Formulating the Right Enterprise Mobility Strategy

To build, deploy, and manage mobile applications, you first need to look at enterprise-wide policies around security, privacy, and user computing before finalising the collaboration infrastructure and the end-to-end architecture

– Adeesh Sharma

It’s the age of mobile devices and business apps. 5-inch, affordable and reasonably decent smartphones have given the necessary thrust to ecommerce and other businesses to push either their products or information associated with them onto the users’ smartphones through conveniently designed mobile apps. The latest update being that key ecommerce vendors are even contemplating pulling down their websites in favor of mobile apps. So, now is the time to get your enterprise mobility strategy right even if you haven’t given it a thought. But there’s a catch, and a big one at that. When they first set upon formulating the information security and privacy policies for today’s organizations they visualised a tightly controlled and monitored computing model where all employees relied on organisations to provide the basic computing capabilities and network access. Those days, policies were simple to manage on enterprise-owned assets such as a workstation or a PDA with simple guidelines on how to handle consumer data. The security was enforced using encryption software with very strong password protection and, in many cases, two-factor mechanisms to control how employees accessed the company’s applications and data. In a nutshell, it was a highly standardized computing model which made support processes simpler and testing and deployment of applications to these devices easier.

In this age of mobility, each of these policies has become more complex to enforce and manage. The safeguards that worked well in the standardized environment are now inadequate to address the risk posed by the use of personally owned mobile devices and anytime, anywhere, network access. So, it becomes imperative on organisations to address these policies first before setting the roadmap for enabling enterprise mobility.

Look inside: Why do you need a policy in the

first place

Begin by asking yourself the basic questions. Is the device company owned or personal? How is the data going to be secured under both scenarios? How do respond to privacy concerns? There is of course going to be a lot of employee data on a personally owned or even a company owned device.

Now when you enforce certain security policies such as passwords or encryption, do you have the ability to enforce them on personal devices as well? If this is the case, then how does the enterprise monitor and mitigate the risk of the employee losing the device? Getting into the nitty-gritties, you might also ask who pays for the device and access—for example, will the employee buy it or will the company provide a stipend and how often? How will the company support the device when it fails or when the user has a device that the company does not have the skills to support? All this shall impact the operational expenses of organizations as well as they move to this new user computing model that provides more choice and contains a mix of company- and employee-owned devices.

Setting up the mobile infrastructure

You need to establish a solid infrastructure that supports enterprise-class mobile applications. This includes the deployment model for mobile applications, network and security architecture and collaboration infrastructure for the enterprise. The deployment model for mobile applications within an enterprise entails key decisions around security and privacy policies. Selecting the deployment model for mobile applications is one of the most critical decisions of enabling enterprise mobility. These are the three standard deployment models for enterprise mobile applications:

1.    Applications are embedded natively as part of the mobile device software. Such an app has access to all device resources and is only constrained by the capabilities of the device.

2.    Applications are deployed into an encrypted container on the device. This way the mobile remains secure from malware and also has access to selected capabilities and resources from within the container on the device.

3.    Applications are deployed to the device using a thin client. It has no access to the computing resources on the device. These applications leverage the capabilities of the server on which they run and render the user interface to the mobile device.

Revamping the network and security architecture

Even today, the network architecture in most organizations, including firewall rules and network security, is designed to support web-based applications. These architectures have been defined on perimeter-based defence structures that are solid on the outside but vulnerable to impregnation inside. Such network architecture is not adequate to deal with employee-owned mobile devices that can potentially access an organization’s core network behind the corporate firewall. While changing such a network architecture the following should be kept in mind:

1.    There could be users who would access company-owned applications and data from home or a public access point using a personal or company-owned mobile device.

2.    There could be users who would access company-owned applications and data from within the walls of the enterprise (intranet) with a personally owned mobile device.

3.    How does the enterprise manage and control access to internal and external application stores?

While defining the likely avenues for collaboration amongst employees you should focus on workplace capabilities such as email, instant messaging, microblogging, and social networking. All these are influenced by enterprise security requirements. It also presents some unique challenges around document retention, as enterprises need to maintain their ability to track use of corporate assets while respecting individuals’ privacy.

