Enterprise Mobility Assessment
Areas of Mobile Optimization
By Chris De Herrera
The assessment measures how effectively a particular area of Information
Technology is optimized for mobility. The areas covered are E-Mail,
Synchronization, Website, Device Security, Applications Internal and
External, Remote Access, Recognized by Management, Audit, and Governance.
Below is a list of the areas that are assessed in the
E-Mail - E-Mail is now core to the users ability to communicate in
the enterprise. This item measures how well mobile users are able to access
e-mail out of the office and how effective it is.
Have e-mail The ability to send and receive e-mail in the
Ability to access e-mail remotely via the web The ability to use
web based access to your e-mail. Some systems allow for optimized versions
of their e-mail interface to support smaller display sizes.
Ability to access e-mail via IMAP4 The ability to access e-mail
while connected to the internet. IMAP4 is an internet standard to access
e-mail which also includes support for encryption of the connection.
Ability to sync e-mail The ability to remotely synchronize e-mail
and other information directly with your enterprise server. Examples include
Exchange ActiveSync, BlackBerry Enterprise Server, etc.
Synchronization Synchronization is critical to users so they have
the same data on their mobile device as they have on their desktop. This
item measures the different methods of getting this information.
Have calendar, contacts, tasks (PIM) The users in the enterprise
have a standard program to store calendar, contacts and tasks in your PC.
Ideally this is part of a centralized standard such as Exchange or Lotus
Remote access via website The ability to view and edit your PIM
data via the web. Usually the web access can be optimized for smaller
Synchronize with your PC The ability to synchronized from your PIM
application on your PC to your mobile device.
Sync to Contacts, Calendar and Tasks with Server The ability to
synchronize directly to the enterprise server. Examples include Exchange
ActiveSync, BlackBerry Enterprise Server, etc.
Website Your website is the way your company promotes itself on the
internet. This item focuses on measuring the changes that can be made to
your website to support mobility.
Have a website The company has a public website that its employees
and customers visit.
Optimize web server - gzip/deflate By optimizing the content
generated from the web server using gzip or deflate, the perceived speed is
faster for slower network connections. This is because it takes less time to
send the smaller content. This has a secondary benefit of reducing the
overall traffic of the web server so the growth pressure on the network
connection to the internet is reduce.
Optimize website for smaller displays and web browsers Create
custom versions of your public and internal websites to support smaller
displays such as mobile devices.
Auto-detect mobile users The ability to automatically detect and
route customers and users based on the type of device they are using to view
your companys website.
Device Security One of the critical things these days is security
of information. So if you sync with a mobile device then security has to be
setup to protect your data. This item assesses the level of security that is
implemented which supports mobility. These functions focus on ways for the
company to reduce its security risk when a mobile device is lost or stolen.
Have device passwords Device passwords should always be enabled to
prevent unauthorized use of the device.
Have device and storage encryption Ensure that all data is stored
in encrypted form on the device. Ideally this should meet the California
State law SB-1386 in case information is disclosed.
Have remote erase function The ability to remotely erase the data from a
lost or stolen device without recovering it.
Have Centralized Management of Devices The ability to centrally
manage the configuration and security settings of mobile devices. This
provides management with the capability to enforce enterprise security
policy across the mobile devices deployed to employees.
Applications Internal Almost every business has special
applications that are created to support their specific needs. This item
assesses how well those applications support mobility
Have company specific applications Most companies have custom
applications they have developed to meet their needs.
Support web access to applications During the past few years, more
and more companies are moving to implement web based applications to replace
their thick client applications. The web allows the company more
flexibility regarding the presentation of data to users within the company.
Support remote access to applications Support the ability to use
the same applications remotely without compromising the performance and
functionality. Once they are available remotely, then users may be
authorized to use them remotely.
Create mobile versions of applications Create custom versions of
the applications and websites that are optimized for mobile including
smaller display support, etc.
