Over the last decade, smartphones have evolved from relatively simple mobile communications devices to robust palm-sized computing platforms that have transformed travel time from a loathsome efficiency drag to a productive part of any workday. Workers can now go more places with less downtime. But this benefit is offset somewhat by the increased burden they place on IT administrators to effectively provision and maintain them, and the security risks of carrying sensitive data on portable devices.
A recent RingCentral survey illustrates just how attached business professionals have become to their smartphones. An overwhelming 83 percent of those surveyed would give up their morning cup of coffee before parting with their smartphone. Nearly 80 percent cite their smartphone as the phone they use most to conduct business. So it’s clear that businesses need to work fast to get control of this essential communications channel.
Smartphones have altered mobile productivity for both consumers and business professionals, but the needs of any given business can raise unique issues for any smartphone deployment strategy. In many companies–especially smaller ones–employees show up with their own smartphones in hand, and it is the job of the IT department to determine how to effectively integrate this hodgepodge of BlackBerrys, Android devices, iPhones, and Windows Mobile handsets into the company’s infrastructure.
Failure to do so means lost opportunity in streamlining important daily business functions such as scheduling and collaboration. It could also mean severe liability if sensitive customer or proprietary data escapes your control via a lost handset at the airport. But accounting for and delivering centralized services to all these phones is a very real challenge.
IT administrators are tasked with provisioning, inventory tracking, configuration management, messaging, archiving, and maintaining the security of smartphones connected to the network. IT administrators need tools to simplify and centralize smartphone management.
With a combination of policies and procedures governing the use of smartphones, and the right tools to enable IT administrators to monitor and maintain them, smartphones can be an invaluable business tool. Let’s examine some of the applications available to help manage smartphones.
Research in Motion (RIM) has been quite successful at establishing its BlackBerry smartphones as the de facto mobile communications device for business professionals. Even President Barack Obama relies on one of the ubiquitous devices for keeping in touch on the go.
One of the primary keys to RIM’s success in the enterprise is its BlackBerry Enterprise Server (BES). BES enables enterprise IT departments to maintain and control the mobile messaging systems internally–an important factor for organizations that are concerned about sensitive information traversing third-party or public networks. However, a full BES solution is too complex and too costly for a typical small business.
Earlier this year, RIM introduced a variation of BES targeted specifically at the small-business market–BlackBerry Enterprise Server Express. BES Express is available from RIM as a free download, enabling a small company to deploy and manage up to 75 BlackBerry devices without any additional software or user license fees.
BES Express works with any Internet-enabled data plan, and does not require any additional hardware investment either, since it can be installed and run from the same server hardware running Microsoft Exchange or Windows Small Business Server. If installed on a dedicated server, BES Express can support up to 2000 BlackBerry smartphones.
With BES Express, IT administrators can reset passwords, or remotely wipe data from lost or stolen BlackBerry devices. Applications can be deployed and managed over-the-air, and device, application, and IT policy updates can be scheduled and pushed wirelessly.
Of course, BES Express has some limitations compared with the more comprehensive BES platform. For example, BES Express does not work with IBM Lotus, Novell, or Groupwise, and it can’t interact with public instant messaging clients such as AIM or Google Talk. In addition, devices can not be provisioned wirelessly, and BES Express does not offer a high availability configuration.
Microsoft has not been nearly as successful as RIM at establishing its presence for smartphones, but its dominant stake in the server and desktop operating system markets, and the overwhelming reliance on the Microsoft Exchange messaging platform, make it a natural contender for RIM. Microsoft is in a unique position to be able to extend the culture and conventions business professionals are used to on their desktops to the smartphone.
Microsoft Exchange contains the basic capabilities IT administrators need to deploy and maintain Windows Mobile smartphones. Exchange ActiveSync policies provide IT administrators with extensive control over Windows Mobile smartphones. In addition, ActiveSync can automatically provision Exchange e-mail access and allow IT administrators to exercise control over which applications are allowed to run on the smartphone.
For more robust control, smaller companies can use Microsoft System Center Mobile Device Manager (MDM) 2008 to manage Windows Mobile 6.1 and 6.5 devices. System Center MDM provides a centralized management console capable of setting and controlling Windows Mobile smartphone policies through Active Directory and Group Policy. MDM also provides mobile VPN functionality for secure access to network-based resources.
