Get a handle on handhelds

From lawmakers to census takers, government workers of all stripes are using handheld computers to connect to the office and do their jobs while on the go.

Wired or wireless, personal digital assistants are becoming the device of choice for mobile workers. In addition to calendar and e-mail features, specialized software applications are allowing workers to input data and access information from the field.

But how are agencies managing these devices? In most cases, handheld management is an afterthought: Users buy a PDA, install software and connect it to the network without regard to enterprise policies or security and support practices.

Now some agencies are taking advantage of management tools available from traditional systems management vendors and a new group of niche players to help them control and manage these devices.

Like other computer equipment, there is an upfront investment associated with buying handheld computers, but there are also hidden costs that factor into the equation, such as user training, software and hardware maintenance, and security risks. However, users and, not surprisingly, vendors say that the cost of not having tools and a strategy for managing these devices is greater.

"Mobility is a wild and woolly world," said Bill Jones, vice president of enterprise products at Intellisync Corp., which sells handheld management software.

Long arm of the law

Intellisync offers a server-based management tool called Intellisync Mobile Suite, which "reaches down directly to the device and enables an administrator to manage both cradle-connected PDAs and wireless-enabled PDAs," Jones said. The desktop-based tool, Intellisync Handheld Edition for Enterprise, allows users to synchronize the data on their handhelds with their desktop PCs via a wired connection.

If the administrator learns that a device has been lost or stolen, the server-based product allows the administrator to remotely erase the data on the device or restrict access to the server. The software also encrypts data transferred wirelessly, automatically sends out software patches or specific software applications to certain users, and keeps a consolidated log of activity on a device.

"It's not common that IT people wake up and say, 'I want to manage these devices,'" Jones said. One of two primary reasons organizations adopt handheld-device management is when they have a business need to access e-mail anytime and anywhere or to sync data between a handheld and the network. The other reason, he said, is when an agency needs to create a mobile version of a specific application.

Traditional systems management vendor Computer Associates International Inc. also offers a handheld management tool as part of its Unicenter Asset Management product. The Unicenter agent manages software distribution and configuration management, ensuring that the right applications are installed on the right devices or erasing something that shouldn't be there, said Sumit Deshpande, a vice president in the office of the chief technology officer at Computer Associates. The software also allows administrators to remotely lock a stolen device so that it cannot be accessed.

Unicenter software can be managed wirelessly and controlled from a single console. "The wireless portion of the enterprise shouldn't be looked at as [a] separate enterprise," Deshpande said. "Our strength is that integration, the ability to give you a single view of what's happening in that enterprise."

Unicenter Asset Management can also automate some of an agency's policies so that, for example, software updates are delivered automatically every week. Administrators can also divide devices into separate groups so that each group receives a different update, Deshpande said.

For Maj. Cathy Walter, chief of the information management division at the William Beaumont Army Medical Center, managing software distribution helps ensure that software gets to PDAs faster and more securely.

Walter supports more than 350 health care providers, interns, residents, nurse practitioners and administrative staff who are using Hewlett-Packard Co. iPaq handhelds to access the center's intranet and check e-mail and calendars.

"We always have something new we have to put out," such as software upgrades and security patches, she said. The tool automatically delivers updates and tells her which systems may not be in compliance, perhaps because a user removed necessary software.

The Unicenter Asset Management tool also allows Walter to reconfigure hardware without reconfiguring each machine manually. It allows her to update certain files, lock and wipe the

device if it is missing or out of the hospital for an extended period, and ensure that wireless access points are operating

correctly.

The product also helps her comply with the Army's security policy. An agent on the PDA is compared against the policy, and if there is no match, it triggers an event such as opening a help-desk ticket.

XcelleNet Inc. is another player in the mobile management market. The company's Afaria product offers inventory management, software deployment and configuration management as basic features. Administrators can use a centralized console to track handheld devices and check their configurations, who has them and where they are, said Joe Owen, chief technology officer at XcelleNet.

"They would be able to control the basic configuration of a device so users would not have to worry about arcane settings," he said.

Other features of Afaria include back up and recovery of data if a device is lost or stolen, maintenance of devices' security settings and data encryption. The product "can reach over the airways and wipe or disable a device," Owen said. "You can't really separate management and security."

Eric Halvorsen, MIS manager for the Sheriffs Office in Charles County, Md., is using Afaria to manage about 220 iPaq users, including officers who were issued the devices last year to comply with a state requirement to keep track of traffic stops.

Instead of paper forms, the officers use customized software to record data taken when issuing citations and in other situations. The officers also use the devices for e-mail.

So far, the office uses Afaria to manage software distribution and device reconfiguration, which can be useful when a device's battery dies or when the software applications are lost, Halvorsen said. When the device is hooked up to the cradle, the server reloads all the software the device needs.

"It makes the turnaround time very quick and easy," Halvorsen said. "That makes me happy, and the officer happy." During the download, Afaria also checks the PDA for anomalies such as applications that should not be there.

Halvorsen said officials considered using wireless technology but decided to use a cradle to synchronize the devices with the network to avoid the higher cost of wireless connections, he said.

Altiris Inc. also offers a solution to fit handheld management into a larger enterprise context. The company offers product suites in client management, server management and asset management, all of which are built on a common foundation and viewable from a single Web console, said Mark Magee, senior segment manager at the company. An organization can add the features that it needs rather than buy everything at once, Magee said. "The customer can buy in at the appropriate level depending on their demands," he said. Handheld support is sold as an addition to the client management suite.

For some organizations, minimizing security risks is a critical goal of device management, which is the focus of a solution called Bluefire Mobile Firewall Plus from Bluefire Security Technologies.

"What is unique is that we put a security engine onto the PDA," said Tom Goodman, vice president of business development at Bluefire. Rules are created via a management console and sent to the PDAs, he said.

The product, which supports wired and wireless connections, provides audit logs of mobile devices to help administrators track their usage, detect devices to be targeted for intrusions and identify attack methods.

It also allows administrators to disable a handheld's Bluetooth wireless microphone, camera and speaker capabilities, Goodman said. "From a government perspective, that creates a huge security hole," he said.

The Air Force Research Laboratory/Information Directorate is evaluating Bluefire's Mobile Firewall Plus as a way to secure its in-house handheld devices and as a product that could prove useful to other agencies. The directorate's Concept Validation Lab tests how well products function.

In general, agencies aren't taking seriously remote management of handhelds on a network, said Andy Karam, an electronics engineer at the directorate. When agencies don't manage these devices on a network, "it brings the whole level of network security down," he said.

Users should check with their network administrators to be sure what the policies are before connecting a handheld to the network, he said. "If they go to their systems administrator and there is no plan, they should do their homework right then and there." The same policies that support other devices attached to the network should apply to handhelds, he said.

O'Hara is a freelance writer in Arlington, Va.

***

Buyer's checklist

Because of their size, handheld computers are more susceptible to being lost or stolen. As a result, security should be at the top of the list when it comes to managing these devices, according to David Friedlander, senior analyst at Forrester Research Inc. A good handheld management package should allow administrators to:

Control data and software loaded on the device.

Secure the device against unauthorized access.

Control device passwords.

Disable the device.

Know what devices are connecting to the network.

Centralize management.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above