Applications - External Customer As a company grows it will engage
more customers that are mobile. (Mobility is not limited to the enterprise
these days). This item assesses how effectively the company engages mobility
to support their customers.
Have company specific applications Does the company have specific
applications they provide to their customers?
Support remote access to apps Does the company support using their
customer specific applications to communicate to the companys systems? Do
the applications work well over wireless and other remote access
Support web access to applications Are the customer applications
available via the web? Does the user have to install the application to take
advantage of the capabilities.
Create mobile versions of applications Are the applications
customized to work effectively on small displays and with various network
Remote Access The ability of mobile users to have access to
critical resources when they are mobile.
Have internet access Does the company have internet access?
Have dial-up access Does the company support dial up access for
Mobile compatible remote control of PCs and servers Does the
company support the ability for staff to remote control PCs and servers?
These applications could include VNC, PC Anywhere or services like LogMeIn.
VPN is compatible with mobile devices Does the companys VPN
support connections from mobile devices to the enterprise network?
Documentation Does the appropriate documentation exist to support
the implementation and use of Mobile Devices in the enterprise?
Have No Documentation The enterprise does not have any mobile
Have General Notes The enterprise has general notes on using mobile
devices in the enterprise. These notes are usually organized for IT
professionals regarding specific applications and configurations.
Have Company Standard Build Notes The enterprise has a standard
process which is documented to build new mobile devices.
Have Full Procedures The enterprise has procedures for mobile
devices and they have integrated mobile devices into general computing
Recognized by Management Does management recognize the investment
and support required to support mobility?
User Recognition Recognition that staff want to use mobile
Dedicated IT Support Staff Support staff that are dedicated to
assist users with mobile technology. Since mobile technology is also used
outside business hours they may be made available for longer periods of
Have a Mobile Committee Does the company have a committee
specifically setup to identify, assess and recommend the implementation of
mobility projects. Also, this committee should assess the results of
Mobile is recognized as a Strategic Initiative - The company
recognizes the use of mobile devices as a strategic advantage and
requirement to compete with other companies.
Audit Is the audit function aware of how the enterprise is changing
to support mobility? Do they perform critical functions to ensure that
controls are in effect on mobile devices?
Have internal audit function Most small and medium businesses have
an internal audit function which oversees the processes and controls used in
the company to manage risks.
Mobile Security is reviewed as part of General Computing Controls
General Computing Controls are the standard security and operational
controls found in Information Technology. Adding Mobile Security is critical
to assessing the companys ability to secure the data stored and accessed
from a mobile device. This will require auditors with a general
understanding of how to apply GCC to mobility.
Separate mobile device security audit Performing a mobile device
security audit focuses on performing testing of the controls in place in the
GCC above. This will require auditors that specialize in mobile computing
that are able to test the controls.
Audit performs penetration testing of mobile device security and wireless
infrastructure Perform testing to ensure that the devices are secure
from a wireless standpoint. Review what is being sent in clear text and what
is sent encrypted. Perform periodic penetration testing of the wireless
infrastructure (Wi-Fi, 802.11g) owned by the company. Perform penetration
testing of the device via wireless (Wi-Fi, cellular and Bluetooth).
Governance of Mobility Does the company recognize the requirement
to manage mobility the same as other critical processes?
Can users connect to the corporate network with their personal device?
Assess the ability to control the devices where company data is stored. If
personal devices are allowed then they may not be able to control them.
Who owns data stored on mobile devices? This is especially a
problem where the salesman or marketing staff believe they own the contacts
instead of the company.
Who's time is the staff using when outside bus hours? How does the
company account for staff time when they are away from the office? Does the
company compensate employees for being on call and when they have to work on
issues based on the communication received via their mobile device? This
would also include response times for staff to review and respond to
requests or issues.
Extremely flexible workforce - Flex time The ability to have the
staff work when appropriate to accomplish their jobs and their lives based
on what is best for them. Usually the staff allowed this flexibility are