Managing and Securing Mobile & Wireless ... - Computerworld

Managing and Securing Mobile & Wireless ... - Computerworld

SPECIAL ADVERTISING SUPPLEMENTWhitePaperJune 16, 2003Managing and SecuringMobile & Wireless Resources

SPECIAL ADVERTISING SUPPLEMENTManaging and SecuringMobile & Wireless ResourcesAs the mobile workforce continues to grow, IT organizationsturn to new tools that let them support a dizzying array of devicesInterestingly, both vertical enterprise workers(such as healthcare, education and financialservices staff) and horizontal enterprise workers(such as consultants and sales representatives)will soon make up a predominantly mobileworkforce. According to research firm IDC, more thantwo-thirds of all U.S. employees will be classified asmobile by 2006.J. Gerry Purdyand Fritz JordanMobileTrax LLCMobile workers will travel andwork in various private and publicenvironments, such as campus buildings,industrial plants, client sites, airportexecutive lounges, hotel roomsand their residences.They willseek wired andwireless data networkaccess overoften unreliable,unsecured andbandwidth-constrained connectionsto maintain their mobile productivity.Consequently, the enterprise networkwill be extended into campusand mobile environments to providethese workers seamless access totheir mission-critical enterpriseapplications, email, personal informationmanagers (PIMs), corporatedatabases and other mobile resources.This means IT managers and helpdesk staff will have to extend theirown services into the same campusand mobile environments to supportnot only mobile workers’ data accessneeds, but also a proliferation ofmobile and wireless devices.According to Framingham, Mass.-based IDC, there will be over 112 millionenterprise mobile devices for ITsupport staff to service in 2004. Manyof the devices, such as personal digitalassistants (PDAs) and smart phones,cost up to $500.However, due primarily to theinefficient extension of IT support inmobile environments, the total cost ofownership (TCO) of mobile andwireless resources often equals five to10 times the average capital cost of thedevices themselves. For example,Stamford, Conn., research firmGartner Inc. estimates the TCO for aPDA at $2,700, but that cost soars to$4,400 if the PDA is enabled with awireless adapter.Various mobile resource management(MRM) solutions address thedata communication and computingneeds of the mobile workforce andrelieve related support pains. MRMrefers to the “lifecycle management”of mobile, wireless and remotedevices and related software, contentand data, with a primary focus onenterprise applications. MRM solutionscentralize mobile resource management,drive increased mobileworkforce productivity and decreasethe TCO for mobile resources.MRM MarketAs the mobile workforce increasesand mobile and wireless devices proliferate,the MRM market is expectedto grow at a proportionately highrate. IDC estimates it will top $7152Computerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES

SPECIAL ADVERTISING SUPPLEMENTmillion in revenues by 2006, a 42.6%compound annual growth rate over$121.3 million in 2001. Similarly,Gartner forecasts a five-year growthrate of 40% in MRM market revenues,from $135 million in 2000 to$750 million in 2005.MRM SolutionsMRM solutions implement productlifecycle management and help ITcontrol and centralize the monitoring,recording, installing, configuringand upgrading of mobile, wirelessand remote device systems, operationalsoftware and mission-criticalapplications. The primary MRM featuresare systems management, softwaremanagement, data management,security management and centralizedadministration.MRM solution architectureincludes a server, a management console,a proxy service and a deviceclient. The MRM platform can beintegrated with legacy managementsystems like authentication servers(e.g. RADIUS), user directory servers(e.g. LDAP) and desktop managementplatforms (such as Microsoft’sSystems Management Server, orSMS). Figure 1 shows a typical MRMarchitecture, this one from CredantTechnologies’ CREDANT MobileGuardian (CMG) system diagram.MRM VendorsAs Figure 2 shows, MRM vendorsconsist of heritage desktop management(e.g. Novell or Tivoli), remotecontrol (e.g. Altiris or XcelleNet) anddatabase synchronization (e.g.Synchrologic or Sybase) solutionFigure 1.Typical MRM architecture – Credant’s CMG solutionSales Group (many to many)Marketing Group (one to many)Management Group (one to one)Windows Shield DevicesSource: MobileTraxSSLRemoteGatekeeperEnterprise ServerRemote GatekeeperGatekeeperCMG Enterprise ServerCMG ComponentsPDA ShieldWindows ShieldVPNInternetFirewallSSLExisting LDAP SolutionADS E-Dir SunONEWEBSync at HomeETC...RASproviders—collectively known as“mobile device management” vendors—in addition to mobile device securityvendors, such as Wavelink andSenforce Technologies.Most MRM vendors have extendedtheir heritage product features toprovide end-to-end MRM solutions,including security features. Theseextended MRM features are added tovendors’ product suites throughinternal research and development,cross-vendor licensing and mergerand-acquisitionstrategies. For example,Novell, a heritage desktop managementvendor, acquired Callisto, aheritage remote control vendor, toextend Novell’s ZENworks productfunctionality.Systems ManagementSystems management functionsallow IT support staff to deploy, manageand troubleshoot mobile andwireless systems. Key systems managementfunctions include asset management,operating systems migrationand license management.• Asset management. Assetmanagement functions enable theComputerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES3

