The Use of Personally Owned Devices

By Andrew Garcia  |  Posted 2010-09-27

Mobile Management Comes of Age

When Research In Motion's BlackBerry was the mobile choice for enterprise deployment, the completeness of its end-to-end solution-which included the client, mobile network transport and management and delivery enabling middleware-was a huge strength. Although the bulk of the solution was proprietary, ensconced within its own walled garden, the platform made sense as the solution excelled at delivering the killer mobile app of the time-mobile messaging-as well as granular management and security capabilities that were unrivaled in other platforms.

However, BlackBerry's dominance in the enterprise is waning, as many enterprises now permit users to bring their personal devices onto the corporate network, and typically those devices are not BlackBerrys. As other mobile platforms, such as Apple's iOS or Google's Android, introduced built-in support for a base level of security and management-support for Microsoft's Exchange ActiveSync protocol to provide device password enforcement and remote wipe, and for necessary levels of WiFi security-many IT administrators have been allowing devices based on those operating systems to connect to enterprise resources.

That basic level of management and security, of course, doesn't come close to what RIM can offer via its BES (BlackBerry Enterprise Server) middleware component, which offers more than 450 IT policies in the paid version. Among other capabilities, these policies can be used to deliver and enforce device component accessibility (for instance, barring access to the Bluetooth radio or the video camera), wirelessly install line-of-business applications, monitor device status and health, and enforce additional VPN configurations or device storage encryption settings.

At least when it comes to the iPhone, however, this functionality gap is quickly closing as numerous third-party vendors this summer announced similar feature sets, taking advantage of the various management APIs introduced by Apple within iOS 4.

I have not yet had the opportunity to get my hands dirty with any of these products since iOS support was added, but the demonstrations I've seen by mobile management companies such as BoxTone, MobileIron and Tangoe have demonstrated that they are delivering compelling advances in mobile management. Increasingly, these makers are moving beyond traditional device management toward broader mobile lifecycle management functionality.

While the feature sets will vary from vendor to vendor, customers should look for these suites to deliver functionality intended to address all aspects of a mobile device's life. From the time a device is first handed to a user (or the user brings it in to IT), these suites should provide deployment and provisioning, capabilities - tying the mobile system to the corporate directory for group memberships that help define access permissions from the mobile device as well as required applications and settings on the device. Applications developed in-house should be pushable to the device over the air from a corporate application catalog hosted behind the firewall or in the cloud, while making it simple to inform the user if he or she needs to obtain publicly available applications from an app store.

Security functions should include posture assessment and remediation-identifying jail-broken phones (if that is a concern for the company) and denying access from the device to corporate resources until fixed. The solution should also have a way to package and deliver any digital certificates needed for device operation and user access, and a way to enforce on-device encryption rules if needed by the enterprise. And the typical security policies should be deliverable and enforceable, including feature lockout, password complexity enforcement, application blacklisting and remote wipe. For remote-wipe functionality, enterprises should investigate the options involved, identifying whether wipes are complete or can be isolated solely to corporate data while leaving personal data intact. Ultimately, these solutions should be able to wrap reports around all these security features, aimed toward helping administrators or executives show they are attempting compliance with the various major regulations-such as HIPAA (Health Insurance Portability and Accountability Act)-to which they are beholden.

Additionally, potential customers should look for both application and device performance monitoring and troubleshooting capabilities. The former should include Exchange monitoring and logging to ensure uptime of the messaging system with visibility to identify where, exactly, trouble takes place within that system (preferably with resultant diagnostic advice), as well as to be able to track user's interactions with the messaging system (preferably with support for both Exchange ActiveSync connections and any other messaging stacks-such as Good or BES that may be employed for some devices). Meanwhile, device monitoring can help identify potential problems with the remote fleet, from identifying memory shortages or network connectivity issues to helping locate a missing device.  

Customers should also expect their mobile management solution to offer, or be working toward offering, a user self-service module. With a self-service solution, companies should find they can significantly reduce support costs as users can  troubleshoot certain issues such as product activation or quickly track or remote-wipe a lost phone, without a costly call to the help desk.