System Center MDM can encrypt files stored on Windows Mobile smartphones–both on the internal smartphone storage and on any memory storage cards, and it enables IT administrators to remotely wipe data from Windows Mobile smartphones in the event that a device is lost or stolen.
Like the Exchange ActiveSync solution, System Center MDM also has the capability to restrict or control which applications can run on the smartphone, and it also allows the IT department to lock down communications and camera functionality.
Widely regarded as a consumer toy more than a business tool when it was launched, the iPhone has forced its way into the corporate culture. Apple does not have the same degree of network integration or enterprise capabilities as RIM or Microsoft, but it has developed the tools small businesses need to simplify and centralize management of the iPhone.
The iPhone Configuration Utility 2.0 is available for both Windows and Mac OS X, and provides IT administrators with a robust set of tools to manage iPhones. Passcode policies can be configured and enforced using the iPhone Configuration Utility 2.0. IT administrators can establish that a security passcode is required on the iPhone, and define the parameters for it–length, complexity, expiration. Passcode policy can also be used to set the amount of time before the iPhone auto-lock kicks in, and to set the number of failed logon attempts that occurs before a wipe of all data is triggered.
With this tool, access to explicit media from the iTunes store can be blocked, or access to the iTunes store can be restricted entirely. IT administrators can also control the use of certain applications–like Safari and YouTube–or disable the camera functionality.
Configuration profiles can be used to configure and manage a variety of other iPhone features and functions as well. Wi-Fi network authentication, VPN settings, and e-mail accounts can all be centrally configured and maintained via configuration profiles. IT administrators can also control whether or not a user can remove the configuration profile–locking it down so that removal requires an administrator password or a complete reset of the iPhone.
The iPhone Configuration Utility 2.0 provides IT administrators with four options for deploying iPhone configurations. Devices can be synced with current configuration profiles by connecting directly via USB, as an e-mail attachment that installs the profile when executed, by making the configuration profile available on a Web site users can navigate to from the iPhone, or over-the-air with a secure enrollment and configuration process using the Simple Certificate Enrollment Protocol (SCEP).
The Android mobile operating system from Google is the new kid on the block among the smartphone platforms, but it has emerged as arguably the strongest competitor for the popular Apple iPhone. Devices like the Motorola Droid, and Google’s Nexus One have created a devoted user base for Android.
The Android platform is still nascent, but it is has the advantage of being open source. For companies and business professionals that are reluctant to adopt Apple’s proprietary, closed-system approach, Android devices offer similar features and capabilities as the iPhone, but on a completely open platform.
The downside to Android for business use is that the tools and applications necessary to centrally deploy and manage Android devices are scarce. If your company uses Google Apps Premier Edition to manage e-mail and calendar services, however, Android can be a great option.
Herding the Cats
Depending on the size of your organization, the issue of provisioning, managing, and securing smartphones can still be complex. Larger businesses with substantial IT budgets can and should mandate a company-standard smartphone platform, even going so far as to supply business handsets to workers who need mobile access. But small businesses are more often plagued by the challenge of managing a diverse portfolio of employee-owned smartphones that span the BlackBerry, Windows Mobile, iPhone, and Android platforms.
To protect against the possibility of data loss or security breaches, the safest bet is to identify which of your users actually need mobile access and then simply give them a business handset that you tightly control. That way, if it’s lost, you can wipe it remotely and keep damage to a minimum. Meanwhile, it may be good policy to simply forbid users from accessing e-mail and other internal resources from their smartphones unless their job duties specifically require it. The right choice will depend entirely on the type of business you’re in, and the balance of risk versus productivity rewards.
There is a third option that can resolve this dilemma, though. A third-party solution such as Good for Enterprise can provide a comprehensive, cross-platform solution. Good Mobile Control, a component of Good for Enterprise, provides IT administrators with a smartphone solution that includes over-the-air device management, granular and consistent mobile security policy enforcement, and end-to-end visibility for troubleshooting and support with client applications for iPhone, Android, Windows Mobile, and other smartphone platforms.
Smartphones are powerful tools that will only continue to evolve and integrate more deeply with business processes. With mobile OS-based tablets like the Apple iPad, the possibilities are even greater for mobile computing and productivity. IT administrators must address the challenge of integrating these devices into the network infrastructure, and do so in a way that can be easily and centrally maintained.