Pages

Total Pageviews

Monday, July 01, 2013

Enterprise Mobility Management For Shared, Personal Devices




“Mobility” includes the different multi-modal mobile endpoint devices and the “mobile apps” that are having a huge impact on both consumers and business users who only want to carry a single, personalized device to do all of the following:
1.      Communicate dynamically with people in a variety of ways for either business or personal contacts
2.      Access information and self-service applications as consumers or employees in various modes
3.      Control personalized automated notifications
4.      Because mobility requires dynamic flexibility of interaction, UC enablement will be very important for both contact initiators and contact recipients
The technology is still evolving to support all of the above, but the biggest hang-up seems to be keeping the “separation of church and state” for supporting the device, the public network access, and the mobile application middleware that must reside within the different endpoint devices. The big argument is concerned with security of any information that can be accessed by the mobile device and most IT folks think they need to control the whole device to protect their business data.
Several years ago, when Apple came out with the first “smartphone,” I remember posting an article that suggested that access security to enterprise data should be controlled at the application levels, not at the device or network levels. I still believe this is a viable approach. Obviously, it will be a combination of authentication and encryption that will enable maximum end-to end security in the mobile Web environment that smartphones and tablets will exploit.
The BYOD game is forcing organizations to accommodate user choice of mobile device for both person-to-person communications and business applications access. Mobile devices should have thin clients to primarily provide wireless access to applications that control data access, and not store either applications and data that will be in ‘private” or “public” clouds. That will minimize enterprise responsibilities for supporting end user mobile devices for employees, business partners, and customers to different levels of control on the device for what my colleague, Michael Finneran, describes as "Secure Containers" and all the MDM (Mobile Device Management) platforms have them.
I used to employ the term “Dual Persona” for describing the above mobile device management requirement, but if you think about it, every mobile user is not just an employee of a particular organization, but, as a consumer, in addition to personal/social contacts, they have business relationships all over the place, each of which require the same kind of security protection of authentication and encryption. I suggest that the personal mobile device must be controlled primarily by the individual end users (especially when it comes to privacy issues), and supported by the network service provider end users subscribe to, while specific business application access should be controlled by the organization that provides such mobile applications for authorized access by their employees, partners, and customers through their business “app stores.”   
So, we really can have “separation of church and state” within a mobile device, except that there really will be many “states,” i.e., online applications from different service providers that will be personalized for individual mobile users, employees, partners, or consumers. Enterprise organizations have to accept the fact that BYOD means they are “sharing” the use of a user’s mobile device, and therefore should only control the access to business information that is primarily stored on web portals, not on the mobile device itself. That means if a mobile device is lost or stolen, every provider of information access applications to a specific user has to be notified and be able to take protective action. Mobile services are not a “one-stop shop!”
What do you think?
Copyright © 2013 The Unified-View, All Rights Reserved Worldwide