SPECIAL ADVERTISING SUPPLEMENTmonitoring, tracking and reporting ofmobile and wireless hardware andsoftware. The data is stored in OpenDatabase Connectivity (ODBC)-compliant data sources, such asMicrosoft SQL Server, for the purposesof license management, softwaredeployment and TCO management.• Operating system migration.Operating system migration providesa pre-migration assessment of theuser’s software and hardware landscape,including a snapshot of thecomputer personality setting. Postmigrationstatus reporting and securitypatching are also used after theinstallation is complete and the personalitysettings are restored. Mostcurrent operating system migrationsinvolve upgrades of Windows 9X/NTto Windows 2000/XP.• License management. Licensemanagement functions include theauditing of user devices to determinethe status of their software licenses.Software usage information is used todetermine the number and type ofapplications, as well as redundantand unused software licenses.Additionally, software license contractscan be managed with built-innotification policies in cases in whichlicensing amounts have been exceeded,as often happens.Software ManagementSoftware management functionsallow IT support staff to provide policy-baseddeployment, management,troubleshooting and upgrade ofmobile and wireless operating softwareand mission-critical applications.Key software managementfunctions include software installationand updates, configuration andtroubleshooting.• Installation and updates.Software installation and updates canbe planned based on asset managementinformation and user profiles.Queries can be used to group mobileand wireless devices that containFigure 2.Source: MobileTraxMRM VendorsMRM Vendor Web Site MRM Heritage Primary MRM ProductAether Systems Data Synchronization Aether ScoutSyncAirPrism Remote Management The AirPrism SuiteAltiris Remote Management Client Management SuiteBluefire Security Technologies Device Security Bluefire Enterprise ManagerCredant Technologies Device Security CREDANT Mobile GuardianExtended Systems Data Synchronization XTNDConnect ServerIBM Tivoli Desktop Management TivoliManageSoft Desktop Management ManageSoft 6.5Marimba Desktop Management Desktop/Mobile ManagementMobile Automation Remote Management Mobile Lifecycle Management SuiteNovadigm Remote Management RadiaNovell Remote Management ZENworks for HandheldsON Technology Desktop Management ON iCommandPumatech Data Synchronization Enterprise IntellisyncRapport Technologies Remote Management Rapport 4.0Senforce Technologies Device Security Senforce ShieldSybase Data Synchronization i-Anywhere m-Business PlatformSynchrologic Data Synchronization Synchrologic Mobile SuiteTargus Device Security Targus DEFCON MDPVaultus Device Security Vaultus Mobile PlatformWavelink Device Security Wavelink AvalancheXcelleNet Remote Management Afaria4 Computerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES

