that authenticate what applications and information can be accessed by specific users.

In addition to these safeguards, Tellabs also employs an "always connected" model, where applications work only when the device is connected to the mobile Internet.

"Data doesn't reside on the mobile device for offline access," explains Jean Holley, Tellabs' CIO. "This model prevents loss of corporate data and intellectual property. As the mobile Internet gets smarter and the coverage area continues to grow, we believe there will be minimal need for offline capability in the future."

All iPads and other mobile devices are centrally provisioned with mail, calendar and other enterprise applications and are "known" to an MDM platform -- specifically, Sybase Afaria from SAP.

Tellabs uses Afaria to enforce end-to-end encryption during transmission, to help with provisioning, and to create a sandbox that keeps work-related applications separate from users' personal apps, which they are allowed to load on their iPads.

Tellabs' mobility strategy will allow it to accommodate other tablets down the road, and to accept employee-owned smartphones, tablets and other gadgets, as long as they are properly secured.

Among what's covered in the Tellabs Global Mobile Device Policy is who is eligible for mobile devices, how expenses related to the devices will be approved, what happens if theft or loss occurs, and who is responsible for technical support. (In general, Tellabs supports devices owned by the company; employee-owned devices are user-supported.)

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Best of PCWorld Newsletter

Comments