25 Comments

Summary:

[qi:gigaom_icon_mobile] Mobile life seems to know no boundaries. Though the etiquette of turning the CrackBerry off during a date is as important as ever, various facets of our personal and work lives are rapidly merging and in many cases, overlapping. I’m an employee, a friend and […]

[qi:gigaom_icon_mobile] Mobile life seems to know no boundaries. Though the etiquette of turning the CrackBerry off during a date is as important as ever, various facets of our personal and work lives are rapidly merging and in many cases, overlapping.

I’m an employee, a friend and a sibling; I play different roles in a 24/7 time frame. To that end, I’m looking for a smart device to support my diverse lifestyle, one that doesn’t compromise either my IT department’s sleep schedule or — more importantly — the integrity of my personal data. In order to make this happen, targeted re-engineering of mobile devices and device management technologies is essential.

Many CIOs are exploring user-owned device computing. In this model, the user buys and owns the device, while the company pays for the plan and supports the enterprise applications that get provisioned on it. Per most enterprises’ acceptable usage policies, IT departments retain the right to corporate data on the device, which is fair and necessary. The way these policies are implemented, however, is where things get tricky. Certain events, like a job separation, trigger their enforcement, requiring the mobile operations administrator to immediately remove corporate data from the separated employee’s device. In order to do so, however — even if the enterprise is equipped with leading device management technologies (among them BlackBerry Enterprise Server, Microsoft Mobile Device Manager and iAnywhere Afaria) — the administrator is forced to wipe the entire mobile device “owned” by the user.

So, what’s wrong with the story? From the corporate side, nothing. The now former employee, however, would have lost all of the information stored on the device he’s now left with, some of which was likely not related in any way to the company that was footing his monthly bill.

Mobile devices currently offer users the option to tag Personal Information Management (PIM) data (email, contacts, calendar) as personal or corporate. But personal or corporate, all data — even application-level data — is stored in the same data repository on the device, which means device management tools can’t leverage those user-defined tags to selectively wipe out any of it.

I believe there is a significant opportunity for mobile device manufacturers to re-architect a mobile device operating system to enable data classifications at a fine-grained level. Similarly, device management tools need to be updated with capabilities to selectively manage corporate data without compromising the integrity of the data deemed by a user to be personal.

As our work and personal lives become increasingly harder to separate, we will become increasingly unwilling to tote around more than one mobile device. Until we’ve implemented technologies related to on-device data storage classification and associated device management updates, however, one truly mobile device for a 24/7 life will remain out of our reach.

Balaji Natarajan is a senior IT strategist for Capgemini focused on smart grid, mobile computing and unified communications.

You’re subscribed! If you like, you can update your settings

  1. I would *LOVE* to consolidate the number of separate gadgets I use everyday… cell phone, mp3 player, camera/camcorder, gps, e-reader, etc.

    iPhone comes close, but the walled garden with the mighty Steve Jobs telling me what apps I can run, and which carrier I must use is a deal breaker…

    These are the features I’m looking for in the next gen phone:

    #1 Open Source or SDK available
    #2: MP3/Divx/XVid Playback (mp3: variable speed, fast forward, etc)
    #3: WLAN
    #4: GPS (turn by turn voice map)
    #5: QWERTY Keypad
    #6: >8MB (Video) Camera (w/ macro lens) (ex, LG-KC910, Samsung i8510)
    #7: SD Card
    #8: FM Radio Receiver (ex. CECT N99i )
    #9: Built-In Speakers and Mic
    #10: BlueTooth
    #11: FM Transmitter (ex. LG’s 550 FUSIC)
    #12: Accelerometer
    #13a: TV Out
    #13b. Projector
    #14: TV In Connectors / OTA broadcast (OTA ex. CECT N99i )
    #15: Unlocked with SIM card (GSM) or RUIM card (CDMA)

  2. Dave Michels Saturday, May 16, 2009

    I completely agree. I think the mobile vendors need to develop an architecture for 2 phones in one. 2 SIM cards, 2 PIMs, etc. – that all act as one.

    A new employee receives either a vanilla corporate phone or a corporate SIM for their own phone. The single phone actually acts as a normal all in one device – but users can can their separate information and billing separate. When you place a call, you either select the line or the phone automatically determines it by which directory the number is in.

    1. Take a look at Nokia’s E71. It really is two phones in one plus a terrific feature set: SIP, WiFi, Bluetooth, Camera, MP3 player, micro SD card, great browser, solid email and messaging platform, and a full keyboard. It can even function as a WiFi hotspot using your 3G cellular network.

  3. I don’t see why IT departments should have an expectation of being able to wipe an employees’ phone at any given time. Sensitive documents don’t self combust on termination, and notebooks don’t format their own hard drives. Plus, with employees purchasing their own mobile device, they should be relied upon to back up their devices in a responsible manner, rendering the remote wipe useful for when an employee loses a device, but not when terminating employees. Just as in previous eras, it’s on the terminated employee to return or destroy sensitive company data.

  4. Everything asked for by post author and in comments already in the cupcake build of Android.

    Qualcomm all band radio chip ( CDMA and 3G GSM ) due at end of year and it will support Android.

