Your workforce might use handhelds, but does your business have a
mobile strategy? Karl Cushing and Daniel Thomas take a look at what
you need
Personal digital assistants (PDAs) have reached the stage in
popularity and development where companies cannot afford to ignore
the potential business benefits - or the security risks - they
represent.
Recent increases in functionality and storage capacity have enabled
handhelds to outgrow their role as glorified electronic personal
organiser, with applications such as performance management, remote
training and inventory augmenting personal information management
tools like calendars, diary synchronisation and e-mail now
available.
Following the launch of Microsoft's PocketPC 2002 last year, a
growing number of enterprises have introduced mobile strategies or
pilot schemes using handhelds. Enterprises are now driving sales of
PDAs, where once it was only individuals, resulting in rapid
growth. According to IDC, worldwide shipments of handhelds will
increase from 13.6 million in 2000 to 70.9 million by 2005.
However, to reap the benefits of mobile devices like PDAs and make
sure that the business benefits outweigh the potential pitfalls,
companies need to draft a mobile strategy and address key issues
such as security, interoperability and legal liability.
To start with, a business can standardise the platform and the PDAs
in use within the organisation. In most cases this will come down
to a choice between Microsoft's Windows CE/PocketPC, Symbian's Epoc
or the Palm operating system. One organisation that has just gone
down this road is the BBC, which recently began an 18-month
programme to standardise on a single PocketPC PDA platform for
staff to improve security, increase central control and better
protect sensitive material held on the PDAs such as journalists'
contact databases. However, this approach will not suit everyone
and may not be practical for your organisation.
Forcing users to have the same platform - even if there is a strong
business case for doing so - can create problems. Different users
have different needs. Some may like the simplicity of the Palm,
while others will prefer the extra functionality of PocketPC-based
devices such as the Compaq iPaq. As Johan Lisnell, business
director at IT services giant EDS, says, "There are personal
opinions based on things other than pure business value."
Then there is the problem of logistics. Val Rahmani, general
manager for IBM's wireless division, for one, doubts that a
one-type-suits-all approach can work in reality. "Companies will
not be able to dictate which devices people are going to use," she
says.
Gartner Group analyst Thomas Reuner points to another problem.
"People do not always report their PDA use if it is unofficial, so
companies should encourage users to be more open," he says. The
next step, says Reuner, is to do an audit of what PDAs staff are
using and what they're using them for.
These devices are generally used for personal information
management purposes, office applications and Internet access.
However, as the power of PDAs increases, other applications such as
voice and picture capture, navigational aids and remote access to
corporate data are becoming more common.
According to Paul Williams, senior consultant at business
consultancy Andersen, companies should consider segmenting users
into meaningful groups to work out which applications would be most
suitable. "It may be worth considering applications that would be
useful for specific job roles or certain employees such as those
who work away from the office," he says. "Performing an analysis
should make it easier to produce a business case for the
applications you wish to deploy."
Defining how the PDA is used will allow a company to fully exploit
the business benefit of the devices. Lisnell says, "In seeking
industrial value, one will soon see that it is, of course, not the
PDA itself that creates this, but how it is used and what it is
used for."
For those companies which are unwilling - or simply haven't
considered - standardising on a single platform there is a range of
software available to increase interoperability between different
operating systems. Palm's Documents To Go software, for example,
allows users to access Microsoft Word, Excel and Powerpoint files.
And management framework solutions such as Tivoli Handheld Device
Manager can be used to distribute software and manage device
configurations. Other packages, including e-mail synchronisation
packages like Multimail, can limit the length of downloaded
messages and attachments.
Addressing the logistics of how PDA users access corporate systems,
information and applications is another important consideration.
Most users dial in via a Pop3 (Post Office Protocol) server, an
Internet service provider or through a thin client provided by
application software suppliers such as Citrix. Security is a key
issue here. As well as the basics, like password systems and
automatic lock-out after three incorrect password attempts, there
is a range of bolt-on products available. PDAs can now be fitted
with similar levels of access control and 128-bit encryption to
desktop PCs and laptops.
Applied Biometrics, among a number of companies, produces a clip-on
fingerprint recognition device that can either lock your PDA or bar
access to specific applications. Future versions of Palm's
operating system will even feature voice recognition security. And
software firms like Borderware offer virtual private networks for
handhelds like the PocketPC and the Palm to encrypt the connection
from the PDA and protect the transmitted data.
Education should underpin any mobile policy. IT managers need to
raise user awareness of the key issues and stress the importance of
security safeguards. A good idea is to manage control centrally so
that security is as intuitive as possible and users cannot alter or
circumvent settings.
Magnus Ahlberg, managing director of security software firm
Pointsec Mobile Technologies, recommends that IT security managers
adopt a three-point security plan.
- Ensure that systems are physically secure, using methods such
as encryption and access control
- Put legal safeguards in place within the company to govern how
employees access and use data
- Address financial issues and insurance to safeguard against
potential financial implications resulting from the loss of
data.
Ahlberg points out that, on top of the danger from theft, the PDA's
owner and the directors of the company may be liable under the Data
Protection Act for failing to take reasonable steps to protect the
personal information.
The positioning of PDAs as a tool for corporate users poses "a big
problem", says Ahlberg, as PDAs can present a security threat to
the corporate network and become a time-bomb in staff hands.
However, he maintains that, as long as companies put appropriate
security and policy controls in place, mobile devices can be a
cost-effective option and provide similar freedom and advantages to
the laptop.
Strategy plan
- Conduct an audit to see exactly how many and what PDAs are
being used
- Analyse how the devices are being used - is the business
getting the most benefit?
