Blog Post

Wanted: One Mobile Device, for a 24/7 Life

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

[qi:gigaom_icon_mobile] Mobile life seems to know no boundaries. Though the etiquette of turning the CrackBerry off during a date is as important as ever, various facets of our personal and work lives are rapidly merging and in many cases, overlapping.

I’m an employee, a friend and a sibling; I play different roles in a 24/7 time frame. To that end, I’m looking for a smart device to support my diverse lifestyle, one that doesn’t compromise either my IT department’s sleep schedule or — more importantly — the integrity of my personal data. In order to make this happen, targeted re-engineering of mobile devices and device management technologies is essential.

Many CIOs are exploring user-owned device computing. In this model, the user buys and owns the device, while the company pays for the plan and supports the enterprise applications that get provisioned on it. Per most enterprises’ acceptable usage policies, IT departments retain the right to corporate data on the device, which is fair and necessary. The way these policies are implemented, however, is where things get tricky. Certain events, like a job separation, trigger their enforcement, requiring the mobile operations administrator to immediately remove corporate data from the separated employee’s device. In order to do so, however — even if the enterprise is equipped with leading device management technologies (among them BlackBerry Enterprise Server, Microsoft Mobile Device Manager and iAnywhere Afaria) — the administrator is forced to wipe the entire mobile device “owned” by the user.

So, what’s wrong with the story? From the corporate side, nothing. The now former employee, however, would have lost all of the information stored on the device he’s now left with, some of which was likely not related in any way to the company that was footing his monthly bill.

Mobile devices currently offer users the option to tag Personal Information Management (PIM) data (email, contacts, calendar) as personal or corporate. But personal or corporate, all data — even application-level data — is stored in the same data repository on the device, which means device management tools can’t leverage those user-defined tags to selectively wipe out any of it.

I believe there is a significant opportunity for mobile device manufacturers to re-architect a mobile device operating system to enable data classifications at a fine-grained level. Similarly, device management tools need to be updated with capabilities to selectively manage corporate data without compromising the integrity of the data deemed by a user to be personal.

As our work and personal lives become increasingly harder to separate, we will become increasingly unwilling to tote around more than one mobile device. Until we’ve implemented technologies related to on-device data storage classification and associated device management updates, however, one truly mobile device for a 24/7 life will remain out of our reach.

Balaji Natarajan is a senior IT strategist for Capgemini focused on smart grid, mobile computing and unified communications.

25 Responses to “Wanted: One Mobile Device, for a 24/7 Life”

  1. Richard, this DiVitas solution sounds interesting but my question will be what about the battery challenge when it comes to any services that uses WIFI on these cellphones? I am using one of the Sakhumzantsi phones and also have tried a couple of WIFI serices on Nokia N80 and I think for every one WIFI challenges the battery capacity.

  2. Richard

    Check out DiVitas Networks: DiVitas is FMC software that runs on a $99 Nokia E71x and addresses all of the issues mentioned above in addition to saving money (WiFi calls don’t count against the carrier plan and are free of charge).

    – it has Dual Persona, which means you can place private calls and maintain a private database from the native (SIM card) number while business contacts are made from the corporate deskphone number (and reside in an corporate-managed contact database).
    – It is IT managed
    – You can use corporate Presence and IM directly from the E71x
    – FMC enables seamless roaming between WiFi and cellular (free, uninterrupted calling from WiFi)
    – WiFi calls have landline-like voice quality so no choppy cellphone calls when you are in WiFi range.
    – your mobile phone behaves just like a deskphone (same number, call forward, extension dialing, etc.)

  3. Sharon Peleg

    Guys, it looks the industry is on the verge of the right solution – Mobile Virtualization. One of the more interesting use-cases promised by all virtualization proponents and OEMs is the one that suggests a ‘Trusted Domain’ for the IT of the organization, immune from any possible SW attack, possibly also storing encrypted data. In such a world, a lost device needs not erase even 1 single bit of data, assuming the right infrastructure will be in place. Even more, it could transmit the stored data (without the ability to block it). Similarly other stake holders can have their ‘trusted domain’ such as operators offering their own managed content & services.
    Stretching further the imagination, we could even think of ‘Occasional Management Authorities’ such as public place which require obeying some rule such as muting the ringer. If the user accepts it, the device could automatically temporarily change some function WITHOUT the ability to override it till the device leaves the premises (concert hall, hospital, Airplane, etc.)