SPECIAL ADVERTISING SUPPLEMENTnewly installed software or requiresoftware upgrades, and automaticinstallations can be scheduled. Forexample, Rapport Technologies’Rapport 4.0 can update the clientdown to the BIOS level — a new levelof update capability.• Configuration. Devices can beconfigured to ensure a standardizedand authorized deployment of softwareand to eliminate employeeinstalledapplications and relatedrogue applications. Device buttons,menus and power settings can also beconfigured.• Troubleshooting.Troubleshooting functions includethe monitoring of installed software,the detection of missing or corruptedfiles and the distribution of softwarepatches and replacement of missingfiles—all completed in the backgroundof a communication session.Data ManagementData management functions allowIT support staff to ensure reliabledata transmission across various datanetworks, such as wired and wirelessLANs and WANs and the Internet.Key data management functionsinclude database synchronization,bandwidth management, data compression,checkpoint restart andbyte-level differencing.• Database synchronization.This allows for wired and wirelesssynchronization of mission-criticaldata and applications, such as PIMsand email, and includes backup-andrestorefunctionality.• Bandwidth management.Bandwidth management functionalityenables background diagnosticanalyses, software upgrades and filetransfer by allocating limits to theamount of bandwidth used during acommunication session.• Data compression. This isautomatically implemented based onthe bandwidth limitations of thewired or wireless connection.As a significantnumber of verticaland horizontal enterpriseworkers travel and workin mobile environments,IT support staff willhave to provide themwith seamless, securemission-critical dataand applications.• Checkpoint restart.Checkpoint restart enables interrupteddata transmissions to resumeat the point of interruption when awireless connection is lost.• Byte-level differencing. Thisdifferencing enables changes andupdates only (as opposed to entirefiles) to be transmitted during filedistribution.Security ManagementSecurity management functionsallow IT support staff to implementdata, user, device and network securitybased on mobile and wireless securitypolicies. Wherever possible, thesecurity policies should be integratedwith wired security policies andshould be designed to adapt to changingenvironments. Security managementfunctions include data encryption,user authentication, locationawaremanagement, theft protectionand other popular desktop PC securitysolutions.• Data encryption. Missioncriticaldata is protected duringtransmission using HTTP and SecureSocket Layer (SSL)-based encryptionmethods. The Advanced EncryptionScheme (AES), a U.S. governmentapproveddata encryption algorithm(up to 256-bit key security), will soonreplace other limited encryption algorithmssuch as the RC4 stream cipherin wireless LAN systems.• User authentication. Userinformation stored on directoryservers, such as Microsoft ActiveDirectory, can be used to grant usersaccess to mission-critical applicationsand data.• Location-aware management.Device security solutionsshould be location-aware and automaticallyopen and close the device’sadapter ports, based on the changingenvironment, the user’s service preferencesand the security policies.• Theft protection. Biometricaccess (e.g. fingerprint reader),motion sensors and power-on passwordsprotect idle and unattendeddevices from potential theft.• Desktop PC security solutions.Popular desktop PC securityComputerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES 5

SPECIAL ADVERTISING SUPPLEMENTsolutions, such as virtual private networks(VPNs), personal firewalls andanti-virus software applications, canbe implemented by IT organizationsto protect the mission-critical dataand applications on mobile computingdevices.Centralized AdministrationThe centralized administration oftoday’s MRM solutions can help ITsupport staff efficiently and effectivelycontrol the management of mobileresources. Centralized administrationfunctions include console management,remote control and legacyplatform integration.• Console management. A managementconsole allows IT supportstaff to deploy, manage and updatesystems, software and data from aWeb-based interface.• Remote control. Remote-controlsoftware enables IT support staffto view, operate, diagnose, configureand maintain mobile and wirelessdevices over the Internet or a wirelessnetwork using a centralized consoleand without user intervention. Thefunction has traditionally been usedto control remote machines, such aspoint-of-sale terminals, kiosks andutility meters.• Legacy platform integration.MRM solutions should always beintegrated with desktop managementplatforms in order to ensure the centralizedand consistent policy-basedmanagement of both fixed andmobile enterprise resources. Legacyplatforms include managementservers (some examples includeMicrosoft’s SMS and Hewlett-Packard Co.’s OpenView ServiceDesk) in addition to directory serverssuch as LDAP and Microsoft’s ActiveDirectory.ConclusionAs a significant number of verticaland horizontal enterprise workerstravel and work in mobile environments,IT support staff will have toprovide them with seamless, reliableand secure mission-critical applicationsand data. Moreover, IT organizationswill be faced with the challengeof supporting a proliferation ofmobile and wireless devices, remoteAbout MobileTraxterminals and nearly endless relatedoperating software.The rapidly expanding universe ofMRM solutions, which include systemsmanagement, software management,data management, securitymanagement and centralized administrationfeatures, will greatly helpenterprise IT organizations efficientlyprocure, deploy, configure, monitor,upgrade and secure mission-criticalmobile resources. The MRM solutionswill efficiently manage andsecure mobile resources, resulting inan increase in mobile worker productivityand a decrease in TCO.❖MobileTrax LLC is a Cupertino, Calif.-based professional servicesfirm that focuses on the mobile computing and wireless data communicationsmarkets. MobileTrax provides market research andconsulting services regarding the enterprise and consumer markets.The MobileTrax Enterprise IT Service provides vendor-sponsoredmonthly in-depth reports regarding important mobile andwireless topics, including “What IT Needs to Know,” which gives ITgroups specific recommendations on what they must know to succeedin mobile and wireless deployments.MobileTrax publishes two free industry newsletters. “InsideMobile” provides editorial analysis and insights regarding importanttopics in mobile and wireless and is published on the first andthird Mondays of the month. “Mobile Letter” covers insightsregarding new products and services and is published on the secondand fourth Mondays of the month. For more information, or call (650) 248-9366.MobileTrax is headed by J. Gerry Purdy, Ph.D., a globally recognizedauthority on mobile computing and wireless data communications.Dr. Purdy is also a General Partner at DiamondheadVentures, an early-stage venture capital firm.6 Computerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES

