Mobile device management: Law firm users bring their own

Using a mobile device management solution from MobileIron, one law firm lets employees use both personal and corporate devices to securely access enterprise apps.

This article can also be found in the Premium Editorial Download: IT in Europe: How networks are adapting to virtualisation

Law firm Norton Rose wanted to embrace the collaboration and productivity gains of a BYOD (bring your own device) approach to mobility, but the firm knew all the well the legal ramifications of a mobile strategy gone wrong.

Norton Rose provides business law services from offices across Europe, the Middle East and Asia Pacific and needed to offer its lawyers the same access to corporate email and information on the road as in the office, said Vlad Botic, technology innovation director for the group, which bases its IT and network systems in London.

The biggest concern was the ability to secure and set user policy around personal devices, and Botic realized pretty quickly that would mean investing in a mobile device management (MDM) system.

At first the firm issued corporate BlackBerrys, securing them with a BlackBerry Exchange Server. But so-called “consumerisation of IT” changed all of that—especially when employees began bringing iPads en masse.

In finding a mobile device management solution to handle this influx, Norton Rose faced a fragmented and emerging vendor market comprised of RIM, large IT systems management vendors, pure-play MDM vendors, as well as entrants from related markets.

Finally, Norton Rose, with the help of partner Esselar, chose MobileIron’s MDM solution, which places a server in the enterprise data centre and clients on smartphones or tablets. Using the system, administrators can control user access policy and clone data from devices to the server.

MobileIron had to address a laundry list of needs from Norton Rose. Botic had great concern around the implications of losing client privilege data.

“[Using MobileIron] we can wipe remotely devices, and when wiping those devices we are able to wipe just the corporate, if someone is leaving the firm, or if the device is lost, wipe the entire device,” said Botic.

In the system, traffic is encrypted from the controlled environment to the device, and the device itself is encrypted. MobileIron also offers the ability to fine tune user policy settings, as compliance regulations vary widely from country to country.

Going a step further, since the Norton Rose Group often works with clients on both sides of a legal dispute and must provide a ‘Chinese Wall’ between the teams working for each party, MobileIron also offers a separation of data to mobile devices accessing the same corporate systems.

Implementing the mobile device management system

Norton Rose Group and Esselar began the project by running a pilot using iPads accessing an Ethernet local area network that connects to the internet at 10 MB, with two 4 MB links between offices and just one MobileIron server covering the group:

“In our infrastructure we have all our emails routed through London. If all the emails are routed through London, one could argue there is no point in having more than one device,” Botic said.

The device sits in the DMZ perimeter layer. “We didn’t have to make any major changes to our infrastructure. When the MDM tools come into play they sit above the existing infrastructure,” said Botic. “Our network bandwidth for data coming out has not changed.

“We already have in place Quality of Service (QoS) and Cost of Service (CoS) so we can control network traffic, but the problem here really isn’t network traffic,” said Botic. “Email is not time-critical; to a mobile device user, a one minute difference is not a problem. It does not become a network situation.”

But monitoring connections is still crucial. “Because this is an effective connection back to the Exchange server, it creates two connections to the Exchange server for each device. BlackBerry has six connections. One user could have a BlackBerry, a corporate [laptop], a private device and the desktop, so you can see how many connections could be made to the server. It needs to be monitored,” Botic said.

The group is already seeing the benefits of bringing consumer devices under the corporate umbrella. Staff at remote locations with mining or energy clients have been accessing corporate email and calendars, as well as using WebEx apps to join corporate video conferences from their iPads.

The team plans to work with all mobile operating systems, including Android, IOS and Symbian, though Botic said, “We will see what we can do with Windows 7.”

The next step is to deploy enterprise mobile apps using MobileIron’s Enterprise App Storefront.

Fresh from a merger with Canadian law firm Ogilvy Renault and South African law firm Deneys Reitz, Norton Rose is first concentrating on the mobile apps that clients can access—even before mobile apps that will be used for internal productivity, said Botic.

“What is available to our clients will probably be published on Apple store as any other app,” he said. “MobileIron delivers internal apps to internal devices. We will have to devise apps for these consumer devices and also BlackBerrys, working with multiple platforms. That is a challenge and we are looking at the best way.

“It is [the] early days. I don’t think we are pioneers, but we definitely are making the cautious decision that we need to embrace consumerisation. It is here to stay and we can’t ignore it.”

Read more on Wireless networking