Want to take advantage of the smartphone and tablet revolution so your business will be more productive and your employees more satisfied? Unfortunately, someone has to support all of those devices and platforms. And if that someone is you, you'll find that keeping up with the latest tech changes, managing disparate devices, and integrating them into your existing network take considerable time and energy. The time is well spent, however, because a smart mobile strategy--addressing issues such as wireless provisioning, device and application management, and security--is one of the best ways to prepare your business for the future.
Determine Your Needs
If your business requires nothing more than email, calendaring, and shared contacts, then using Microsoft's Exchange ActiveSync makes sense. EAS doesn't have much overhead, and it works whether you have an all-Android, all-Apple, or all-RIM (with BES Express, an additional BlackBerry component) mobile infrastructure, or a mix of devices and platforms. It's also straightforward to install and requires minimal setup on the mobile device.
If you want to manage your devices with greater granularity, or if you think that you may need additional capabilities down the road, you'll have to look beyond the EAS. If your business uses only RIM devices, using the RIM BlackBerry Enterprise Server (BES) or BES Express (which is free) is a sensible choice. These days, though, few businesses have such a homogeneous environment. More common is a mix of Android, Apple, RIM, Windows, and other devices.
In that situation, you should consult your cellular carrier, which will have partnered with a mobile device management service. Among the major names in this field are AirWatch, BoxTone, Good Technology, MobileIron, and Ubitexx. These services can help you manage your mobile devices by simplifying the integration of multiple mobile device platforms even across different carrier networks. They typically provide a single console that covers billing, inventory management, security, and compliance, and they may even have an integrated app store that permits users to download only qualified and approved apps to their mobile devices.
Keeping Tabs on Costs
Before you can manage a collection of cellular devices, you have to know how many devices are involved, and who has what. Maintaining an inventory of your mobile assets is critical because, if you don't know what devices you have in your organization, you won't be able to keep track of your bills and spending, both for wireless service and for hardware.
If you have an inventory control system for laptops, your next step should be to add cellular devices to that system. If you don't have such a system in place, it's time to get one. Options range from something as simple as a spreadsheet to a heavyweight alternative such as Citrix's GoToManage.
Your cellular carrier can supply basic cost information for each device. Activating a new phone or other mobile device registers it and allows your carrier to bill for the appropriate mobile device. So be sure to work with a service partner that can support your cellular needs whether you run a Verizon-only shop or have phones in your organization that rely on various cellular carriers. Ask your favorite carrier to recommend a partner, and remember that good reporting--visibility into spending and budgeting to support comprehensive analysis of spending patterns--is critical. When you can examine costs and usage by carrier network, device, and user over time, you'll be in a position to find previously undiscovered savings.
To reduce costs, consider setting up a cellular usage plan that multiple cellular devices and departments share. That way, if one individual or team runs up an overage, you can draw from a pool of minutes to cover it.
And make sure that whoever is dedicated to purchasing and managing your company's phone bills and rate plans works closely with your in-house technical person (or tech team) to understand your company's needs, usage, and growth pattern.
Policies Are the Best Policy
Successful mobile management starts with establishing reasonable policies. Here are some tried-and-true practices:
• Establish clear mobile-use policies. Whether you forbid personal use of company mobile devices, allow shared work and personal usage, or permit employees to use their own cell phones to conduct company business, be sure to post suitable guidelines so employees will know what they can and cannot do with their phones. Written policies for reimbursement of work-related expenses incurred on personal mobile devices may prevent sticky situations from arising.
• Have a way to provide new and existing over-the-air cellular device activations or "self-activation." That way, you and your employees can get back to business quickly when a phone is lost or needs to be upgraded.
• Devise a policy that covers tablets' and smartphones' end of life. These devices contain potentially sensitive business data. When the device goes out of service, its owner needs to dispose of it appropriately, including sanitizing any data that remains on it, using a service such as e-Cycle (http://www.e-cycle.com).
• Establish a clear policy for apps installed on your mobile devices. If your business has strict policies on mobile software and business data access, you should have acceptable-use policies stipulating what types of work apps can be used on mobile devices. If an encryption app is necessary to safeguard business data, make sure that the policy spells this requirement out.
• Create policies for testing new mobile apps before deploying them on smartphones or tablets. If you let employees download and install whatever they want, without meaningful testing, you're asking for security troubles and potential data breaches.
