The use of smartphone-based applications in the enterprise could explode in the coming years, creating a number of headaches for data center staff.
From iPhones to BlackBerries, smartphones are penetrating the enterprise. A sound strategy is crucial to get the most out of them and prevent rogue applications from taking root.
That’s because these applications and their data need managing and backing up from the data center, and phone-related security, network hygiene and compliance issues must also be addressed. “Once you have smartphones running enterprise apps, you need to have the same rules in place as for laptops,” said Ken Dulaney, a Gartner VP Distinguished Analyst.
Of course, smartphones and smartphone applications are not new. But despite what the hardware and OS makers would have you believe, phone-based enterprise applications are not widely deployed. “The reason that many companies don’t have a management system for their mobile phones at the moment is that 90 percent of all usage is e-mail only,” said Dulaney. “It’s not until you get applications that reside locally that you a management system — you don’t need one just for e-mail.”
Dulaney believes, however, that during the next five years, smartphone-based enterprise applications will become much more common, and at some point a management tool of one form or another will become unavoidable for most businesses. The three things IT departments must consider when smartphones are running enterprise applications are:
- Operational Continuity: Once employees rely on the applications on their phones, it becomes essential that they work all the time. This means controlling the phone’s firmware and the other applications that run on it to ensure reliability.
- Reducing Help Desk Costs: The ability to take control of phones remotely or push files (and any other assistance necessary) can be extremely helpful.
- Security and Compliance: This includes backups to ensure data can’t be lost, and encryption or remote device wiping to protect data when a device is stolen or misplaced. It may also include communications controls, such as archiving SMS messages or preventing them altogether.
Companies becoming active in this space with management tools include Sybase with iAnywhere (for Windows Mobile, BlackBerry, Palm OS and Symbian), Logmein (for Windows Mobile, Symbian and BlackBerry shortly), and Microsoft with its Mobile Device Manager 2008 module, which is part of its System Center family of management products for devices running Windows Mobile 6.1.
The System Center module is arguably the most comprehensive. It includes:
- Active Directory/Group Policy domain join
- Mobile VPN with dual-factor authenticated access
- Application allow and deny
- SMS, Bluetooth and camera disablement with Active Directory Group Policy-based targeting
- Over the air device provisioning and software deployment
- Device inventory and reporting
- Help desk console and role-based administration
- Device wipe
Choosing Which Smartphones to Support
Deciding which management tools to use depends to an extent on the smartphone platform (or platforms) deployed in your organization. Currently, many enterprise employees use Symbian-based Nokia phones as well as the ever-popular RIM BlackBerry or Windows Mobile powered smartphones, but two possible rivals are emerging in the shape of Apple’s iPhone and Google’s open source Android OS.
Unsure About an Acronym or Term?
An open source operating system like Android provides big benefits to handset manufacturers and network operators in terms of lower costs, faster time to market, and the ability to differentiate their products, Delaney said. But, he points out, this differentiation is just what enterprises want to avoid: Management from the data center is much easier if phones and their operating systems are standardized. The implication of this is that Android is unlikely to be a big hit in the enterprise space.
But on the face of it Apple’s iPhone should be an ideal enterprise device since the OS is locked down and available only on a limited range of Apple hardware. Yet, it too has its drawbacks, Delaney says. “Apple meets the criteria of hardware and software, but they are not willing to put in the highest level of security.”
And, at the moment at least, the only way to activate an iPhone, to get applications on to it and to update firmware is by using iTunes. For a consumer this is fine, but in an enterprise this makes it very hard to control the iPhone centrally, to push applications to it and to ensure that all phones are running the same version of firmware. Essentially, it makes any management system impractical.
It’s possible Apple will rectify this problem in the future and allow more central management capabilities, and for the moment the iPhone Configuration Utility lets administrators distribute configuration files to users by way of a web browser. Apple describes configuration profiles as “XML files that contain device security policies, VPN configuration information, Wi-Fi settings, APN settings, Exchange account settings, mail settings and certificates that permit iPhone and iPod touch to work with your enterprise systems.”
Certainly a start, but is it enough?
Anti-virus software for mobile phones has been around for years, but the suspicion has always been that it is necessary only in the eyes of the vendors looking to make some money. That’s likely to change as smartphones become more complex and a more fundamental part of most organizations’ IT infrastructure. Network admission control (NAC) systems may then also have to be updated to check these phones for the presence of this anti-virus software, and to ensure patches and updates have been applied before allowing the devices on to the corporate network.
During the past five years or so, many employees have been given quite a free reign over what phone they want to use, and what they do with it. Once enterprise applications start appearing more frequently on smartphones it’s likely IT departments will have to standardize on a single platform, and these devices will have to be actively managed using sophisticated data center-based tools. And that can only mean one thing: More work for data center staff.