The handheld devices used in enterprises traditionally have been like an executive's company car, leased and maintained by the employee, though paid for by the boss. But in some cases they're evolving into a corporate asset tightly controlled by the IT department, for security as well as productivity reasons.
Mobile e-mail software vendor Good Technology Inc. on Monday is set to expand its product line to help IT maintain that grip even as employees travel. Good Mobile Defense, an optional add-on coming in January for the company's GoodLink wireless messaging software, lets administrators control five key aspects of security policy over the air, said Dan Rudolph, director of product management at Good, in Santa Clara, California. The product is based on SureWave Mobile Defense, which Good acquired earlier this year through its purchase of JP Mobile Inc. It uses the GoodLink messaging mechanism to reach and modify devices in the field, Rudolph said.
There are already tools on the market that let administrators control mobile devices, such as software that disables the digital cameras built into phones. But today, the IT department has to get the device into its hands or rely on the user to carry out changes, according to Rudolph.
"One of the shortcomings in the past has been IT's inability to enforce the policies once the device is in users' hands," he said. "It's been incumbent on the user to actually comply with and download the policies that IT sets."
Good Mobile Defense lets administrators manage five types of policies:
-- advanced password management, including setting and resetting passwords for devices and applications, as well as forcing employees to use strong passwords;
-- device use control, such as blocking access to Bluetooth, Wi-Fi, camera or synchronization software;
-- application lockdown, in which IT can create and modify a "whitelist" of programs users are allowed to download and run;
-- encryption management, application-specific rules about which types of data on the device have to be encrypted;
-- data erasing, for setting policies on what actions -- such as three failed password attempts -- should trigger the erasure of all data on the device.
Industrial Bank, in Washington, D.C., earlier this year chose GoodLink to give executives, loan officers and some other employees mobile access to their Microsoft Corp. Exchange e-mail. It has issued Palm Inc. Treo 650 handhelds from Cingular Wireless LLC to 25 employees so far. GoodLink had security capabilities that Research In Motion Ltd.'s (RIM) BlackBerry products didn't have, including compliance with FIPS (Federal Information Processing Standards), said Michael Johnson, the bank's director of information services. These helped the deployment plan pass a rigorous review by management, he said.
Johnson welcomed the coming Good Mobile Defense mechanisms for maintaining central control of the remote devices. In particular, he wants the ability to lock out features of the Treos, enforce password policies and delegate specific capabilities to employees based on their roles, he said. The bank already maintains a tight ship: It delivered the Treos to users without the synchronization cable for uploading content and applications from a PC, and in any case, employees don't have the administrative rights to load the Palm Desktop synchronization software on their PCs.
Johnson hopes to deploy custom loan processing applications to the Treo 650s in the future. Having loan applications on handheld devices could allow loan officers to cut hours or days off approval time or even approve loans while at the borrower's location, he said. Industrial is a relatively small bank, with about US$300 million in assets and eight branches in Maryland and the District of Columbia, and the market for loans is highly competitive, Johnson said.
"As a bank that doesn't have the resources of, say, a Bank of America, we've got to use every advantage we can," Johnson said.
Enterprises are just starting to wake up to the need for employees to have mobile devices with e-mail and application access, and security is a critical concern for them, said Kitty Weldon, an analyst at Current Analysis Inc., in Sterling, Virginia. Once handhelds are used to access corporate databases or applications, the IT department will want to own and control them, she said.
Good is facing tough competition from RIM's BlackBerry handhelds and its BlackBerry Connect software for other vendors' devices, as well as from Microsoft as it rolls out Windows Mobile 5.0, Weldon said. RIM's system is quite secure when used with a BlackBerry, but Good now seems to have the edge over Windows Mobile and BlackBerry Connect, she said. This may prove critical as the enterprise-oriented market clusters around two vendors.
"I think if there is room for a third, it's going to be Good," Weldon said.
Existing customers of Good will be able to buy Good Mobile Defense starting in January, and later, users will be able to buy it on a monthly basis through carrier partners that sell Good's software, Rudolph said. Prices have not yet been set, but a one-time license fee should be less than $100 per user, he said. Added to the monthly fee for a carrier's data plan, Good Mobile Defense would probably cost between $5 and $7 per user, according to Rudolph. Customers that don't use GoodLink could buy the Good Mobile Defense but would not get the over-the-air management capability.
Good was also set to announce on Monday that it will preload McAfee VirusScan Mobile in the Good Management Console, which is used to control GoodLink, so IT administrators can more easily push the antivirus software out to employees' devices. The McAfee software will be available in a trial version and enterprises can buy full licenses from McAfee, Rudolph said. They also will be able to set policies regarding the presence of the antivirus software, such as requiring that it be on the device before any other software is loaded, he added.