Return to the Tablet PC Homepage

Enterprise Mobility Assessment
Areas of Mobile Optimization

By Chris De Herrera
Revised 9/25/07

[an error occurred while processing this directive]


The assessment measures how effectively a particular area of Information Technology is optimized for mobility. The areas covered are E-Mail, Synchronization, Website, Device Security, Applications � Internal and External, Remote Access, Recognized by Management, Audit, and Governance.

Below is a list of the areas that are assessed in the Enterprise Mobility Assessment:

E-Mail - E-Mail is now core to the user�s ability to communicate in the enterprise. This item measures how well mobile users are able to access e-mail out of the office and how effective it is.

Have e-mail � The ability to send and receive e-mail in the enterprise.
Ability to access e-mail remotely via the web � The ability to use web based access to your e-mail. Some systems allow for optimized versions of their e-mail interface to support smaller display sizes.
Ability to access e-mail via IMAP4 � The ability to access e-mail while connected to the internet. IMAP4 is an internet standard to access e-mail which also includes support for encryption of the connection.
Ability to sync e-mail � The ability to remotely synchronize e-mail and other information directly with your enterprise server. Examples include Exchange ActiveSync, BlackBerry Enterprise Server, etc.

Synchronization � Synchronization is critical to users so they have the same data on their mobile device as they have on their desktop. This item measures the different methods of getting this information.

Have calendar, contacts, tasks (PIM) � The users in the enterprise have a standard program to store calendar, contacts and tasks in your PC. Ideally this is part of a centralized standard such as Exchange or Lotus Notes.
Remote access via website � The ability to view and edit your PIM data via the web. Usually the web access can be optimized for smaller displays.
Synchronize with your PC � The ability to synchronized from your PIM application on your PC to your mobile device.
Sync to Contacts, Calendar and Tasks with Server � The ability to synchronize directly to the enterprise server. Examples include Exchange ActiveSync, BlackBerry Enterprise Server, etc.

Website � Your website is the way your company promotes itself on the internet. This item focuses on measuring the changes that can be made to your website to support mobility.

Have a website � The company has a public website that it�s employees and customers visit.
Optimize web server - gzip/deflate � By optimizing the content generated from the web server using gzip or deflate, the perceived speed is faster for slower network connections. This is because it takes less time to send the smaller content. This has a secondary benefit of reducing the overall traffic of the web server so the growth pressure on the network connection to the internet is reduce.
Optimize website for smaller displays and web browsers � Create custom versions of your public and internal websites to support smaller displays such as mobile devices.
Auto-detect mobile users � The ability to automatically detect and route customers and users based on the type of device they are using to view your company�s website.

Device Security � One of the critical things these days is security of information. So if you sync with a mobile device then security has to be setup to protect your data. This item assesses the level of security that is implemented which supports mobility. These functions focus on ways for the company to reduce it�s security risk when a mobile device is lost or stolen.

Have device passwords � Device passwords should always be enabled to prevent unauthorized use of the device.
Have device and storage encryption � Ensure that all data is stored in encrypted form on the device. Ideally this should meet the California State law SB-1386 in case information is disclosed.
Have remote erase function � The ability to remotely erase the data from a lost or stolen device without recovering it.
Have Centralized Management of Devices � The ability to centrally manage the configuration and security settings of mobile devices. This provides management with the capability to enforce enterprise security policy across the mobile devices deployed to employees.

Applications � Internal � Almost every business has special applications that are created to support their specific needs. This item assesses how well those applications support mobility

Have company specific applications � Most companies have custom applications they have developed to meet their needs.
Support web access to applications � During the past few years, more and more companies are moving to implement web based applications to replace their �thick client� applications. The web allows the company more flexibility regarding the presentation of data to users within the company.
Support remote access to applications � Support the ability to use the same applications remotely without compromising the performance and functionality. Once they are available remotely, then users may be authorized to use them remotely.
Create mobile versions of applications � Create custom versions of the applications and websites that are optimized for mobile including smaller display support, etc.

Applications - External Customer � As a company grows it will engage more customers that are mobile. (Mobility is not limited to the enterprise these days). This item assesses how effectively the company engages mobility to support their customers.

