Mon, January 15, 2007 — CIO — A mobile mess looms for CIOs who ignore the rising popularity of connected handhelds. New third-generation (3G) cellular networks make handheld computing more convenient for everyone from executive travelers to salespeople and field technicians. This trend poses new challenges to CIOs who need to maintain enterprise network and data security, plus keep end-user support costs down. Yet most enterprises have no policies or mobile management strategy in place to achieve these goals, notes a recent study by the BPM Forum, an industry association.

And without a mobile device management strategy, a trickle of connected devices brought in by individuals can quickly become a nasty, unmanaged torrent. That nearly happened at American Family Life Assurance Company of Columbus (better known as Aflac) a few years ago. The IT department had been willing to set up e-mail access for a few handheld devices brought in by frequent travelers, handling them on a case-by-case basis. But after returning from Christmas vacation in January 2004, Greg Gatti, vice president of infrastructure services in IT, had 3 dozen connectivity requests for shiny new Hewlett-Packard iPaqs—that year’s must-have gadget—and other PDAs that various staffers got as presents.

"Very quickly, we had so many devices that it was a nightmare for our computer support team," he recalls. And just as quickly, Aflac created a strategy and set of policies to get in front of the connected-handheld wave.

Like other financial-sector companies, Aflac had to get its smart phone house in order not only to reduce management complexity but also to meet federal requirements around data management and security. Aflac’s ultimate strategy: Ban all non-company-issued handhelds from connecting to enterprise servers and computers, lock down PCs so handheld-synchronization software couldn’t be installed by users, and forbid the use of POP3 and SMTP e-mail access to the corporate network so wireless Internet users couldn’t sneak in the back door. Aflac also decided to rely on a mobile e-mail server to manage both e-mail access and the handhelds themselves, and ensure automatic installation of firmware patches and enforcement of password policies. This strategy is common in the financial services sector, with similar policies currently in use at Citigroup’s Primerica subsidiary, Farmers & Merchants Bank, IndyMac Bank and Russell Investment Group, among others.

Nonfinancial companies could mimic this approach, Yankee Group analyst Nathan Dyer says, but the research shows that many companies have yet to craft a mobile management plan.

Our Data Went Where?

Your first big CIO headache regarding handhelds: They are easily lost or stolen, putting any data they contain at risk. Even data that seems routine, such as personal contact information or e-mails about a deal in progress, can expose a company to high notification costs (if customers must be contacted regarding a privacy breach) or reveal insider information, Dyer notes.