Technology is allowing workers to stay in contact no matter where they are. How do you choose the right combination of hardware, software, data transport, and voice transport, then secure the whole lot and make sure your organisation is set up to take advantage?
Mobility sounds great, but implementing it means picking from a wide range of options. With multiple suppliers of multiple technologies, it is especially important to determine what you need before you start making choices.
There are two questions that should be asked at the outset of a mobility project, says Matt Dalton, market development manager for notebooks at Hewlett-Packard: "Why are you taking your workers mobile?" and "What information do they need while they are mobile?" The answers help inform decisions about hardware and communications technology, though he notes that it is not always appropriate to mandate the use of a PDA rather than a notebook, or vice versa. It may be better to let individual users make the choice, as there is no payback without utilization.
Organizations must ask which section of their workforce can benefit from mobility, says Robin Simpson, research director--mobile and wireless at Gartner Group. It may be as little as 15-20 percent, and within that different roles have different requirements. Gartner identifies five categories.
- Message-centric workers, including senior managers.
- Knowledge workers who face unstructured, unpredictable tasks and tend to move around and outside the office.
- Field workers such as those in logistics, sales, and service require notification and alerts, information about their next jobs, and a simple reply mechanism.
- Forms workers, who have very structured tasks involving field data reference or collection.
- Power workers, who need the fastest notebooks and the fastest communications to meet their requirements for collaboration and other functions.
Vodafone business solutions manager Jason Murray notes the presence of several groups among his GPRS (general packet radio service--a common data technology for mobile phones) customers, including the construction industry (e.g. project managers), client relations staff in various industries (who may spend two or three days per week at customer sites), government (including a cluster of around 300 people using it for Terminal Services access when travelling locally and overseas), and senior managers. The overlap with Gartner's categories is apparent.
Choose your device
Dalton suggests the choice between a handheld and a notebook or tablet PC largely comes down to screen size. If a handheld's screen is adequate, it usually has sufficient power and connectivity (eg, via a Bluetooth link to a mobile phone). Bigger screens may be needed for presentations and larger spreadsheets, in which case a tablet PC fits the bill, although some users are more comfortable with a traditional notebook.
Field worker connectivity company O4's managing director Ashley Bloch says his clients are predominantly in the fast-moving consumer goods (FMCG) space, where most of the action is in PDAs and Pocket PCs. They are compact, can be operated with one hand, have almost zero boot-up time, excellent battery life, and are "a really powerful tool". This is particularly true of devices such as the i-mate that combine PDA and phone functionality, but Bloch is unimpressed by the smartphone: "I have yet to see a good business application for that platform."
Keith Rothsay, pre-sales technical specialist at Toshiba, is more optimistic, suggesting that smartphones can fill the gap between the limited functionality of a simple and cheap Java-enabled phone and a relatively expensive PDA. In general, the relevance of the different platforms depends on the functions required and the user's role.
The tablet PC is targeted at mobile workers in general, says Rothsay. Major software vendors such as Adobe are now supporting the platform, and Windows XP Service Pack 2 makes a big difference to tablets, he says. Tablets aren't for everybody, he says, but they provide a good balance between weight and functionality. Rothsay predicts they will have a strong presence. "I think the market has taken a while to come around," he says, claiming a surge of interest in the last four months.
Bloch disagrees. "In our experience [the tablet PC] has not made much of an impact" because it shares the drawbacks of a notebook.
When it comes to accommodating different types of device within one system. Bradley Freeman, VP technology services, Capgemini Australia warns against the lowest-common-denominator approach as that foregoes the functionality of the more capable devices. Instead, he recommends the separation of the presentation layer from the rest of the client to take advantage of whatever features are available.
Some vendors specialize in creating mobile applications that integrate with existing back office systems, but if you are planning to do it yourself, good middleware is the key to success, says Freeman. Without it, legacy systems can be a problem, but tools such as Tibco, WebSphere, or WebMethods do the job, even if a custom adaptor is required.