  4. Brian McTavish

    Perhaps I’m ignorant of some factor but this seems an inefficient road to go down.
    Why does mixed personal/ business data functionality need hardware re-engineering, and why need it happen on the device itself?
    Can it not be implemented more flexibly with existing capabilities – e.g. tagging files, directories, and individual records by their owner, determining differential access and remote synchronisation preferences? If I have an easily reinstated copy of my personal data off my phone, why would I care who owns my device or whether they feel the need to wipe it when I leave? I may even *want* that.
    Having said that, it is a surprise that the two-lines on one phone option hasn’t advanced further: calls to family via my personal number; boss on the work line. Half-hearted solutions exist: , and Orange UK used to offer a two-lines one-SIM option. But again, isn’t this best handled centrally: incoming and outgoing routing via the personal/ business status of the contact/ time of day/ my location/ busy status? Exactly the track I understand Google Voice is going down.

  5. Device management is the optimal solution, leveraging the OMA (Open Mobile Alliance) organization standards, thus ensuring a non-proprietary protocol and wide acceptance across different devices.
    Data wiping is already supported by using the LAWMO (Lock And Wipe Management Object), but to fully support the enterprise data management, implementation is required both on the device side (LAWMO client) and on the server side (LAWMO server) – corporate data (documents, contacts, certificates, etc.) must be tagged as such when they are stored on the device and then the LAWMO implementation needs to find those tagged documents/items and delete them upon performing a data wipe operation.

  6. I feel that a host-oriented, application-based solution is the best way to go. While the iphone has its constraints, more phones are coming (Android, etc) that should resolve some of the issues. Give me a phone that I own, but run apps that the corp deploys.

  7. Ken Wallich

    While trying to make data taggable on a mobile device might at first seem great in this scenario, as prior commenters have mentioned, the problem is far more general. The corporate/private data is on a users mobile device, and backed up on a users or companies laptop, and if they’re following good backup processes at home, on a users home computer as well. Wiping a users mobile device with an expectation of removing proprietary corporate information, knowing that, is pointless. Solving the problem of proprietary data at an endpoint is a partial solution. Companies are ultimately still relying on employees following their IP agreement, and removing such data on their own.

    Consider the inverse problem, a corporate laptop with a users personal data on it. Upon separation, users would like to remove their private data, personal address book and email certainly, before returning company equipment, but in many scenarios, don’t have the ability to do this.

    If you generalize the problem of data tagging, a unified solution presents itself by jumping up and down and waving “hey, over here, look over here”… encrypted storage of data, decrypted on-the-fly with revokable access keys. Think S3. Enhanced with having data cachable on a device, with a timeout on re-authentication so one can work on a document on a plane, for instance, or anywhere 24×7 access to corporate authentication isn’t available.

    This also allows individuals to turn off access to personal data on a device after they’ve surrendered it, and viola you’ve also solved the problem for corporate and personal data, stolen mobile devices and laptops. Just revoke access to the data on the device!

    A couple existing technologies? S3 from Amazon, and lastpass, a password manager that stores sensitive data encrypted on their servers. Mobile access to S3 exists through many apps on Android and the iPhone, lastpass has an iphone app in development. And, of course, the company who’s building that very solution for all your data? Google. Surprise!

    This method doesn’t stop someone who really wants to steal and archive corporate data from doing so, but that’s a significantly harder problem that companies have to deal with on any highly confidential need-to-know information.

    • Balaji Natarajan

      Good analysis Ken…

      “The corporate/private data is on a users mobile device, and backed up on a users or companies laptop, and if they’re following good backup processes at home, on a users home computer as well. Wiping a users mobile device with an expectation of removing proprietary corporate information, knowing that, is pointless”

      Although I agree it’s common practice to backup corporate data on home computers, it’s important to note whether your IT department is certifying such a move via the Policy document every employee signs off about maintaining the integrity of corporate data 24*7*365….(We can argue that we all do it everyday anyway – that’s a different story..)