Establishing the defined mobility architecture

One key implication of mobile apps has been the slow but certain termination of monolithic solutions built around a particular business process, loaded with features and functions for different stakeholders. The banking website comes to mind instantly. Such solutions are now being replaced by multiple smaller apps designed around the user. These new apps are built from a customer-in perspective unlike the previous company-centric model that drove the previous application design. This is driven primarily by the rich user interfaces supported by today’s mobile devices that have redefined human-computer interaction. This next-generation user interaction model moves from the keyboard and mouse interface that has been a standard for the past two decades to one that processes inputs from multiple devices such as multi-touch screens, accelerometers, microphones, cameras, GPS chips, and gyroscopes. This represents a major shift from the event-driven application model that was inherent to the client/server and web-based applications. So, it’s a shift from applications that were designed to sense and respond to individual events to one that has to handle more complex events that enable enhanced reality experiences. For instance, a user can simply point his smartphone camera on a product’s barcode and check its availability, pricing, and other relevant information in his area. Similarly, a person in a foreign land can point his smartphone to the street where he is standing and get the banking app on his phone to map the nearest ATMs and bank branches and visually highlight them on the screen image of the street. The mobile apps need to innovate on and adopt the new models for visualizing data. These include taking advantage of the vivid hardware and display capabilities such as ‘pinch’ to zoom-in and zoom-out of an image to provide context-aware experiences. Such data can be further used to enhance Business Intelligence and Analytics solutions used by the enterprise.

MDM Implementation Check-List for CIOs

Here’s a list of key pitfalls you should stay clear off while deploying an MDM plan for your organization:

1.    Ensure your MDM tool is compatible with common mobile platforms and updates itself with the update of a mobile platform. This would not only ensure better compliance with your enterprise mobile apps but also save you from the scare of a security lapse.

2.    It should be able to function through handsets being serviced by different service providers and also over WiFi.

3.    You should be able to add or remove devices from your network like you shuffle your pack of cards. This would ensure optimum network efficiency and security.

4.    Dont be over-intrusive or impose impractical controls. This is the trickiest part as there is a very thin line that separates security and management from prying into someone else’s personal life. Most of the MDM strategy gets discussed at the top level but ultimately has to be implemented by the local IT manager. Be very clear about the software that’s going to be installed on the employee’s device and what’s really necessary for the organisation. Here again check if the device has been provided by the organisation or if it is his personal device. In case it is a personal device then publicise the list of dos and donts to all employees and ensure there is no discrepancy in their interpretation and there’s no fine print to be misused. Ensure there’s no case of ugly scuffles in your office with an overzealous IT manager trying to impose a dozen management/security solutions on the mobile device of an unsuspecting employee. For one, the quality of software being deployed itself could be questionable and secondly, the solution itself might harm the working of the device.

5.    You would have got the hint from my previous point but do ensure whatever solution is decided upon to be deployed, is free from bugs and malware and should not cause any drop in efficiency of the device. In case the software are resource hungry, do let it be known to all in advance.

6.    Don’t track unnecessary employee activity. Just because an employee’s mobile is GPS enabled does not mean that his location is under constant surveillance. Likewise if he is on Facebook or watching videos during office hours, you can deal with him with more sober ways than recording his chain of chat messages and clippings of videos he’s watched during that period.

7.    Strive for consistency in productivity apps. While you deal with multiple devices and platforms, focus on the output/productivity from an employee even if it means investing some money on getting an app that works seamlessly across all platforms. This would not only ensure consistency of output across all employees but also help in easier management across different platforms.

8.    Keep an eye on the devices at work. An IT manager can never relax even if the management of IT resources has shifted from the workstation to apps on mobile devices. Keep a look out for the various devices that are connecting to your network, what apps they are accessing, what impact it has on your bandwidth, etc.

9.    Don’t give employees a free hand over network resources. While bringing personal devices is an evolution of the IT era and can’t be stopped, keeping a check on what employees download through the enterprise network and whether they are exploiting it for personal gains is of paramount importance. Remember you still have to protect your network from malware and data leakage. So make it clear to the employee as to what behavior is acceptable in office.

10.    Prevent access to jailbroken and rooted devices as these can compromise information security and company data in no ordinary way.