Which platform is right for the enterprise?Linux handhelds are not yet common but many enterprises will need to support BlackBerry devices as well as Windows Mobile or Symbian (as Nokia brings out more enterprise E series models).
RIM provides strong security and management options in BES and Microsoft is moving towards the same OMA-DM provisioning and management standards that Symbian supports for newer devices, but third-party products like HP's Bitfone Enterprise Mobility Suite can manage multiple mobile operating systems. Consider middleware and device management software that can translate applications for multiple platforms rather than rewriting them individually. Make it clear which versions you support; Windows Mobile 5 and 6 have better security and manageability than earlier versions and while Nokia N series devices can run Mail 4 Exchange they won't receive messages unless you turn off device security on your server because the hardware doesn't support the necessary encryption.
Draw a distinction between devices you will allow to connect and those you will support fully. Your policy should ban devices that have not been registered with or certified by the IT department from connecting to the enterprise network, but banning the latest gadgets will cause complaints and attempts to work around your security (such as forwarding email to open-access Webmail systems). Avoid this by allowing users to register all suitable devices with the IT department for email connectivity but make it clear they'll get limited support with problems and devices will be restored to the default configuration when the employee leaves the company. Apply the same Web content filtering to mobile devices as to PCs and tell users how much memory needs to be left free for updates and adequate performance of your line of business applications. Decide whether you will back up personal devices in the same way you do issued devices, make it clear what applications can and can't be installed- and what costs can be expensed. Adult content is inappropriate on a personal device connecting to the corporate network, but you may be less concerned about users installing games than how much they spend calling or texting overseas numbers.
Currently the majority of enterprises pay for connectivity directly, according to Forrester; around a quarter allow employees to claim the cost a connection on expenses, but almost as many have no set policy. But mobile contracts and data tariffs continue to be confusing according to Gartner's research vice president Martin Gutberlet. Where you're rolling out your own devices or managing contracts yourself, look for flexible tariffs, clear reporting and service level agreements covering support as well as connection performance. Operators think in terms of SIMs and a discount on total usage, but you should be able to share a pool of bandwidth among users; if one user exceeds their bandwidth limit and another is well under it, you should be able to offset the lower usage to avoid paying for the higher usage. Mobile devices don't stay in use as long as desktops and notebooks; expect to have to replace them every 12 months and consider contracts that refresh devices as new models come out.
Operator-run web sites allowing end users to disable lost and stolen handsets are increasingly common and some operators have agreements enabling multiple connections for a single price; Orange Business Everywhere v6 incorporates the iPass client so users get seamless access via 3G, Wi-Fi, EDGE, dial-up, home DSL or any other connection that's available. The iPass service is available directly if you use another operator, and Fiberlink offers similar features. Both include device management and remote termination as well as reducing costs; you'll pay for a local 3G connection rather than roaming costs when users connect from abroad, for instance, and hotspot access is included in a single fee so you don't have to deal with individual hotel bills and expense claims. If you don't choose a unified access provider, set firm limits for what expenses are allowable for voice, data, Wi-Fi and home broadband usage and how this needs to be documented. Profile different user groups; limits may need to be different for international travellers and heavy data users who don't leave the country.
Securing the mobile deviceSecurity starts with device passwords. According to Microsoft, only a quarter of users lock their mobile devices with a PIN or password currently. Enforce password changes at the same frequency as you do for PCs, lock devices if the password is entered incorrectly three times in a row and require passwords to be re-entered regularly. Force encryption of removable media and turn off Bluetooth to avoid attacks unless you use specific hardware like GPS receivers. Protect data that could be copied or sent to phones at the source by enforcing rights management or blocking email redirection.
Don't just think about spiraling costs or the risk of losing data when you put your policy together; you want an approach that takes advantage of the productivity opportunities mobile devices can bring, so think about appropriate access rather than just locking things down. "We need to stop fighting technology wars and start fighting business wars," cautions Lopez; "mobility is an extension of what you already do". And the ROI on mobile projects is going to be even better if you can incorporate personal devices that you don't have to pay for, so it's worth dealing with the complexity of managing them.
There are even solutions for the notoriously enterprise-unfriendly iPhone. WebEx PCNow 3 lets iPhone users check Outlook email or view files by remoting into their Windows PC and Visto Mobile gives users access to corporate email, including Word and Excel attachments, without changing the security settings on your mail server or firewall.
