New generation tablets are being adopted en masse by enterprises, despite the lack of any support infrastructure from the manufacturers. Many enterprise users, and IT groups, are making determined efforts to secure and manage tablets with whatever tools are available.
BACKGROUND: 3 tips for avoiding tablet management headaches
We talked with IT pros and executives from three companies that have deployed tablets:
Bayada Nurses, a Moorestown, N. J. company that provides nursing and other home-based healthcare services. It has 14,000 nurses, aids, therapists, social workers, based in 52 branch offices in 20 states. It has rolled out 2,000 Android-based, 7-inch Samsung Galaxy Tabs so far;
Main application: Homecare Homebase (HCHB), a Web-based app for managing and reporting on home-delivered services to patients.
Hawthorn Pharmaceuticals, a Madison, Miss., specialty pharmaceutical company founded in 1998. Of 160 employees, 120 are sales staff. It has rolled out the Apple iPad, replacing discontinued HP iPaq PDAs running Windows Mobile.
The Ottawa Hospital, Ottawa, Ontario, which has 3,000 iPads deployed to doctors, interns and pharmacists.
Main applications: custom-built apps, one for electronic ordering by doctors of lab tests, medical imaging, medication; another for electronic patient health record; MobileIron, for iOS device management.
1. How to get tablet apps your end users need?
All three of the deployments here were at least initially built around one mission-critical application.
Bayada was actually piloting a Windows Phone-based version of the HCHB application (which requires an on-device database), when the vendor introduced the Android tablet version. Bayada quickly shifted to the tablet. "When we went live on the [larger-screened] tablets, the training time, the user satisfaction, the whole mood [of our employees] was totally different," says David Baiada, division director and practice leader for Bayada's Skilled Visit Services.
When Hawthorn Pharmaceuticals discovered that iPoint was being ported to Apple iOS, the company asked the software vendor to speed up development. "We were maxed out on the iPaq," says Clay Hilton, director of information technology. "We wanted to do more. We wanted to gather additional data."
Ottawa Hospital, a very early adopter of the original iPad, was ahead of its software vendors. It turned to outside software development shops, through an RFP process. CIO Dale Potter insisted that the developer provide a full-time ergonomics expert for the application design process, so that the app's screen flows matched and mirrored the workflows of end users. The hospital also made the decision to invest heavily in internal iOS development: there are now close to 70 programmers.
"Cross-platform development is an expensive proposition," says Greg Jenko, executive director, mobility services for Accenture, the big IT consultancy and systems integrator. "CIOs with BlackBerries, Androids, and iPhones are not going to invest in developing for all three. They'll pick one. The iPad is the one today."
2. How big a problem is tablet security?
All three companies take tablet security seriously, yet none ran into any stonewalls. The general consensus: tablet security is manageable, if you manage it.
Potter is blunt. "Security is grossly over-rated as a topic," he says. In the case of Ottawa, very little data is stored on the tablet. In fact, his analogy is that the iPads are like TV screens: all information is streamed to the device. When the user logs off, everything is flushed from memory. "And there are all kinds of security strategies that can be applied to the device, such as providing strong passwords," he says.
It was a harder transition for Hawthorn's Hilton.
"I cringed at the thought of purchasing for our sales force 100 devices running iTunes," he admits. "I was used to a certain amount of control [over client devices]. This was outside my comfort zone."
Tech argument: Corporate-owned vs. employee-owned mobile devices
Hawthorn makes use of some of the security features in Fiberlink's MaaS360 management application, such as automatically locking the screen or wiping the device after a set number of failed logon attempts. Hawthorn doesn't use VPNs for the iPads, in part because so much of the tablet's usage is Web-based. "We've got a sales [department] extranet, a Web portal accessed with username/password," he says. "Seventy-five percent of our employees never touch the corporate LAN."
Bayada relies on a framework of controls and application-level security to safeguard personal health information, says Baiada. The tablet's SIM card can be remotely disabled if the device is lost or stolen. "We wanted to start 'open' and then restrict as needed," he says.
Can you secure a corporate iPad to the degree you can a corporate laptop?
"You can get pretty dang close," says Accenture's Jenko. Passwords, a range of enforceable password policies, and the growing security capabilities of mobile device management applications, are all necessary elements. "The biggest challenge is that it's a completely different set of tools from those used with laptops," he says.
3. How will you manage the tablets?
"Mobile device management is a massive topic," says Ottawa Hospital's Potter. "We're not doing it well, because no one is. It's becoming critical to our deployment."
Ottawa Hospital currently uses MobileIron. "At the time, it was the only game in town," Potter says. The hospital is readying an RFP to revisit mobile device management as it prepares to deploy about 1,500 iPhones, to cover 5,000 nurses working in shifts. Shift-based device management for iOS gear is "quite a hot topic," Potter says.
Ottawa Hospital and Hawthorn rely on third-party management applications, which create an infrastructure that both Apple and Google lack. Both OS vendors have been introducing management APIs that can be used by these applications.
Fiberlink's Maas360 offers its own application catalog for internal apps, and lets Hawthorn's IT group track software downloads and updates to the iPads. Recently, the group pushed out a self-install app to the sales team. Everyone had picked it up within 18 hours, but the next morning, Clay could see that five iPads had not run the installation. IT staff called each of those users and told them to run the app.
One of the biggest complications with iOS is that it doesn't support an administrative password, and therefore, third-party management applications can't either. As a result, there's no simple, standard way to restrict what users can do with the device, as they can be restricted with a Windows PC, for example.
"My users are as 'powerful' as my technical team," Potter says. "They can download anything they want, upgrade their operating system. It's a whole different game."
John Cox covers wireless networking and mobile computing for Network World.
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.