Have company specific applications � Does the company have specific applications they provide to their customers?
Support remote access to apps � Does the company support using their customer specific applications to communicate to the company�s systems? Do the applications work well over wireless and other remote access connections?
Support web access to applications � Are the customer applications available via the web? Does the user have to install the application to take advantage of the capabilities.
Create mobile versions of applications � Are the applications customized to work effectively on small displays and with various network connections?

Remote Access � The ability of mobile users to have access to critical resources when they are mobile.

Have internet access � Does the company have internet access?
Have dial-up access � Does the company support dial up access for remote staff?
Mobile compatible remote control of PCs and servers � Does the company support the ability for staff to remote control PCs and servers? These applications could include VNC, PC Anywhere or services like LogMeIn.
VPN is compatible with mobile devices � Does the company�s VPN support connections from mobile devices to the enterprise network?

Documentation � Does the appropriate documentation exist to support the implementation and use of Mobile Devices in the enterprise?

Have No Documentation � The enterprise does not have any mobile specific documentation.
Have General Notes � The enterprise has general notes on using mobile devices in the enterprise. These notes are usually organized for IT professionals regarding specific applications and configurations.
Have Company Standard Build Notes � The enterprise has a standard process which is documented to build new mobile devices.
Have Full Procedures � The enterprise has procedures for mobile devices and they have integrated mobile devices into general computing procedures.

Recognized by Management � Does management recognize the investment and support required to support mobility?

User Recognition � Recognition that staff want to use mobile technology.
Dedicated IT Support Staff � Support staff that are dedicated to assist users with mobile technology. Since mobile technology is also used outside business hours they may be made available for longer periods of time.
Have a Mobile Committee � Does the company have a committee specifically setup to identify, assess and recommend the implementation of mobility projects. Also, this committee should assess the results of mobility initiatives.
Mobile is recognized as a Strategic Initiative - The company recognizes the use of mobile devices as a strategic advantage and requirement to compete with other companies.

Audit � Is the audit function aware of how the enterprise is changing to support mobility? Do they perform critical functions to ensure that controls are in effect on mobile devices?

Have internal audit function � Most small and medium businesses have an internal audit function which oversees the processes and controls used in the company to manage risks.
Mobile Security is reviewed as part of General Computing Controls � General Computing Controls are the standard security and operational controls found in Information Technology. Adding Mobile Security is critical to assessing the company�s ability to secure the data stored and accessed from a mobile device. This will require auditors with a general understanding of how to apply GCC to mobility.
Separate mobile device security audit � Performing a mobile device security audit focuses on performing testing of the controls in place in the GCC above. This will require auditors that specialize in mobile computing that are able to test the controls.
Audit performs penetration testing of mobile device security and wireless infrastructure � Perform testing to ensure that the devices are secure from a wireless standpoint. Review what is being sent in clear text and what is sent encrypted. Perform periodic penetration testing of the wireless infrastructure (Wi-Fi, 802.11g) owned by the company. Perform penetration testing of the device via wireless (Wi-Fi, cellular and Bluetooth).

Governance of Mobility � Does the company recognize the requirement to manage mobility the same as other critical processes?

Can users connect to the corporate network with their personal device? � Assess the ability to control the devices where company data is stored. If personal devices are allowed then they may not be able to control them.
Who owns data stored on mobile devices? � This is especially a problem where the salesman or marketing staff believe they own the contacts instead of the company.
Who's time is the staff using when outside bus hours? � How does the company account for staff time when they are away from the office? Does the company compensate employees for being on call and when they have to work on issues based on the communication received via their mobile device? This would also include response times for staff to review and respond to requests or issues.
Extremely flexible workforce - Flex time � The ability to have the staff work when appropriate to accomplish their jobs and their lives based on what is best for them. Usually the staff allowed this flexibility are salaried.

[an error occurred while processing this directive]

Click here for Advertising Information

Copyright 2001 - 2012 Chris De Herrera, All Rights Reserved
A member of the Talksites Family of Websites
All Trademarks are owned by their respective companies.