      Regarding storing personal data on “company-owned” laptops, yes – Google Cloud, Amazon S3 can step up & help – going forward, by storing the personal data on the cloud – but again, not sure if companies would be ready to pay for such tools (when usual IT Policy states usage of “company-owned” devices are restricted for company use only & not personal use)….I do have some casual personal information stored on my company laptop – but i don’t “depend” on it being the primary source of my personal information.

      The situation is starkly different when the model = “user-owned” device + “company-paid” services , which seems to be a more prevalent model in smartphones….

      Overall, I agree with the theme that this is definitely a broader-picture issue on data ownership models & associated security, storage — not limited to on-device only. Given the hybrid ownership model between user & company (in terms of smartphones) – i think, this happens to be a key use-case for the broader-picture issue. So any solution should just be a step in the right direction!

  8. “I believe there is a significant opportunity for mobile device manufacturers to re-architect a mobile device operating system to enable data classifications at a fine-grained level. Similarly, device management tools need to be updated with capabilities to selectively manage corporate data without compromising the integrity of the data deemed by a user to be personal.”

    Amen. I’ve been advocating for this sort of functionality for years.

    I actually made a case for working this sort of personal / corporate data split into PalmOS Cobalt (6.0) in the hopes of making it one of our key differentiating features, but the idea withered on the vine at PalmSource, and Cobalt in the end so did Cobalt.

    – Chris //

    • Balaji Natarajan

      I thought Palm could have gone a step beyond too – in rounding off the Synergy Feature with more differentiators…Kudos on your Cobalt efforts.

    • Your point on Device Management companies need to be updated. MobileIron has Selective Wipe Feature allow you to browse the file structure and delete just a selected folder or just encrypted, or just email, and on and on.

  9. Thought-provoking post. Capgemini can make some “serious” if it becomes the go to consultant in mobile. (Go get ’em.) One device is absolutely the holy grail, but until privacy is insured, we will remain two or three device warriors. Who has never had the feeling that their boss my be lurking in the ether to read email or track URLs or, or…? When the Dachis Corp. launches its enterprise app, I hope it deals with this one device, corporate-private, my dime-your dime question.

  10. Cameron

    I don’t see why IT departments should have an expectation of being able to wipe an employees’ phone at any given time. Sensitive documents don’t self combust on termination, and notebooks don’t format their own hard drives. Plus, with employees purchasing their own mobile device, they should be relied upon to back up their devices in a responsible manner, rendering the remote wipe useful for when an employee loses a device, but not when terminating employees. Just as in previous eras, it’s on the terminated employee to return or destroy sensitive company data.

  11. I completely agree. I think the mobile vendors need to develop an architecture for 2 phones in one. 2 SIM cards, 2 PIMs, etc. – that all act as one.

    A new employee receives either a vanilla corporate phone or a corporate SIM for their own phone. The single phone actually acts as a normal all in one device – but users can can their separate information and billing separate. When you place a call, you either select the line or the phone automatically determines it by which directory the number is in.

    • Take a look at Nokia’s E71. It really is two phones in one plus a terrific feature set: SIP, WiFi, Bluetooth, Camera, MP3 player, micro SD card, great browser, solid email and messaging platform, and a full keyboard. It can even function as a WiFi hotspot using your 3G cellular network.

  12. ben nguyen

    I would *LOVE* to consolidate the number of separate gadgets I use everyday… cell phone, mp3 player, camera/camcorder, gps, e-reader, etc.

    iPhone comes close, but the walled garden with the mighty Steve Jobs telling me what apps I can run, and which carrier I must use is a deal breaker…

    These are the features I’m looking for in the next gen phone:

    #1 Open Source or SDK available
    #2: MP3/Divx/XVid Playback (mp3: variable speed, fast forward, etc)
    #3: WLAN
    #4: GPS (turn by turn voice map)
    #5: QWERTY Keypad
    #6: >8MB (Video) Camera (w/ macro lens) (ex, LG-KC910, Samsung i8510)
    #7: SD Card
    #8: FM Radio Receiver (ex. CECT N99i )
    #9: Built-In Speakers and Mic
    #10: BlueTooth
    #11: FM Transmitter (ex. LG’s 550 FUSIC)
    #12: Accelerometer
    #13a: TV Out
    #13b. Projector
    #14: TV In Connectors / OTA broadcast (OTA ex. CECT N99i )
    #15: Unlocked with SIM card (GSM) or RUIM card (CDMA)