    A little research before posting would be nice! :)

    http://source.android.com/release-features

  5. Maybe the flaw isn’t in the data cleanup, but in the ownership model. And the employees who agree to it.

  6. Steve Poppe Sunday, May 17, 2009

    Thought-provoking post. Capgemini can make some “serious” if it becomes the go to consultant in mobile. (Go get ‘em.) One device is absolutely the holy grail, but until privacy is insured, we will remain two or three device warriors. Who has never had the feeling that their boss my be lurking in the ether to read email or track URLs or, or…? When the Dachis Corp. launches its enterprise app, I hope it deals with this one device, corporate-private, my dime-your dime question.

  7. technomadia Sunday, May 17, 2009

    “I believe there is a significant opportunity for mobile device manufacturers to re-architect a mobile device operating system to enable data classifications at a fine-grained level. Similarly, device management tools need to be updated with capabilities to selectively manage corporate data without compromising the integrity of the data deemed by a user to be personal.”

    Amen. I’ve been advocating for this sort of functionality for years.

    I actually made a case for working this sort of personal / corporate data split into PalmOS Cobalt (6.0) in the hopes of making it one of our key differentiating features, but the idea withered on the vine at PalmSource, and Cobalt in the end so did Cobalt.

    – Chris // http://www.twostepsbeyond.com

    1. I thought Palm could have gone a step beyond too – in rounding off the Synergy Feature with more differentiators…Kudos on your Cobalt efforts.

    2. Your point on Device Management companies need to be updated. MobileIron has Selective Wipe Feature allow you to browse the file structure and delete just a selected folder or just encrypted, or just email, and on and on.

  8. Ken Wallich Sunday, May 17, 2009

    While trying to make data taggable on a mobile device might at first seem great in this scenario, as prior commenters have mentioned, the problem is far more general. The corporate/private data is on a users mobile device, and backed up on a users or companies laptop, and if they’re following good backup processes at home, on a users home computer as well. Wiping a users mobile device with an expectation of removing proprietary corporate information, knowing that, is pointless. Solving the problem of proprietary data at an endpoint is a partial solution. Companies are ultimately still relying on employees following their IP agreement, and removing such data on their own.

    Consider the inverse problem, a corporate laptop with a users personal data on it. Upon separation, users would like to remove their private data, personal address book and email certainly, before returning company equipment, but in many scenarios, don’t have the ability to do this.

    If you generalize the problem of data tagging, a unified solution presents itself by jumping up and down and waving “hey, over here, look over here”… encrypted storage of data, decrypted on-the-fly with revokable access keys. Think S3. Enhanced with having data cachable on a device, with a timeout on re-authentication so one can work on a document on a plane, for instance, or anywhere 24×7 access to corporate authentication isn’t available.

    This also allows individuals to turn off access to personal data on a device after they’ve surrendered it, and viola you’ve also solved the problem for corporate and personal data, stolen mobile devices and laptops. Just revoke access to the data on the device!

    A couple existing technologies? S3 from Amazon, and lastpass, a password manager that stores sensitive data encrypted on their servers. Mobile access to S3 exists through many apps on Android and the iPhone, lastpass has an iphone app in development. And, of course, the company who’s building that very solution for all your data? Google. Surprise!

    This method doesn’t stop someone who really wants to steal and archive corporate data from doing so, but that’s a significantly harder problem that companies have to deal with on any highly confidential need-to-know information.

    1. Good analysis Ken…

      “The corporate/private data is on a users mobile device, and backed up on a users or companies laptop, and if they’re following good backup processes at home, on a users home computer as well. Wiping a users mobile device with an expectation of removing proprietary corporate information, knowing that, is pointless”

      Although I agree it’s common practice to backup corporate data on home computers, it’s important to note whether your IT department is certifying such a move via the Policy document every employee signs off about maintaining the integrity of corporate data 24*7*365….(We can argue that we all do it everyday anyway – that’s a different story..)

      Regarding storing personal data on “company-owned” laptops, yes – Google Cloud, Amazon S3 can step up & help – going forward, by storing the personal data on the cloud – but again, not sure if companies would be ready to pay for such tools (when usual IT Policy states usage of “company-owned” devices are restricted for company use only & not personal use)….I do have some casual personal information stored on my company laptop – but i don’t “depend” on it being the primary source of my personal information.

      The situation is starkly different when the model = “user-owned” device + “company-paid” services , which seems to be a more prevalent model in smartphones….

      Overall, I agree with the theme that this is definitely a broader-picture issue on data ownership models & associated security, storage — not limited to on-device only. Given the hybrid ownership model between user & company (in terms of smartphones) – i think, this happens to be a key use-case for the broader-picture issue. So any solution should just be a step in the right direction!

  9. I feel that a host-oriented, application-based solution is the best way to go. While the iphone has its constraints, more phones are coming (Android, etc) that should resolve some of the issues. Give me a phone that I own, but run apps that the corp deploys.

  10. One Mobile Device, for a 24/7 Life « Innovation 2.0 and… Sunday, May 17, 2009

    [...] From GIGAOM [...]

Comments have been disabled for this post