IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Business of IT: mobile device management

We look at how IT departments and businesses can mitigate mobile risks and reap the rewards.

Mobile device management

This month, the great and the good of the mobile industry met in Barcelona for the annual Mobile World Congress (MWC) trade fair.

There, vendors showed off their latest mobile applications and devices, including smartphones and tablets. At the Consumer Electronics Show (CES) in Las Vegas earlier this year, manufacturers announced more than 80 new tablets running the Android operating system alone. A plethora of tablet and smartphone announcements at MWC has added to the ranks.

For businesses and for IT departments in particular this proliferation of devices presents both an opportunity and a challenge. Chief executives generally agree that staff who have mobile devices are more productive, and there is plenty of research to back up that claim.

IT management tools vendor LogMeIn recently surveyed small and mid-sized businesses and found that 63 per cent of (non IT) managers believed that giving staff remote access to work IT did boost productivity.

It is also fair to assume that staff who can choose their devices will be more content than those forced to carry a company issued smartphone or tablet.

But managing a growing number, and range, of mobile devices causes problems for IT departments who often lack the expertise, and budgets, to ensure that portable IT equipment is accounted for and is secure.

The trend for employees to use their own devices at work is doing little to help matters. Often, as Cisco's security chief said recently, the most senior managers and executives are the worst culprits, demanding that IT connect their latest toys to the company's networks.

Your pad, or mine?

Short of setting up full-body scanners in the lobby and selecting any executive returning from Barcelona for an additional pat down, there is little that IT directors can do to stop the consumerisation trend. The devices are simply too attractive, and too useful.

A research report carried out by analyst firm Ovum and security body EEMA, found that seven out of 10 organisations allowed staff to use their smartphones for work. But almost half of organisations 48 per cent - said they also allowed employees to use personal devices at work.

Separate research, carried out by mobile connectivity vendor iPass, found a more worrying statistic: almost one in four employees had used a personal smart phone for work, even when company policy forbade it.

The ability of companies to control the use of personal mobile devices for business remains limited.

"The contract for the use of a personal device should require that the owner of the device cedes some level of control to their employer, so that business use can at least be ring fenced," says Peter Wood, of the information security advisory organisation ISACA.

"But it is a very difficult area."

Companies have two main options for dealing with non-business devices.

The first is to bolster perimeter security, so that unknown devices cannot connect to it. This can cause practical problems, such as slowing down the rollout of new company devices, or making it harder for visitors and contractors to go online.

What's more, it is fairly easy to circumvent, for example by installing an unauthorised wireless access point, unless the business also has strong network management tools. But good device access controls are part of good security, so it may well be worth the investment.

The second tool is to raise awareness of security risks, and to set clear policies around the use of personal technology by staff. IT should set the technical requirements for the policy, but will also need to consult HR and the legal department or in smaller companies, an employment law solicitor to make sure that the policy is both legal and enforceable.

"Employees' consent could be seen as a quid pro quo for being allowed to use their own devices. But it goes without saying that the terms and conditions would need to be very clear," says Ed Moody, applications manager at IT consultant and integrator BT Engage IT.

Holding the line

Sometimes, however, it might seem simpler and perhaps even cheaper in the long run for companies to issue their own devices. IT departments can integrate company owned devices into their infrastructure, install, or remove, software, and impose other limits, such as blocking access to particular websites or types of content.

Working with network operators can also make it easier to control mobile bills, by imposing limits on talk time, data transfers, or roaming. The tools for businesses to control usage are more sophisticated than those available for consumers, and remove the need for employees to reclaim business use of airtime via their expense reports.

Although the number of mobile device management tools available is growing, the market remains fragmented. With the possible exception of RIM's BlackBerry system, which allows very granular control over its smartphones through the BlackBerry Enterprise Server, managing even a few dozen mobile devices can pose a challenge.

At the UK arm of Volkswagen Financial Services, for example, field representatives who audit trade finance to car dealers are issued with BlackBerry smartphones.

The company looked at other smartphones but opted for BlackBerry because it complied with the German parent company's policies, according to Jean Smith, Volkswagen Financial Service' risk and corporate services director.

Modifications to the standard BlackBerry include disabling the ability to download apps, turning off BlackBerry Messenger, and forcing the device to wipe itself after five failed attempts to enter the password.

"There are quite a few restrictions," Smith admits.

Elsewhere, the uptake of mobile device management tools has been more limited. Apple supports remote wiping and locking of iPhones via iTunes and Mobile Me, and recently made the service free.

Microsoft's System Centre Mobile Device Manager was a popular option for companies running Windows Mobile, but the technology does not support Windows Phone 7, forcing businesses to manage these devices through Exchange ActiveSync, or using third-party tools.

The market for management tools for Android also remains immature.

This is forcing companies to take a DIY approach to device management, according to Rob Bamforth, analyst at research firm Quocirca.

Businesses are mixing security tools, third-party mobile management tools, and services from network operators. However, operator-based tools are becoming more sophisticated and could give organisations a simpler way to manage their smartphones assuming they are all from one carrier.

Laptops are now pretty well secured but smartphones are lagging, especially with security," cautions Bamforth. "The problem is mainly one of platform diversity, and it shows no signs of diminishing," he said. "That some tablet platforms are scaled up from smartphones, and not down from laptops as was once assumed, means they are more likely to be managed and deployed in a similar fashion to phones."

But, he adds, it is policies and devices, rather than tools, that will ensure mobile workers stay secure.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download


Podcast transcript: The best bits of MWC 2022

Podcast transcript: The best bits of MWC 2022

11 Mar 2022
The IT Pro Podcast: The best bits of MWC 2022

The IT Pro Podcast: The best bits of MWC 2022

11 Mar 2022
IT Pro News In Review: Compromised Nvidia data, protesters boycott Russian tech, Conti data breach

IT Pro News In Review: Compromised Nvidia data, protesters boycott Russian tech, Conti data breach

4 Mar 2022
MWC 2022: Ukrainian protesters call for Russian tech boycott
cyber warfare

MWC 2022: Ukrainian protesters call for Russian tech boycott

1 Mar 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?

Should you take your password manager off the internet?

28 Jul 2022