Mobile management products are quickly delivering new support for Apple iOS 4, threatening the BlackBerry stranglehold on enterprise-grade mobility.
When Research In Motion's BlackBerry was the mobile choice
for enterprise deployment, the completeness of its end-to-end
solution-which included the client, mobile network transport and
delivery enabling middleware-was a huge strength. Although the bulk of
solution was proprietary, ensconced within its own walled garden, the
made sense as the solution excelled at delivering the killer mobile app
time-mobile messaging-as well as granular management and security
capabilities that were unrivaled in other platforms.
However, BlackBerry's dominance in the enterprise is waning,
as many enterprises now permit users to bring their personal devices onto the
corporate network, and typically those devices are not BlackBerrys. As other
mobile platforms, such as Apple's iOS or Google's Android, introduced built-in
support for a base level of security and management-support for Microsoft's
Exchange ActiveSync protocol to provide device password enforcement and remote wipe,
and for necessary levels of WiFi security-many IT administrators have been
allowing devices based on those operating systems to connect to enterprise
That basic level of management and security, of course,
doesn't come close to what RIM can offer via its BES (BlackBerry Enterprise
Server) middleware component, which offers more than 450 IT policies in the paid
version. Among other capabilities, these policies can be used to deliver and
enforce device component accessibility (for instance, barring access to the
Bluetooth radio or the video camera), wirelessly install line-of-business
applications, monitor device status and health, and enforce additional VPN
configurations or device storage encryption settings.
At least when it comes to the iPhone, however, this
functionality gap is quickly closing as numerous third-party vendors this
summer announced similar feature sets, taking advantage of the various
management APIs introduced by Apple within iOS 4.
I have not yet had the opportunity to get my hands dirty
with any of these products since iOS support was added, but the demonstrations I've
seen by mobile management companies such as BoxTone, MobileIron and Tangoe have
demonstrated that they are delivering compelling advances in mobile management.
Increasingly, these makers are moving beyond traditional device management toward
broader mobile lifecycle management functionality.
While the feature sets will vary from vendor to
vendor, customers should look for these suites to deliver functionality intended
to address all aspects of a mobile device's life. From the time a device is
first handed to a user (or the user brings it in to IT), these suites should provide
deployment and provisioning, capabilities - tying the mobile system to the
corporate directory for group memberships that help define access permissions
from the mobile device as well as required applications and settings on the
device. Applications developed in-house should be pushable to the device
over the air from a corporate application catalog hosted behind the firewall or
in the cloud, while making it simple to inform the user if he or she needs to obtain
publicly available applications from an app store.
Security functions should include posture assessment and
remediation-identifying jail-broken phones (if that is a concern for
company) and denying access from the device to corporate resources
The solution should also have a way to package and deliver any digital
certificates needed for device operation and user access, and a way to
on-device encryption rules if needed by the enterprise. And the typical
security policies should be deliverable and enforceable, including
lockout, password complexity enforcement, application blacklisting and
wipe. For remote-wipe functionality, enterprises should investigate the
involved, identifying whether wipes are complete or can be isolated
corporate data while leaving personal data intact. Ultimately, these
should be able to wrap reports around all these security features,
toward helping administrators or executives show they are attempting
compliance with the various major regulations-such as HIPAA (Health
Insurance Portability and Accountability Act)-to which they are
potential customers should look for both application and device performance monitoring
and troubleshooting capabilities. The former should include Exchange monitoring
and logging to ensure uptime of the messaging system with visibility to
identify where, exactly, trouble takes place within that system (preferably with
resultant diagnostic advice), as well as to be able to track user's
interactions with the messaging system (preferably with support for both
Exchange ActiveSync connections and any other messaging stacks-such as Good or
BES that may be employed for some devices). Meanwhile, device monitoring can
help identify potential problems with the remote fleet, from identifying memory
shortages or network connectivity issues to helping locate a missing device.
Customers should also expect their mobile management
solution to offer, or be working toward offering, a user self-service module. With
a self-service solution, companies should find they can significantly reduce
support costs as users can troubleshoot certain issues such as product
activation or quickly track or remote-wipe a lost phone, without a costly call
to the help desk.
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at firstname.lastname@example.org.