SPECIAL ADVERTISING SUPPLEMENTMRM: An IT SupportStaff PerspectiveMany enterprise IT support staffs aren’t preparedto enforce mobile and wireless securitypolicies; efficiently provide seamlessaccess to mission-critical applications and data; andsupport the proliferation of mobile and wireless devices.MRM solutions address the mobile and wireless“pains” of enterprise IT support staffs, as demonstratedby the following deployments.S.H. Leggitt: Centralizing theManagement of HandheldsThe increased use of handheld devicesby the mobile workforce presentsvarious challenges to IT supportstaffs. They must manage their mobileand wireless inventories and deploy,upgrade and maintain the missioncriticalapplications and contentfrom a central management console.S.H. Leggitt is an industrial productsmanufacturer. The company isheadquartered in San Marcos, Texas,and provides IP gas regulators, hoseassemblies, custom brass fittings andplumbing components for the LP gas,RV and plumbing markets. Naturally,the company employs a significantnumber of consultants and sales representatives,many of whom usehandheld devices.S.H. Leggitt needed an MRM solutionthat could centralize and remotelymanage its handheld deviceusage, licensing and memory statusas well as upgrade and distribute itsmission-critical documents and contentto the mobile workforce. Afterevaluating several solutions, the companyselected Novell’s ZENworks forHandhelds solution to address itsmobile and wireless “pains.”Novell ZENworks for Handheldsprovides automated management ofhandheld devices to increase mobileworkforce productivity and to reduceTCO. ZENworks for Handheldsprovided the S.H. Leggitt IT supportstaff with the following benefits:• Remote management and securityof the handheld devices througha central management console.• Systems management, includinginventory tracking; software licenseauditing and upgrades; and systemmemory monitoring and upgrades.• Software management, includingthe configuration of standardizedbuttons, menus and settings on themobile devices and the remote deliveryof PDF-formatted content.INTEGRIS Health: Managing theSecurity of PHIMedical staffs use PDAs to retrieve,store and update protectedhealth information (PHI). If thehandhelds aren’t properly managedand secured, the PHI stored on themmay be carelessly exposed or lost.The Health Insurance Portabilityand Accountability Act (HIPAA),which was enacted to enforce theprivacy and security protection ofconsumers’ electronically transmittedmedical information, will impactmany healthcare service providersand their ability to competitivelyprovide managed and secured mobileand wireless services.INTEGRIS Health is a healthcaremanagement operation. The companyis based in Oklahoma City and operatesvarious medical facilitiesthroughout the state.INTEGRIS Health needed anMRM solution that would enable itto enforce its wireless security policies,support various handheld devicesand comply with HIPAA. Thecompany selected Credant Technologies’CREDANT Mobile Guardiansolution to address its mobile andComputerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES7

SPECIAL ADVERTISING SUPPLEMENTwireless “pains.”CREDANT Mobile Guardian(CMG) addresses security issueswith centrally managed policy administrationand on-device user authenticationand policy enforcement.CMG provided INTEGRIS IT supportstaff the following benefits:• User- and role-based mobile andwireless security policy enforcement.• User authentication (e.g. PINsor passwords), including self-servicereset options and the encryption ofdata residing on corporate databases,and removable CompactFlash cards.• Automated installation and updateof software during synchronizationand the purging of PHI from lostor stolen mobile devices.What IT Needs to KnowAs the mobile workforce grows and mobile and wireless devices proliferate,IT support staff must provide for the adequate and efficientmanagement and security of mobile mission-critical applications anddata. Key MRM strategies IT support staffers need to know are:• Develop and implement mobile and wireless security policies thatare integrated with campus and wired security policies and cover theprocurement, deployment, management and security of mobile devicesand mission-critical applications and data.• Procure and deploy an MRM solution that enables system, software,data and security management through use of a central managementconsole.• Compare and select MRM vendors based on the relative strength oftheir heritage features (e.g. synchronization or device security) as wellas their ability to provide an end-to-end MRM solution.8 Computerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES

