Mobile deployment implementation considerations

Mobile deployments require a lot of pre-planning and consideration. If you've found a business case for a mobile deployment, use these steps on how to implement, manage, and secure.

Mobility is only just starting to come onto the radar screen for most companies, according to Mary Wardley, vice president of enterprise applications and CRM software at IDC.

Part of the difficulty of a mobile deployment is deciding whether or not you need one. For example, Geoff Le Quelenec, business analyst with Suncor Energy, needed to speed up information flow at his company, eliminate process bottlenecks, and close the loop quickly with retailers. The reason these challenges aren't wireless-related is that "people don't think of their problems as [stemming from] a lack of mobility," Le Quelenec said. "Nobody says, 'We have a problem with this wire being here.' "

Start small -- with the right device

Once the mobile solution is realized, however, it can be further complicated by the vast variety of mobile device form factors. Some mobile devices have unique characteristics, and failing to recognize that fact is the first pitfall of a mobile deployment, according to Gene Signorini, vice president of enterprise research at Yankee Group.

Le Quelenec recommends "[finding] that one device that does the one thing really well that you need for your business, and you'll get past ROI and management …. As long as your first rollout goes over really well, it will pave the way for your other devices."

He added that mobility is still at the stage where a company can deploy solutions relatively cheaply, without a million-dollar budget. Proceeding with mobility does require a degree of caution, however.

"Everything with mobility is in beta stages," Le Quelenec explained. "Be conscious of that, but don't be scared of it." He recommended that companies "build that understanding with [their] user community," because users must realize the benefits and risks involved with a mobile deployment.

Put the end user first

They are called "end users," but you need to put them first from the start, explained Signorini. Once companies have found the right devices for end users, they are charged with teaching them how to use those devices and informing them of the wireless risks that mobility can introduce.

@38442 If no mobile policy exists, however, these risks become nearly impossible to mitigate, according to Carrie MacGillivray, senior research analyst of mobile enterprise network services at IDC. Companies need to ensure that when they lay down the law, the policy includes, not only security, but software downloads and installation, wireless service spending (voice and data usage), synchronization with other devices, specific application use, network access, and device support.

Work with vendors and carriers

Belinda Watkins, vice president of IT in the network computing and IT operations groups at Federal Express, recommends that you work closely with your vendor but, more importantly, "make the suppliers work for you."

In order to manage her vendors, Watkins had to shrink the number her company had accumulated. To accomplish this, she identified key suppliers of services and built strong partnerships with them. "Make sure you develop rules of engagement for suppliers," she said. A good partnership involves clearly defining rules, much as IT should do with end users. Essentially, Watkins said, companies have to specify who sells what and when.

After working with vendors, Le Quelenec suggested, negotiate with carriers and set ground rules that cover every possible scenario – even the worst case. "The carrier you should live with," he said. "You need to build defensively around a worst-case scenario [and] assume your carrier won't give you what you need."

Le Quelenec said carriers who provided him the best service would be rewarded with his business. "Sure enough," he said, "towers sprung up and dead spots started disappearing."

Set policies and manage

Yankee Group's Signorini considers letting costs and challenges get out of control to be one of the sins of a mobile deployment. Taking an ad hoc management approach would make this even worse. Signorini said that in order to formulate a process toward strategic mobility, a company should let its business dictate mobility requirements and information dictate application requirements. Policy is what holds these pieces together.

Watkins agreed. She said mobile managers need to set guidelines and standards for device types and usage; develop policies, guidelines and standards; develop end-to-end processes to ensure inventory management, billing accuracy and reporting; automate as much as possible; and centralize controls and functions such as security.

Provide adequate security

Failing to provide adequate security is another item on Signorini's list of mobile sins.

Many companies make the mistake of not going end-to-end when it comes to security, according to Ira Winkler, author of "Zen and the Art of Information Security." Managers often leave out something simple. Companies need to remember to turn on security, use encryption, and manage devices.

At the "View From the Top: CTOs on Mobile Security" session at the Mobile & Wireless World Conference in May, Bill Laberis, vice president of custom content strategy at ComputerWorld, facilitated a conversation among several chiefs and senior vice presidents, including Norm Fjeldheim, senior vice president and chief information officer at Qualcomm; Bill Kramer, vice president of solutions engineering and architecture in the business markets group at AT&T Mobility; Kevin McConnell, chief architect of mobility and wide area wireless technologies at IBM; and Gregg Plekan, senior vice president of product development at Antenna Software. The group found that security problems can be traced back to technology and policy issues. Companies need to have the same policies on the PDAs as their laptops. At the very minimum, devices should be password protected. Unfortunately, end users don't want password protection because it would prevent them from calling while they're driving, limiting quick access.

In the end, the panel concluded that it is the users who are the biggest security risk because of human error or laziness -- a concern echoed by the participants of's Hacking for Dummies Contest. More devices are lost by end users than are stolen. Since mobile devices are small and carry voice capabilities, users often view them as phones instead of computers and so are more neglectful of them.

Future proof

Enterprises cannot buy mobile devices without regard for the future. This is another of Signorini's sins of a mobile deployment: failure to future proof. Companies should demand flexibility with devices and find products and vendors that will last. "We didn't want to tie ourselves to a vendor [or] device," Le Quelenec said, "because we didn't know who would be around in six months."

So far, Le Quelenec said, his company's deployment has brought about significant ROI, but above all, an immediacy of information -- which is something you can't put a price on. "Mobile computing lets us take advantage of opportunities we never could have before," he said, "and it has really changed the way we think about our information."

Read more on IT risk management