The Use of Personally Owned Devices


Whether the enterprise provides the device or the user brings his or her device while the company covers service costs, these solutions should also provide billing and expense management for wireless services. These solutions can help IT identify usage patterns out of whack with assigned service plans for voice minutes, text messages or network data, whether these conditions are international travel on domestic-only service plans, excessive minutes being used consistently from month to month or for devices not used enough given the allocated service level.  

Increasingly, customers should also begin to look for integrations with existing infrastructure management solutions, therefore allowing customers to add the mobile client base to the tools already used to manage the rest of the network. For instance, MobileIron recently unveiled an API for its product to allow integrations with partner products over time.

Since more companies are allowing their users to use personally owned devices, there definitely won't be a homogenous device base. Therefore, the solutions absolutely need to deliver wide cross-platform support. Each of the products I mentioned started with support for the last generation of enterprise devices-Windows Mobile 5.x/6.x and BlackBerry, typically. Apple iOS support is simply the latest major platform supported, and customers should expect Android support, if offered at all right now, to be greatly improved within the next 12 months.

RIM has garnered a lot of criticism over the last year for the shortcomings-both real and perceived-of their stable of BlackBerry clients when compared to Android and iPhone upstarts. To be sure, BlackBerry has not been as successful at attracting consumers or developers to the platform in the last couple years, ceding those segments to Apple and Google. With BlackBerry 6 OS, RIM has made significant strides to again be competitive, although the modern distinctiveness of the platform is not yet there. That will require a lot more developers delivering innovative apps and services that leverage the platform. However, I'm not in the camp that thinks BlackBerry's lost ground on the client side spells doom for the mobile OS-indeed, I would not be surprised if the platform was again competitive, feature for feature, by mid-2011.

Instead, I think the threatening storm clouds hover over RIM because of the monoculture-the walled garden-that once helped make BlackBerry so successful in the enterprise. Monoculture may work if the enterprise is buying the device and providing it to its users, but in this time of rapid platform enhancements and numerous viable and attractive options available on the market, why would IT standardize their business on something with such a short lifecycle? And users are going to go with what suits them best, which is not a good recipe for a homogenous solution.

With a heterogeneous client base, the BlackBerry network and back-end suddenly becomes an isolated part of the network, built to provide excellent functions and support to a limited segment of the device base. Even though BES is a superior mobile management platform, it nonetheless will become redundant.

At this time, BES isn't even any good with user-provided BlackBerrys, if the device is not licensed and activated to the BES infrastructure. RIM recently added features to BES 5 that promise some functionality along these lines in conjunction with an as-of-yet unreleased on BlackBerry 6 OS, although there is no word what this capability will look like. Recently, RIM launched a user management portal-BlackBerry Protect-to provide some location tracking, security wipe and backup functionality, but these functions are only available to devices explicitly not activated to a BES.

Each of these third-party mobile management solutions support BlackBerry device management, so customers can manage iPhones and BlackBerrys side-by-side within the same solution. But each does it through an integration with an in-place BES server via BlackBerry APIs, as they could not tap into the BlackBerry walled garden directly. Two middleware elements would be required.

Most large enterprises previously standardized on BlackBerry undoubtedly have a BES infrastructure already in place, and they have likely already upgraded to BES 5 (which was released in 2009). But if companies are no longer buying BlackBerrys, I can't see the BES deployment base growing, and that base will likely shrink significantly when it comes time to upgrade to the next version.

Simply put, I'm not sure there is much revenue opportunity for RIM for BES and enterprise licensing, at least as everything is currently constructed. The company likely needs to take a long, hard look at how it operates on the back end. On one hand, RIM could go the same route as other platforms-embracing Exchange ActiveSync and other mail protocols for direct messaging connections. But I doubt RIM will do that, as it already invested heavily in its messaging network and because much of its device battery efficiency can be traced to the device's connection to a single messaging infrastructure.

Alternately, RIM could embrace multiplatform support and open its walled garden to other platforms, delivering a client agent for multiple mobile operating systems to extend core competencies of message delivery, enterprise systems integrations and device management and security to other platforms. However, RIM would likely need to buy one of these third-party mobile management solutions in order to speed support for these other clients.

Otherwise, I suspect BlackBerry could be relegated to niche enterprise situations as time passes, perhaps to customers who require the high-end security or FIPS (Federal Information Processing Standard) certification that competing mobile platforms cannot yet provide.


Rocket Fuel