In the past, smartphones were not considered a major threat to network security since they really couldn't do much....
As a result, mobile device management was a low priority for most enterprises.
But today's smartphones are much more powerful and can run sophisticated applications. In addition, low prices and tech envy have made smartphones nearly ubiquitous.
Smartphones can also directly connect to your network. Although mobile devices have used ActiveSync to synchronize data with Exchange Server for many years, they are now capable of much more. For example, many smartphones are Wi-Fi enabled, so they can be used to browse an organization's network resources.
Prohibiting smartphones in your organization is not the answer to a more secure environment. These mobile devices have become an essential business tool, and banning them could hurt employee productivity.
Instead, IT administrators need to recognize that smartphones have evolved and that these devices need to be treated like any other network endpoint. This means enforcing security policies, performing regular patch management and scanning for malware.
However, this can be a tall order because there are very few standards among mobile devices. For example, I knew one admin who set a policy requiring anyone who wanted to access the corporate mail system from a mobile device to use Windows Mobile. Although Exchange Server 2007 and Exchange 2010 both have many security mechanisms that can be used to secure smartphones, they work only with Windows Mobile (6.1 and above). A senior executive in the company demanded email access on his iPhone, and since the administrator was outranked, he was forced to connect the iPhone to the network. Once other employees saw someone using an iPhone, they began to request access from various devices.
Even if the above situation hasn't played out in your organization, there is no denying the ongoing battle for smartphone dominance. As a result, many organizations have a hodgepodge of devices. This presents a problem because each device is managed a different way.
For instance, Windows Mobile devices are typically managed through Exchange Server or through System Center Mobile Device Manager. These products do a great job of allowing an administrator to manage all of the Windows Mobile Devices throughout an organization, but the software won't work with non-Windows devices. This problem isn't unique to Windows devices; BlackBerry devices have proprietary management software that works only with them. Similarly, the iPhone and the Droid have their own unique management requirements.
So, how do you handle this situation?
At first, it may seem your best bet would be to use a single type of smartphone. However, given the rapid pace at which smartphone innovations are occurring, it would be short-sighted to lock an organization into a single device unless there is an underlying business need to do so.
A better option is to invest in third-party management software that works with all of the most popular smartphones. For example, Good Technology offers a product that supports iPhone, Palm, Symbian Series 60 and Windows Mobile. This is just one example of smartphone management, and an Internet search for "smartphone management software" will reveal more cross-platform products.
If you decide to allow a variety of mobile devices in your enterprise, you need to be aware of the challenges associated with managing a heterogeneous environment.
Patch management is completely different from one device type to another. For example, an update for an application on Windows Mobile doesn't apply to iPhone users, even if they run the same app.
Furthermore, your help desk staff will need additional training to support multiple devices. If someone calls with a device-specific question, help desk staffers need to be knowledgeable in the nuances of each device. Giving the user a generic answer won't cut it in a multiplatform environment.
Finally, even if your management software allows you to apply a consistent security policy to each mobile platform, you still have to keep up with the latest security threats to each device. While this is a requirement regardless of which mobile platform you use, the wider the variety of mobile devices you support, the larger the administrative burden of keeping those devices secure.
Mobile device management can be challenging, especially if you allow a mixture of platforms. A smartphone management package that supports all of the devices in an enterprise can greatly reduce the administrative burden, but such software sometimes provides a false sense of security. The software will likely facilitate application deployment and patch management, but finding out which patches are available for your mobile applications will probably remain a manual process.
About the author:
Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award four times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and health care facilities and was once a network administrator for Fort Knox. You can visit his personal website at www.brienposey.com.