Mobile Management Comes of Age

Mobile management products are quickly delivering new support for Apple iOS 4, threatening the BlackBerry stranglehold on enterprise-grade mobility.

When Research In Motion's BlackBerry was the mobile choice for enterprise deployment, the completeness of its end-to-end solution-which included the client, mobile network transport and management and delivery enabling middleware-was a huge strength. Although the bulk of the solution was proprietary, ensconced within its own walled garden, the platform made sense as the solution excelled at delivering the killer mobile app of the time-mobile messaging-as well as granular management and security capabilities that were unrivaled in other platforms.

However, BlackBerry's dominance in the enterprise is waning, as many enterprises now permit users to bring their personal devices onto the corporate network, and typically those devices are not BlackBerrys. As other mobile platforms, such as Apple's iOS or Google's Android, introduced built-in support for a base level of security and management-support for Microsoft's Exchange ActiveSync protocol to provide device password enforcement and remote wipe, and for necessary levels of WiFi security-many IT administrators have been allowing devices based on those operating systems to connect to enterprise resources.

That basic level of management and security, of course, doesn't come close to what RIM can offer via its BES (BlackBerry Enterprise Server) middleware component, which offers more than 450 IT policies in the paid version. Among other capabilities, these policies can be used to deliver and enforce device component accessibility (for instance, barring access to the Bluetooth radio or the video camera), wirelessly install line-of-business applications, monitor device status and health, and enforce additional VPN configurations or device storage encryption settings.

At least when it comes to the iPhone, however, this functionality gap is quickly closing as numerous third-party vendors this summer announced similar feature sets, taking advantage of the various management APIs introduced by Apple within iOS 4.

I have not yet had the opportunity to get my hands dirty with any of these products since iOS support was added, but the demonstrations I've seen by mobile management companies such as BoxTone, MobileIron and Tangoe have demonstrated that they are delivering compelling advances in mobile management. Increasingly, these makers are moving beyond traditional device management toward broader mobile lifecycle management functionality.

While the feature sets will vary from vendor to vendor, customers should look for these suites to deliver functionality intended to address all aspects of a mobile device's life. From the time a device is first handed to a user (or the user brings it in to IT), these suites should provide deployment and provisioning, capabilities - tying the mobile system to the corporate directory for group memberships that help define access permissions from the mobile device as well as required applications and settings on the device. Applications developed in-house should be pushable to the device over the air from a corporate application catalog hosted behind the firewall or in the cloud, while making it simple to inform the user if he or she needs to obtain publicly available applications from an app store.

Security functions should include posture assessment and remediation-identifying jail-broken phones (if that is a concern for the company) and denying access from the device to corporate resources until fixed. The solution should also have a way to package and deliver any digital certificates needed for device operation and user access, and a way to enforce on-device encryption rules if needed by the enterprise. And the typical security policies should be deliverable and enforceable, including feature lockout, password complexity enforcement, application blacklisting and remote wipe. For remote-wipe functionality, enterprises should investigate the options involved, identifying whether wipes are complete or can be isolated solely to corporate data while leaving personal data intact. Ultimately, these solutions should be able to wrap reports around all these security features, aimed toward helping administrators or executives show they are attempting compliance with the various major regulations-such as HIPAA (Health Insurance Portability and Accountability Act)-to which they are beholden.

Additionally, potential customers should look for both application and device performance monitoring and troubleshooting capabilities. The former should include Exchange monitoring and logging to ensure uptime of the messaging system with visibility to identify where, exactly, trouble takes place within that system (preferably with resultant diagnostic advice), as well as to be able to track user's interactions with the messaging system (preferably with support for both Exchange ActiveSync connections and any other messaging stacks-such as Good or BES that may be employed for some devices). Meanwhile, device monitoring can help identify potential problems with the remote fleet, from identifying memory shortages or network connectivity issues to helping locate a missing device.  

Customers should also expect their mobile management solution to offer, or be working toward offering, a user self-service module. With a self-service solution, companies should find they can significantly reduce support costs as users can  troubleshoot certain issues such as product activation or quickly track or remote-wipe a lost phone, without a costly call to the help desk.