By Stephen J. Bigelow, Features Writer
Mobile devices are indispensable tools in the modern enterprise, but they require careful planning, attentive management and knowledgeable support. Solution providers experienced with mobile devices can help clients overcome the technical and organizational challenges involved with mobile device management. The first chapter of this Hot Spot Tutorial considered the most common issues encountered with mobile devices and their effects on the corporate network. This second chapter highlights additional details of mobile device management, explains the role of written policies, and looks more closely at mobile device support.
Keeping an eye on mobile devices
Routine device management can be difficult for a busy enterprise, but mobile devices present a particular challenge. Once a mobile device leaves the enterprise network, it's "in the wild," only manageable when it reconnects to the enterprise -- usually through an unsecured home or public network. IT departments must make the most of this limited connectivity. Most enterprises adopt automated policy-driven tools that will identify and inspect mobile devices as they connect from the field and ensure that each mobile device complies with the latest updates or patches.
"If they connect for 10 minutes from the Internet to check their email, that's enough time for our patch system to see them online and push some stuff down," said Adam Gray, chief
The mobile device typically calls home, meaning the device itself initiates a connection via an SSL link. So the enterprise does not need to seek the mobile device behind firewalls or other security barriers. The data center can "see" the mobile device no matter where it is, and since mobile employees connect routinely, updates and patches are generally small and manageable.
It's also important for clients to control mobile device policies, which remain with the device even after it disconnects. "We can push agents to devices and then set those devices to roaming mode," said Scott Gorcester, president of Moose Logic, a solution provider headquartered in Bothell, Wash. Each time the device logs in, it receives patches, updates, new signature files and updated policies. "We can audit them. We can get in and do remote control for repairs and support. And we can also potentially go find them," he said.
Gorcester noted that the use of a centralized, Web-based management infrastructure provides a level of automation that is easier and more efficient than trying to manage devices individually. Logs can easily be polled to identify any mobile users that are not logging on or receiving updates.
The ability to find mobile devices also plays into the need for asset tracking. While tracking traditionally served a role in financial management, today's asset tracking is primarily used to analyze individual usage and ensure timely maintenance. Devices that don't connect periodically can be flagged for investigation, and old devices can be identified for systematic replacement. For example, a PDA that doesn't connect for a week may indicate a device failure (or an employee performance problem), or a smartphone approaching two years of service may be turned in for a new device and revised service plan. Similarly, tracking that suggests high levels of usage may flag the need for additional chargers, replacement battery packs or other ancillary support to assist the user with mobile device power management.
A solution provider can be a particularly valuable resource for clients embarking on mobile device management. "It's the ability to provide that larger perspective," Sobel said. "We've looked at a number of different organizations across different environments and can give them an aggregate of experience." For example, an experienced solution provider can help set up the client's infrastructure so that all mobile devices have a "call home" capability -- a feature often overlooked. Performing appropriate patch management to mobile devices is another area where solution providers can provide value to their clients. Finally, a solution provider can aid a client in choosing mobile devices and setting up the client's internal help desk or support system to keep those mobile devices running.
Mobile device policies
Mobile device management isn't just about automated tools or technologies. End users must be educated on the appropriate requirements and expectations for mobile operation, along with a clear knowledge of available support options for various mobile devices. "It's a combination of policies and technologies," said Dave Sobel, CEO of Evolve Technologies, a solution provider located in Fairfax, Va. He notes that the management technologies are now readily available, but training and service-level agreements (SLAs) are needed to define the company's offerings. "You may have the flexibility to go work in a coffee shop, but this is what you should expect," he said.
Other experts echo the importance of documented policies in mobile device management, such as acceptable use agreements for USB devices as well as laptops, PDAs, cell phones, smartphones and other devices available throughout the enterprise. "Our acceptable use policy is written globally to cover all [devices] Gray said, noting close adherence to common SANS policies and procedures that are only slightly modified to accommodate his organization's specific needs. The goal is to establish policies that are clear and easily understood by all employees. Employees sign the policy as an indication that they've read and understand it.
Supporting mobile devices in the field
Mobile device management doesn't end with patches and policies. Organizations must also provide ongoing support for their approved mobile devices. Mobile device support normally includes a centralized help desk that can implement remote diagnostics and troubleshoot faults, helping the mobile user identify or isolate problems, and then taking the appropriate measures to correct the problem.
The goal with mobile device support is to strike a balance between efficiency and effectiveness. A technician typically follows an established troubleshooting protocol for each supported device. This may include running remote diagnostics provided by the manufacturer or third parties. In many cases, a connected mobile device can be tested or diagnosed without the user's knowledge, but serious difficulties may require direct user interaction over the phone to test and reset the device. If a device cannot be corrected using established test techniques, it can be replaced.
Support also requires training for help desk personnel. It's an important expenditure to ensure that a help desk staff is positioned to provide timely mobile device support. "You've defined the scenarios of what level of support you're going to offer," Sobel said. "Then [clients] need to invest in training for their people to know how to support those environments."
This was first published in July 2008