Special-purpose software is not always essential for mobile applications. In some circumstances, it may be feasible to use Terminal Server or MetaFrame to provide access to a conventional application from a mobile device. "Be very careful if planning to invest money and time Webifying an application," says Phil Osborne, senior consultant--enterprise at Citrix Systems Asia-Pacific. Osborne claims the MetaFrame approach removes the need for that effort and may give superior performance. Even if the application already has a Web front end, using Citrix instead of a browser on the device can improve responsiveness by reducing the amount of data traffic. This can be especially useful with GPRS connections, he says.
Immediacy can be an important issue for mobile applications, especially where selling is involved. Jonathan Spellman, portfolio manager at Damovo Australia describes a pilot implementation of a system that allowed car-advertising salespeople to show prospective customers exactly how their ad would appear on the page, generate a quotation, and secure the order. Removing the delay between the sales visit and receipt of the quotation improved sign-up rates.
The always-on communication technologies allow the addition of GPS (global positioning system) location. This allows the back-end application to route a request (e.g. a service call) to the closest available unit with the right skills, says Spellman. With the customer's agreement, the service duration can be determined from the amount of time the GPS position showed the technician was on site, says Max Judd, wireless practice manager, IBM Business Consulting Services. This idea, which helps reduce paperwork, is being trialed by IBM in the UK.
Some of the technologies described in this feature assume a certain scale of operation, but some mobile solutions are readily implemented by even the smallest organization. Steve McManus, FileMaker general manager, Asia/Pacific, points out that FileMaker Pro databases on desktop systems can by synchronized with FileMaker Mobile 7 running in Palm or Pocket PC devices. This means that a tradesperson or other small businessperson could carry a handheld application for quoting, billing, etc, which feeds into (and is updated by) an accounting system running on a PC.
Such an arrangement would also be useful for van salespeople who typically use duplicate pads to record the day's transactions and then are left with a stack of paperwork to do in the evening. This also works for departmental level projects: Griffith University uses a FileMaker Mobile application to check the parking permits of vehicles on its grounds.
Finding your data transport
Australia is probably unique in terms of the breadth of wireless services, says Robin Simpson, research director--mobile and wireless at Gartner Group. Depending on their location, users' choice of mobile data technologies includes GPRS, 1xRTT (also called CDMA), 3G, Wi-Fi, and broadband wireless services from iBurst and Unwired.
GPRS is available on GSM networks and provides speeds of up to 40Kbps, says Tibor Schwartz, Telstra's group manager for Wi-Fi. Carriers typically offer more than just carriage: for example, Vodafone's Mobile Connect product provides GPRS connectivity, a PC Card interface, and the company's Dashboard software to manage the connection. Various bundles are available, including an AU$150 (US$112)-per-month all-you-can-eat plan (subject to fair use conditions).
Such pricing is changing organizations' behavior, suggests Bloch, as it makes it affordable for sales force to sync their devices before and after visiting each customer rather than once or twice a day.
1xRTT is faster and provides better regional coverage than GPRS, says Simpson. According to Schwartz, Telstra's network has a footprint of 1.3 million square kilometers and provides burst speeds up to 144Kbit/sec. Various plans are offered, including 15MB per month for AU$85 (US$63).
Rothsay describes Telstra's 1xRTT coverage as "impressive", adding that he gets 90-100Kbit/sec connections regardless of the distance from the tower.
3G is faster again at up to 384Kbps. "That's genuine broadband," says Hamish Michie, marketing manager, business field sales at 3, adding that it makes everyday work a real possibility for mobile users.
Although 3's service area is limited to Sydney, Melbourne, Brisbane, Adelaide, and Perth, users automatically switch to GPRS in other places. Telstra and Hutchinson are sharing 3G infrastructure, while Vodafone and Optus recently announced plans to build a competing network.
3 charges 0.1 cent per kilobyte, but the current AU$99 (US$74) cap applies to usage up to AU$500 (US$373), meaning mobile broadband isn't much more expensive than ADSL, says Michie.
3's own sales team uses the 3G service to access the salesforce.com hosted CRM system. That system is integrated with the 3 Web site, so when a prospective customers registers interest, their details are routed to a sales manager and onto a consultant. Call turnarounds are as little as five minutes and when consultants visit customers their order can be entered directly into the system. "The Net Connect card seems to be a viral product," says Michie, who encourages salespeople to use it in front of customers.