MRM: A MobileWorker PerspectiveMobile sales and service workers need realtimeaccess to enterprise networks anddatabases to provide just-in-time salesand services based on customers’ personal attributesand histories. They also need reliable and transparenttroubleshooting and maintenance support. MRM solutionsaddress the mobile and wireless “pains” of mobileworkforces.Tulsa Dental needed anMRM solution that wouldenable its mobile workforceto gather salesorders from the field,synchronize with theenterprise database andreceive updated clientinformation.Tulsa Dental: Enabling PersonalizedMobile Product SalesMobile sales workforces use mobileand wireless devices to provideproduct sales and related value-addedservices. These road warriors need reliableand frequently updated clientinformation that can be accessed atregular intervals and customized todrive incremental and repeat sales.Tulsa Dental, a division ofDENTSPLY International, is a medicalequipment supplier. The companyis headquartered in Tulsa, Okla.,and provides endodontic products todentists. Its field sales representativessell directly to dentists. Theirbroad line of offerings includes educationalcourse enrollment, productliterature, dental supplies and equipmentfor dentists’ offices.Tulsa Dental needed an MRM solutionthat would enable its mobileworkforce to efficiently gather salesorders from the field; periodicallysynchronize the content with the enterprisedatabase back at headquarters;and receive updated product,service and client information. Thecompany selected Synchrologic’sMobile Suite solution to address itsmobile and wireless “pains.”Synchrologic Mobile Suite helpscompanies lower the total cost ofownership of mobile devices while simultaneouslyproviding controlledaccess to the mission-critical informationneeded by workers to stayproductive in mobile environments.Synchrologic Mobile Suite providedthe Tulsa Dental mobile workforcewith the following benefits:• Periodic or immediate transmissionand retrieval of mission-criticalcustomer information through synchronizationfunctions.• Current customer information,including sales histories and productand literature orders.• Value-added service capabilities,such as educational course enrollmentand mobile credit cardbilling.Federated Insurance: ProvidingReal-Time Mobile Customer ServiceMobile service workforces requireupdated product or service informationin order to provide the superiorcustomer service required by enterprisesseeking to compete in the challengingeconomy that has held swayfor the past three years. Therefore,Computerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES9

SPECIAL ADVERTISING SUPPLEMENTthese mobile professionals need to retrieveupdated service policies, documentationand forms in real-time ifthey are to respond as quickly and accuratelyas possible to their customers’questions, concerns andneeds while in mobile environments.Federated Insurance is a mutualproperty and casualty insuranceprovider. The company is headquarteredin Owatonna, Minn., and specializesin business insurance for awide variety of vertical markets. Alltold, the company employs more than200 field marketing and servicestaffers, who provide in-person policysales, loss prevention educationand claims resolution.Federated Insurance needed anMRM solution that would enable itsmobile workforce to efficiently accessthe corporate intranet anddownload updated policies, forms,contracts and other mission-criticalcontent. After evaluating a broadcross-section of potential solutions,the company selected XcelleNet’sAfaria solution to address its mobileand wireless “pains.”XcelleNet Afaria provides mobileand wireless systems and softwaremanagement functions that bring notonly greater efficiency, but also increasedproductivity and significantlyimproved user satisfaction. Afariaprovided the Federated Insurancemobile workforce benefits that includedthe following:• Rapid access to mission-criticaldocuments and applications using thesame Web-based intranet interfacethat’s used by desktop PC users.• Automated, seamless and efficientupdates of mission-critical documentsand software applications usingsuch tools as byte-level differencingand checkpoint-restart functions.• Automated Web-based troubleshooting,including the backgroundreporting, repair and replacementof any files that are corruptedor missing.What Mobile Workers Need to KnowMobile workers must be ableto access mission-critical applications,content and data tomaintain their sales productivityand to ensure superior customersales and service. Key MRMstrategies mobile workers needto know are:• Access mission-critical application,content and data witha Web-based interface that is integratedwith and similar to theirdesktop management infrastructureand interfaces.• Retrieve only the updates orchanges in mission-critical documentsor content through efficientdata management functions,such as checkpoint-restartand byte-level differencing.• Troubleshoot and repair mobiledevice systems transparentlythrough background monitoringand maintenance functions.10 Computerworld Custom Publishing / MANAGING AND SECURING MOBILE & WIRELESS RESOURCES

More magazines by this user
Similar magazines