Henze started with the basics, such as password management, auto-disable and remote wipe, but is adding centralized encryption. The platform also backs up applications and data on the phones and reports on configuration and memory utilization, which speeds troubleshooting. It also takes inventory of applications stored on the phones and disables any that aren't approved.
Henze also notes that the help desk manages the smartphones rather than a senior network engineer. In fact, a portal enables users to check on their phone usage and even perform tasks such as remote wipes and configuration themselves. "The [MobileIron] appliance makes it easier from an IT perspective," he says.
For Henze, the work of smartphone security has just begun. For instance, he's considering integrating digital rights management with the smartphone management platform.
"Let's say a person working with us has a laptop full of confidential information, and he gets terminated," Henze says. "With digital rights management, the device would check in with the authentication server to see if he's still a legitimate user, and if he isn't, he wouldn't be able to read those files anymore." This works better than remote wipe, he says, because if files are stored on a removable card, there is no way to delete them.
There have been concerns from some users about the Big Brother aspect of having IT monitor their phones. However, this concern is outweighed by the fact that IT can provide better service when it comes to new phone deployments, replacements and remote troubleshooting, Henze says. For instance, IT will be able to configure a new phone right after it's purchased, rather than taking three or four days. "They'll be up and running in no time, and when that happens, they'll appreciate it," Henze says.
In the end, there's no single means of maintaining security as more and more smart phones enter the enterprise, whether they're issued by the company or brought in by employees. But what's certain, says Winthrop, is that you can't just give employees free rein. It's not uncommon for IT to allow individuals to be responsible for their own devices, or even encourage the idea. But in the end, he says, it's the employer that's liable if data gets leaked.
"There's a fascinating issue here, in that employees don't think too long or hard about which laptop they're going to get," Winthrop says. "But they're absolutely going to ask 'Why did or didn't they give me a BlackBerry?' or 'Why can't I bring in my iPhone?' or 'I wonder if I can get a [Palm] Pre?' " But even if organizations want to cater to every user's desire, he says, they need to take into account the need to manage the devices and the information that passes through or is stored on them.
In fact, smartphones should be viewed not as phones, but as PCs that happen to make phone calls, Winthrop says.
According to Henze, that notion has turned the world inside out. "In the old days, there was the Internet, the intranet and the internal corporate network," and each was distinct from the other. But today, with miniature yet powerful mobile devices carrying data wherever a person can go, "the egg is scrambled," Henze says. "Data sits wherever, and it's much more difficult to get ahead of it."
Brandel is a Computerworld contributing writer. You can contact her at marybrandel@verizon.net.