Wi-Fi is widely used for on-premises wireless networking and for hotspot access. Despite the nominal bandwidths of 11 or 54Mbps, typical throughputs are between five and 20Mbps. Communication from a hotspot access point to the rest of the Internet is likely to be over a slower connection, further reducing the speed. "In the case of Telstra wireless hotspots, users experience speeds up to 1Mbps," says Schwartz.
Telstra has plans to expand its hotspot presence from 130 to between 400 and 500 during the next 12 months, he says. Fifteen payphones in four locations have been Wi-Fi enabled, and "several hundred" more are under consideration should Telstra expand this program.
Telstra's charges vary from AU$5 (US$3.70) to AU$14 (US$10) per hour, and the company offers bundles of minutes per month that can be used with either Wi-Fi or 1xRTT, in addition to separate plans.
Other carriers and service providers operate hotspots and NetComm even offers a "hotspot in a box" for café owners and other proprietors who want to provide their customers with chargeable Wi-Fi access. Most providers' charges are in a similar range to Telstra's.
Bloch suggests roaming agreements will become commonplace in future, but Telstra customers already have roaming access to hotspots in Singapore, Malaysia, and China. Other key business and leisure destinations including the US and UK will be added by the end of this year, says Schwartz.
iBurst technology is similar to that used for mobile phones in that it allows the user to move between cells without dropping the connection. Data rates are asymmetric: 1Mbps downstream and 350Kbps upstream, though this will double soon, according to Chris Collinge, managing director of iBurst provider Techex. By the time you read this, coverage should have been expanded from Sydney to Melbourne, Brisbane, the Gold Coast, and Canberra.
According to Simpson, iBurst provides good coverage within service areas plus good in-building performance. Unlike Wi-Fi hotspots that are tied to specific operators, a single iBurst account provides access anywhere that the service is available in Australia. International roaming will be provided in the future.
"We've tried to position it as a replacement for DSL services" as well as a mobile option, says Collinge, so prices need to be competitive. Techex's cheapest plan costs AU$99 (US$74) per month for up to 3GB of data.
The hardware is available as a PC Card or as a desktop modem that plugs into a PC or router. Prices are likely to settle around AU$250 (US$187), he predicts. An SD card for handhelds is under development: "Everybody's asking for that," he says.
The quality of the network makes it suitable for VoIP traffic, and Techex offers an inexpensive voice gateway for installation on customers' premises. Bandwidth of 1Mbps makes it possible to use the same applications in the office and on the road, says Simpson. Trying to run a thin client over GPRS "just doesn't work".
"iBurst and Unwired are delivering what Wi-Fi promised," he says. Wi-Fi will never provide the ubiquity or service levels business requires, he adds. "Business is prepared to pay for wireless broadband if it is ubiquitous... these are the people that pay AU$20 (US$15) a night for broadband in their hotel rooms."
In three to five years, an emerging wireless broadband standard called WiMax "will become a compelling offering," says Simpson, assuming a manufacturer such as Intel provides a low-cost chip set. That technology will be attractive to operators, and international roaming is likely. A window exists for other services until then, he suggests.
"The key is to be agnostic" and make choices that allow communications flexibility, says Bloch. That will allow a switch to 3G when coverage improves, for example.
Talking on the run
Voice communication costs can blow out quickly when people resort to mobile phones to reach colleagues who are away from their desks.
Chris Pattas, director of Ericsson's enterprise business unit, points out that DECT (digital enhanced cordless telecommunications) handsets are lighter than mobile phones, are as familiar as a desk phone, and are fully integrated with PABX features. DECT is also the only mobile phone technology accredited for use in hospitals, he says, and in that environment it can replace various systems including one-way pagers and alarm panels. Providing all the functionality in a single handset simplifies training, reduces the risk profile, and makes it easy for staff members to reach any of their colleagues. They don't even need to remember extension numbers, as a directory function allows the entry of the first few letters of a name through the keypad.