• Post a list of all devices that have remote network access to company data, and inventory the approved apps on each device. You'll also need to decide whether to grant personal mobile devices (as well as company-owned mobile devices) access to the organization's data. Don't neglect to stipulate that employees who bring a personal device to connect to the business network must first accept any security restrictions you've established.
• Don't forget FaceBook, Twitter, and other social networks. Treat mobile devices the same way you do in-house PCs and laptops with regard to social media use and policies.
• Publicize your policies. It doesn't help to have policies if no one knows them. So provide appropriate training, make sure that everyone who has a company mobile device receives a copy of the guidelines, and explicitly state those policies the first time an employee gets a device that you'll be supporting.
Getting a Handle on Security
We've examined mobile device security on smartphones before. But in addition to dealing with straightforward tasks such as mobile data backup and synchronization, your policies should address more-advanced matters: shutting off and remotely wiping all data and applications on a lost or stolen mobile device, wiping apps and data on a mobile device after too many bad password attempts, data encryption, antivirus protection, and virtual private network (VPN) support, among others.
Lost or stolen phones and tablets can pose huge problems, including exposure of business contacts, sensitive email messages, corporate plans, and financial data. A policy that anticipates this eventuality and builds in safeguards (such as requiring strong device passwords, automatic shut-off, and support for remote data and app wiping) can keep your business data safe.
Most carrier partners can remotely erase data from a mobile device when necessary. Of course, employees must notify you promptly of a lost or stolen device so that you can start taking appropriate measures as soon as possible.
For a tighter hold on data in the event that a device goes missing, several new Android phones--including the Motorola Photon 4G and the Motorola XPRT from Sprint--offer AES encryption natively on the phone and on the accompanying SD Card, for data-at-rest security. These Motorola phones also support remote data wipe via Microsoft's ActiveSync.
Rooted Android or jail-broken iPhone mobile devices are another security issue. Such modified mobile devices no longer conform to their manufacturers' specifications and may damage your business network if given access to it. The safest policy is to detect modified devices and remove them promptly.
If you allow personal phones and tablets on your network, you should require that certain approved software be loaded on those devices before they can connect. Relevant items include a data-wipe app, an app that monitors what other apps may be doing (like McAfee's free App Alert for Android, which is currently in beta), antivirus software, and a properly configured VPN.
More-advanced policies take into account mobile app security that may be based on reputation, whitelist, or blacklist. Reputation considers certain attributes of an app and gives it a thumbs up or down for use. Whitelisting permits only apps specifically approved for use. Blacklisting blocks specifically forbidden apps.
In the future, advanced security policies will consider location and environment. If you want certain phones to work only in the warehouse, say, you'll be able to specify that limitation in your policy. When the phone is anywhere else, it will stop working. Of course such advanced policies require supporting apps, like those from Good Technology and Fiberlink's MaaS360.
Coming Soon: Management in the Cloud
Mobile devices for business are a dynamically changing market. Eventually, many companies will manage their tablets and phones in the cloud. Though a few cloud solutions are available now, more are on the way.
The entirely cloud-based BlackBerry Management Center focuses on mobile devices for the low-end and small-business market. Though this service is for BlackBerrys only, RIM is developing an as-yet-unnamed cloud service that will also work with Android and Apple phones and tablets.
Good Technologies, MaaS360 by Fiberlink, McAfee, Virtela, and a number of other companies either have or will soon have cloud-based mobile management systems out.
The biggest advantage of cloud-based mobile-management services is that you can get started with them right away. You don't worry about buying or setting up new IT and mobile device infrastructure, maintaining that infrastructure, or even committing long-term to a specific vendor. Plus, you'll be able to monitor and manage your mobile infrastructure from anywhere.
The disadvantages are that you'll be forced to rely on your chosen vendor's capabilities, and you won't be able to customize and tweak the service if you have a specific niche or requirement. Still, cloud-based services continue to improve and expand their capabilities rapidly, making them a great fit for anyone trying to keep tabs on a fleet of mobile devices. Scout around, and you're likely to find a cloud-based company that will solve all of your mobile-management problems--including some problems you may not have even realized you had.
This story, "Mobile device management for small business" was originally published by PCWorld.