February 21, 2011, 11:46 AM —
I've written here before about the challenges of employee-owned mobile devices in the workplace, both from the IT and employee perspectives. When it comes to allowing and supporting employees in using their smartphone and tablet devices in the office, there still isn't a single answer for how best to balance employee needs/freedom (it is the employee's phone, iPad, or other device, after all) with the needs for data security and provisioning of resources like in-house apps and security certificates that are always headaches for IT.
While there isn't a solid answer, news out of the Mobile World Congress last week points to some of the trends that are emerging as the front runners for how strike this balance effectively. Each offers some unique advantages and disadvantages for both users and IT.
Mobile device management suites – Up till now, these solutions have been leading the way. They operate with a central server where IT can configure and enforce security policies, manage devices to varying degrees, and push out resources (apps, bookmarks, security certificates, etc.) over the air. These suites are a prime choice for IT because they offer a lot of control and the ability to instantly wipe a device (if lost) or revoke most, if not all, corporate data at a moment's notice (say if an employee quits or is terminated). These suites also allow IT to ease or automate the setup process for users. The downside for users is that they are giving their employer some measure of control over their personal property, sometimes to a significant degree. There's also a challenge for IT in that most management suites only support a specific mix of mobile platforms.
Virtual desktop solutions – Another common trend, particularly in healthcare environments, is to implement a virtual desktop or virtual app solution. The clear leader here as a solution vendor is Citrix, which produces a client app for most mobile platforms (with plans for announced platforms, including webOS) as well as a very flexible backend system. Administrators can configure a complete desktop environment or make specific third-party or in-house applications available without a full PC experience (a big plus on smartphones due the screen size).
The big advantage for IT is that no corporate data is ever stored on the device and all access is secure. The plus for the employee is that only a single app needs to be added to his/her device. The downside to the employee is that without Internet access, they can't do any work securely on the device. The downsides for IT are the costs of the infrastructure and the fact that employees might enter data into other apps (like a mobile office suite or their personal contacts).
Virtualization – This is the newest trend. It isn't really an option yet as it was only demoed by VMWare in Barcelona, but it has a lot of potential. The concept is works the same as any desktop virtualization system: create a completely separate and contained guest OS installation that can run in an app installed on the host OS.
The concept has a lot going for it in that the guest OS can be secured and have its own network identity and phone number. Right now, the only platform VMWare is working with is Android, which could be limiting and there may still be some concerns with centrally managing these virtual devices as well as creating configurations for a variety of Android devices. The advantage to users is that it's as if their IT department gave them a separate device without physically having to carry it. For IT the big plus is complete configuration and control of the environment where corporate data will reside. One downside for employees may be getting used to the virtualization concept, but that should be a matter of user education.
Employee education and training – Speaking of educating employees, one trend that preceded and continues alongside of the technical solutions is helping employees understand the security needs. The reasons for security policies (VPN on public Wi-Fi, security policies, even acceptable use terms for a corporate network) aren't always fully understood by employees – even if they're asked to abide written guidelines. In some businesses and schools, one-on-one training and explanations of potential threats has led to both a more positive staff/IT relationship as well as users taking ownership of any data on their devices. Education and training really isn't sufficient on its own, but it should be a part of any mix of solutions.
With the varying differences of these solutions, many organization may find that a mix of two or more options is what really suits their needs. That's the case with almost any area of IT. It is, however, heartening to see vendors responding quickly and across a range of approaches to what is becoming a major issue for almost any IT department.