"It really simplifies... the ability to communicate within the hospital" and works well at multi-building or even multi-campus organizations, he says. The system can recognize a switched-off DECT phone and automatically route calls to a mobile or other number as appropriate.
Ericsson's "mobile extension" feature extends desk phone features such as call transfer and conference call to normal mobile handsets, says Pattas, taking away any barrier between mobile and fixed workers. Some carriers will negotiate a fixed rate for extension-to-extension calls involving a mobile phone, which saves one local council several thousand dollars per year, he claims.
The "one number" concept, where the system routes calls to a particular number to a desk phone, mobile, voicemail, etc, according to the time of day or other settings is highly relevant to mobile users. "We think this is a very powerful solution," he says.
"I'm not a huge advocate of second-generation unified messaging," says Spellman. If the inbox is hard to manage, "I switch the thing off," he says. Newer systems such as Mitel's Speak@Ease with voice recognition are another story: voice "is the easiest and most natural interface," he says. Other convenience features include Outlook integration, allowing users to create or cancel meetings by phone, or to place calls to people in the contacts list.
Alcatel's unified communications software suite also provides a wide range of facilities. "It gives you access to any form of communication, regardless of the device," says product manager Brian Bird. For example, you may choose to have e-mails read to you over the phone, and then compose a reply that is sent as a WAV file. This is a good way of using any time spent in a traffic jam, suggests Bird. Or you can use a browser to instruct the directory server to call you at your hotel room and then connect you to another party. Despite involving two calls, this is often cheaper than paying hotel rates for an outgoing call.
Alcatel's software makes it easy to add communications capability to applications that support Web Services, including SAP and Siebel. "We really are at the leading edge of this," says Bird, adding that the integration can be done in a matter of hours.
An SSL VPN is probably the easiest way to provide secure access for mobile users as it provides a single method of accessing the corporate computing environment for the organization's staff (teleworkers, people working at home after hours, or when traveling), business partners, and contractors.
"It's actually difficult to do the two things everybody wants: flexibility and ease of use, versus security," says Les Howarth, Australia and New Zealand MD at F5 Networks. However, an SSL VPN fits the bill: "Since having this tool, it's like having my own desktop with me wherever I go."
According to Robert Clarke, account manager--security and connectivity solutions at systems integrator Kanbay, this technology has proved particularly popular with services-based organizations to provide their consultants with secure access to corporate information from clients' premises, and with government departments that need to provide secure and selective access to particular information for the operators of outsourced functions.
While IPSec VPNs are good for securely connecting two sites (eg, branch and head office), SSL VPN can be used to provide particular people with access to particular applications wherever they happen to be and without requiring changes to the firewall protecting visited premises.
Importantly, it works equally well from a borrowed PC (eg, an Internet kiosk), a notebook, or a PDA, providing a way of consolidating access methods.
There is some squabbling between vendors about whose product provides the best combination of facilities, but features to look for include support for a sufficiently wide range of terminal emulations (if you must support legacy applications), a Web client that can be used without prior installation (for access from borrowed PCs or Internet cafés), automatic, secure clean-up after use (ditto), and integration with third-party security products such as antivirus, firewall, and patch management.
Watchguard is another SSL VPN advocate, but chief strategy officer Mark Stevens warns, "People are building pieces of the solution; there isn't really a mature solution."
When it comes to Wi-Fi security, Adam Radford, consulting engineer at Cisco, says WPA (Wi-Fi protected access) is a mature technology, and there is danger that making wireless access any more difficult will negate the productivity gains it brings.
When Wi-Fi is used to allow mobility within the organization's premises, one of the biggest threats is the unauthorized installation of an insecure access point, warns Spellman. While products exist to detect and isolate such units, Radford suggests the best way to discourage rogue installations is simply to provide wireless access.
Lost devices can be a security problem if they contain confidential data. Various third-party encryption tools are available, and some systems include it as standard. Mac OS X can optionally encrypt a user's entire home directory when they log out, and some IBM notebooks include a security chip that handles encryption and provides secure, on-chip password storage. Although that chip has been on the market for several years, "it remains unhacked," claims Erin Mikan, Australia/New Zealand brand manager of IBM's Personal Computing Division.