- Decide how PDA users will access corporate information
- Choose between standardising on one platform or managing
various platforms
- Make security a priority - both in terms of technology and user
education.
Users' reactions to PDAs
Corporate IT user group The
Infrastructure Forum carried out a survey on the role of the PDA
via the Q&A session on its Web site in February. The results
were:
- 45% of respondents said privately-owned PDAs should not be
permitted on a corporate network and just 30% said they should
- 50% favoured the Compaq iPaq over any other model of PDA
- 60% recognised the need for security arrangements to be made,
including password protection, document management, encryption and
anti-virus measures but only 20% said they had put these plans in
place or felt they could be enforced
- 75% of respondents used cradle or cable links to the network,
although many also use infrared connections. One member commented
that "using infrared is OK to exchange data with a colleague or
when you must, but it's a pain to do a few times a day", whilst
another said, "Infrared has been a great success as the need for
cables is unpopular among users."
Not to be forgotten
- Usefulness - PDAs have limited functionality and should be seen
as an additional tool, rather than replacing lap- or desktops
- Support - involve technical support staff in planning and
ensure they have the training and resources available to meet
demand from PDA users
- Hidden costs - make sure you budget for support, replacement of
lost and damaged units, upgrades, peripherals and network
enhancements.
Eight steps to securing your handheld
Magnus Ahlberg,
managing director of security software firm Pointsec Mobile
Technologies, offers the following advice:
- Include mobile devices in the company security policy and
educate staff about the security implications of mobile devices and
what will happen if they fail to observe the rules
- Use access control systems and encryption devices on all mobile
devices, which cannot be circumvented by the user
- Use dynamic passwords or certificates for remote users
- Do an audit to find out who is using a mobile device and
whether they are owned by the company or the employee
- Ban staff from storing customer and company information on
their own mobile devices unless they have adequate security
provisions in place
- Use security products that are compatible with all mobile
devices and software versions and can be controlled centrally
- Make security intuitive: don't use products that let the user
alter the settings
- Use up to date software.
Case study: Scandinavian Airlines
Airline staff can dock on anytime, anywhere
Scandinavian
Airlines (SAS) rolled out a PDA-based system last year to give its
staff remote access to corporate data and internal applications, as
well as personal information like e-mails and diaries. The system,
developed by Scandinavian IT Group (SIG), an associate company of
SAS, is based on the Microsoft PocketPC and runs on Compaq iPaq
handhelds.
Users connect to the network using docking stations located
throughout SAS premises, such as staff rooms and lounge areas, or
via a GSM module. An additional program allows users to make
telephone calls on the Compaq iPaq using a Nokia Phonecard.
Thorbjörn Odsjö, product manager at SIG, explains that a large
number of SAS staff are constantly on the move, sending e-mails
from temporary locations like hotels at unusual times, and the
PDA-based system represents an effective means of keeping staff
updated on important information like changes to airport scheduling
information.
Users enter a Pin code, which has to be changed every three months,
and the iPaq is verified before it can be used to access the
company's network. Standardising the PDAs used by its staff means
that the company can ensure its security regulations are met. And
choosing the Microsoft option had the twin advantages that staff
are familiar with the Windows environment and it is interoperable
with the existing network which runs on Window's NT 4.0.
The company estimates that it will have about 7,000 mobile devices
in use by 2003.
Case study: Carlsberg Tetley
Keeping field engineers topped up
Last summer brewing
group Carlsberg Tetley implemented a PDA-based system to automate
tasks, cut costs and increase efficiency by providing two-way
real-time communication between two call centres and its 140 field
engineers.
The system is based on mobile data supplier Three X's Mobile
Engineer application and runs on Microsoft's Windows CE platform.
Carlsberg Tetley's engineers - who install, service and maintain
beer dispensing equipment in more than 37,000 outlets nationwide -
tap into the company's central SAP enterprise resource planning
system via Vodafone's GSM network.
As well as standard functions such as job progression, notification
of schedule changes and messaging, Mobile Engineer has auditing and
inventory management functions.
The brewery's engineers also download a site inventory
automatically when they visit an outlet, which enables them to
check the number of taps owned by Carlsberg Tetley against the
number currently dispensing Carlsberg Tetley beers. Any discrepancy
between these figures will trigger an alert to the engineer to
create "buy" or "sell" instructions for the SAP system, with the
production of an invoice or credit note.
Case study: Astra Zeneca
Handhelds speed up process of drug trials
Pharmaceutical
giant Astra Zeneca announced last October that it was planning to
roll out handheld devices for use in its clinical drug testing
trials in a bid to improve the quality of the information it
receives and speed up the time to market of drugs for treating
serious illnesses. The developing and clinical testing of a drug
can take up to seven years.
As part of a pilot scheme, Astra Zeneca said it would give Compaq
iPaq PDAs, based on the Microsoft PocketPC 2002 operating system
and running an application from software firm Conchango, to about
20 people trialling the latest medical drugs. Jill Glover,
technical architect at Astra Zeneca, says the devices could
eventually be rolled out to up to 3,000 users.
Currently, people taking part in clinical drug testing trials use
traditional diaries which they fill out at the end of each week but
this proved unreliable and time consuming. With the new system,
Astra Zeneca will preload the PDA with relevant questions to be
answered at certain times of the day within selected time slots.
Notifications will appear if any of the areas of the questionnaire
have not been correctly completed and answers will be immediately
transmitted to the company.
Astra Zeneca is now considering using PDAs in other parts of its
business.