The wide availability of broadband in metropolitan areas mean employees can get similar connection speeds at home and in the office, making it practical for some people to work from home on a regular or intermittent basis. Some companies--including Toshiba--have flexible workplace policies, but in other organizations the level of trust between management and employees limits such practices, says Rothsay. He points out that work and life habits have changed, and organizations need to measure performance rather than hours of attendance.
"It's really workplace attitude that's going to drive mobility," says Rothsay.
Rather than involving additional costs, making employees mobile can yield savings. This is IBM's experience, according to Max Judd, wireless practice manager, IBM Business Consulting Services. A large proportion of the company's employees are out of the office for much of the time, and by adopting appropriate technology and support processes, IBM has been able to make substantial reductions in its real estate costs. "We've saved millions of dollars through this," says Judd. Mobility also forms part of IBM's HR strategy to encourage a good work/life balance.
IBM is aware of the need for a communications strategy for externally mobile employees to maintain the corporate culture and a sense of belonging. On-site events are one element, but "that proves to be increasingly difficult," he says.
The instant messaging feature of the company's Sametime collaboration software leads to frequent, brief exchanges between colleagues, which keeps people in touch and encourages that sense of belonging. IM is also useful for getting quick answers from colleagues while you're in a meeting, says Mikan. She endorses the flexibility provided by the workplace-balance practices, such as the way it accommodates parents' need to work around day-care pickup times. Most of her colleagues have broadband and wireless access at home, she says.
Providing internal Wi-Fi access can be remarkably cost effective. Radford says Cisco has found as little as one minute of extra connectivity per day per person is sufficient to justify the expense. Merely checking and responding to e-mails while waiting for meetings to start can be sufficient.
Even though hotspot charges sound high, they can be a way of saving money: using a softphone at a hotspot is normally much cheaper than making a lengthy overseas roaming call from a mobile phone. And people who are inclined to put in an extra hour or two at home in the evening are more likely to do so if they can choose exactly where they work--while watching TV, or alongside the kids while they do their homework. Radford finds it especially convenient when he's involved in overseas conference calls late at night, as the VoIP softphone saves him having to claim the cost of the call, and wireless mobility means he can make the call from a room where he won't disturb the rest of the family.
Another part of the puzzle is to move internal processes--leave or education requests, expenses claims and approvals, procurement, etc--onto an intranet. This makes them accessible to people in the field, reduces the need to visit the office, and allows more timely action, says Judd. "It's one of those hidden gems," he says, "we expect our internal processes to work very quickly."
Existing paper-based processes can be a barrier to mobility, says Henrik Stensfeldt, MD of Lexmark. It's not that the paper is necessary, it's just that organizations haven't redesigned their processes around electronic information and consequently the speed of those processes are limited by the movement of paper.
Swift & Moore drinks to smartphones
Liquor distributor Swift & Moore chose the i-mate smartphone for its sales force of 65, covering 4500 outlets. Earlier experiments with notebooks showed they were too unwieldy, so "we decided to go for tablets or PDAs," says IT manager John Tugwood. Trials involving sales reps showed the PDA was preferred.
In the absence of suitable off-the-shelf software, the company had O4 develop a system to support order entry (integrated with the ERP system), data collection and the "call card"--a list of tasks that reps are expected to complete with their customers during the current month. Further functions including presentations, promotions, stock allocation, journey plan (to manage a day's calls), and master file reference (to collect and update names, phone numbers, etc, and to store reminders for the next call) were added later.
Swift & Moore originally used Casio hardware with infrared connection to mobile phone for communications, but switched to iPAQ and more recently to the i-mate smartphone, which has built-in GPRS capability. It isn't mandatory for reps to use every function provided, but the system "seems to be getting 100 percent acceptance" since switching to the i-mate, says Tugwood. Even the built-in camera has a business application, allowing reps to record merchandising efforts.
Not everyone (including some younger employees) is initially comfortable with this technology, so applications needs to be especially easy to use, he says.
Since large quantities of data must be updated each month, the company takes advantage of monthly sales meetings to sync the units via a cradle attached to a PC. This helps keep GPRS bills under control. The i-mate also allows backup to a memory card, so it isn't necessary to resync from scratch after a failure.
A major part of the stored data is a two-year sales history down to the stock keeping unit level. Reps can use this information to show customers their comparative performance against neighboring stores.
The elimination of paperwork for data collection and for presentations provides a significant saving--around AU$60,000 (US$44,700) annually for each. "We've saved money, and it's more efficient," says Tugwood. Plans included providing access to intranet applications so reps can see live information such as stock levels.
"I'd like to see the full rich functionality you get in Excel and PowerPoint," he says, but tablets are currently too expensive. But the i-mate "is fantastic for collecting data. That was the whole reason why we went down this path."
"I think people would be crazy if they're not using this sort of thing in the field," he adds, as it is easy to justify the cost.
E-nabling field workers to stay in the field
Sydney-based e-nable Solutions offers a mobile system for field service operations that lets staff spend more time in the field as there's no paperwork to lodge.
The system offered with both the wireless and back-office components, or the mobile component can be integrated with an existing back end. Most potential clients are currently using a paper-based system, says managing director Paul Starr. While they have similar needs including work order dispatch, asset tracking, fault codes (problem/symptom/resolution), status changes (e.g. engineer has started working, credit card signed) and scheduling, the software can be customized to accommodate specific requirements in areas such as the work order content and format.
Clients are available for four device classes: basic Java phones (job dispatch only), more advanced phones (adds fault codes, etc), smartphone (adds parts, customer signatures, etc) and tablet (adds form filling, e.g. for house inspections).
Any wireless technology can be used, including Wi-Fi as the software auto-syncs while connected and caches information at other times.
Instead of charging upfront, e-nable provides the device and software for a monthly fee, e.g. AU$170 (US$127) per month per engineer for an O2 smartphone and software. Data charges are extra. By eliminating the capital expenditure, "we realize the ROI almost immediately," says Starr.
The back-end system is offered on an ASP basis for a AU$300 (US$224) hosting fee plus AU$72 (US$54) per user. It includes self-service elements, so customers can log their own service calls, see the status of a request, check invoices, and so on.
Overall benefits include more jobs completed per day, improved order to cash cycles, and full audit trails of engineer's time and parts used.
St Vincent's gives tablets to doctors
Melbourne's St Vincent's Health received funding from the Microsoft e-government innovation fund (created as part of the supply agreement with the Victorian Government) to set up a pilot implementation of wireless information access in the general medical ward at St Vincent's Hospital.
IS manager Jennifer O'Brien explains that ward was chosen because it was one of the busiest and is affiliated with the University of Melbourne. Residents and registrars are provided with HP tablet PCs that provide access to the patient information system plus pathology and x-ray results.
Redevelopments under the Department of Human Services' HeathSMART initiative provided the hospital with a good backbone network, requiring only the addition of wireless access points.
The pilot is still in progress, but initial results indicate rounds are running more efficiently, with fewer breaks needed to obtain information, improved care, and a positive response from patients. "It engenders a sense of excitement in the medical staff," she says.
Staff are typically in their 20s and 30s, and are "incredible adopters of technology," often buying their own equipment such as a PDA and loading applications such as a drug information database.
Similar pilots have been carried out at other hospitals, she says, but funding is an issue. Studies showing the benefits of large-scale rollouts are needed to justify a full implementation.
"A myriad of other benefits" have been identified, says O'Brien, as such pilots provide the opportunity to see how process improvement methodologies can be applied. For example, St Vincent's obtained the evidence needed to build a case for equipping medical staff with cordless phones.
"The tablet has been good," she says, but the weight and battery life are still an issue, as rounds often take more than four hours. The normal practice of automatically logging out an idle user is also an inconvenience, so the hospital is considering the use of proximity cards to provide more convenient security.
O'Brien believes that one reason for the success of the project is that the IT professionals and the clinicians involved both had some understanding of the others' requirements--that's probably not typical, she says. Support from executive management is also important, she says.
Securing mobile devices
To a mobile worker, there are benefits aplenty to mobile information access. However, as mobile access to sensitive corporate information becomes more popular and the number and type of mobile devices used to access such information increases, security is an important concern. Mobility has its own characteristics and, hence, security issues. Here are some security threats to mobile devices and the measures that enterprises should adopt to manage these threats.
Key mobile security concerns
- Exposure of critical information. Small amounts of WLAN signals can travel significant distance, and it's possible to peep into these signals using a wireless sniffer. A wireless intruder could expose critical information if sufficient security isn't implemented.
- Lost or stolen devices. Even if sufficient security is implemented in wireless virtual private networks (VPNs), if a device is lost or stolen, the entire corporate intranet could be threatened if those devices aren't protected by password and other user-level security measures.
- Mobile viruses. Mobile viruses can be a major threat, particularly with devices that have significant computational capabilities. Mobile devices, in general, are susceptible to viruses in several ways: Viruses can take advantage of security holes in applications or in the underlying operating system and cause damage; applications or applets downloaded to a mobile device can be as virus-prone as desktop applications; and, in some mobile OSs, malformed SMS messages can crash the device. The 911 virus caused 13 million i-mode users to automatically place a call to Japan's emergency phone number.
- E-mail viruses. E-mail viruses affect PDAs in much the same way regular e-mail viruses affect PCs (i.e., causing the PDA e-mail program to send multiple e-mails). These viruses are costly to enterprises and interrupt normal business too. PalmOS/LibertyCrack is an example of a PDA e-mail virus. It's a known Trojan horse that can delete all applications on a Palm PDA.
- Spam. Spam causes disruption and drives up costs when it's targeted toward wireless devices.
Actions businesses can take.
- Use advanced encryption and key management techniques to minimise WLAN-related security vulnerabilities. High-level security is available for WLANs using features such as Internet Protocol Security (IPSec) and security standards such as WPA and 802.11i.
- Put strict access privileges on mobile users to protect sensitive information.
- Create security policies specific to mobile device usage. Minimise the impact of a lost device: Password-protect all devices, encrypt sensitive documents on the device, and don't use automatic scripts for VPN login. Mobile device security policies should also include minimising access to limited sources using firewalls.
- Regularly back up PDA data to a PC to prevent damage from PDA-specific viruses and worms.
- Use antivirus software for PDAs. Network-level scans are the most effective, centralised way of preventing viruses and other disruptions associated with mobile devices.
- Access control should include both hardware/device-based authorisation and application-based authorisation.
- Provide specialised training to mobile device users and administrators, including simple guidelines for the physical security of devices and a reporting mechanism in case of loss or theft.
- For virus/spam protection, customer premises solutions (or behind firewall solutions, as they are called) are more effective than similar solutions hosted by the mobile carrier. Firewall solutions are much easier and effective to control and manage.
The key issue to mobile security is that no single security solution will work, given the nature of the mobile environment. And just extending the existing security infrastructure for mobile devices simply isn't practical.
Enterprises must treat mobile security as an independent task, and as an independent task, mobile-usage-specific security policies must be created and implemented. A comprehensive risk analysis of the potential security hazards associated with the use of mobile devices should be the first step along the path of mobile device security policy creation.
- Identify the reasons for adopting mobile systems and the information required by mobile workers.
- Phone, PDA, tablet, or notebook? It's horses for courses, but involve real users in the decision--there's no return if they won't use it.
- Design software for device and communications channel independence to retain flexibility.
- GPRS and 1xRTT have broad coverage, but are relatively slow (though fast enough to be useful).
- 3G is fast enough to be useful for taking conventional applications mobile, but coverage is limited.
- Wi-Fi is very affordable for in-house mobility. Hotspots are increasingly widespread, but pricing can be an issue.
- Wireless broadband is becoming more widely available.
- Don't forget voice communications. Modern systems can integrate desk and mobile telephony with e-mail and other computer-based communications.
- SSL VPNs provide a convenient way of controlling access from the outside world.
- Mobility can yield substantial cost savings, but you'll need the organizational practices and procedures to support it.
This article was first published in Technology & Business magazine.