Analysis: Mobile E-Mail

They lurk in airport lounges and Starbucks and are guaranteed to give IT pros goose bumps. Mobile e-mail users, thumbs frantically jabbing as they squint at tiny screens. It's not the pasty faces and sweaty palms clutching Crackberries that scare us. It's the idea of managing, securing—and paying for—all those devices and data plans.

Get ready for that reality. Mobile e-mail, once limited to a few categories of employees, is poised for major growth. A 2006 report from the Radicati Group predicts that today's 12 million or so mobilized e-mail boxes will jump to 199 million by 2010. A separate study from Strategy Analytics estimates that 15% of business e-mail boxes will be mobilized by 2009, and more than half of the forward-looking InformationWeek 500 companies said they have wireless e-mail widely deployed.

What's to account for the increase? Cynics may cite a Digital Life America survey that found 19% of mobile e-mail users work more than 50 hours per week, compared with just 11% of their non-smartphone-wielding brethren. Whether mobile e-mail is a cause or an effect here doesn't really matter. Fact is, e-mail and other collaboration tools, such as calendaring, have become essential to business operations, and IT needs to develop a strategic mobilization plan before we're overrun. Doing mobile e-mail on a tactical basis almost guarantees you'll pay too much and be less secure and less flexible when you decide to deploy other, more complex, mobile vertical applications, such as customer relationship management and sales force automation.

To help enterprise IT groups find the best partner for managing mobile e-mail and associated devices, we submitted RFIs to the leading vendors in this space: Microsoft, Motorola/Good Technology, Nokia/Intellisync, Research in Motion and Sybase iAnywhere. All responded. The main takeaways: Differences among mobile e-mail products have become more nuanced as the market space has matured. All the respondents have credible enterprise offerings, and most have made strides with policy enforcement. That's good news for enterprise IT.We Asked, They Told

For our RFI we brought back NWC Inc., this time masquerading as a midsize manufacturer of specialty widgets and sprockets. NWC Inc.'s mobile strategy thus far has been limited to voice services, with subsidized cell phone plans for executives, salespeople and critical on-call operations staff. But the company just opened a sales office in Dublin, Ireland, so we wanted the ability to distribute mobile e-mail services internationally. NWC Inc. is standardized on Microsoft Exchange for groupware but is interested in what other platforms are supported.

Our questions were designed to draw out details on architectures, client features, security, geographical scope, middleware requirements and more. For instance, would our European employees be able to use Symbian-based phones like the Nokia E61i, which have proved popular across the pond, or will they be forced into another OS? Would we be able to leverage our mobile e-mail partnership to develop more complex mobile applications? How about security—will confidential sales data e-mailed into the field stay safe?

We were surprised at the level of parity in responses. Once, RIM's BlackBerry was the only game in town for enterprise-class mobile e-mail. Today, all the vendors that participated presented what we believe are credible stories. RIM still has the lead when it comes to security, not surprising given its lengthy experience in the field and success in verticals like banking. For-cross platform compatibility, however, Nokia presented the most complete picture, obviously drawing on its experience working with carriers.

As for management, Microsoft has made strides with its ActiveSync protocol and is slated to beef up policy-enforcement features in an upcoming revision of ActiveSync and Exchange 2007. Meanwhile, Sybase recently introduced tighter integration between its mobile e-mail offering and its Afaria mobile device management suite, while Motorola Good has integrated its policy management product into Good Mobile Messaging.

RFI Responses

Click to Download Documents: NWC's Request For Information
Microsoft ::Nokia ::Good Mobile :: RIM ::Sybase iAnywhwere

Maintain Order

Given the amount of sensitive data being transmitted over e-mail, device management and policy enforcement cannot be afterthoughts. The ability to remotely wipe data from devices, encrypt the e-mail store—if not the entire device—and enforce passwords are nonnegotiable.

Nokia and Sybase include device- and policy-management features as options, while RIM and Good have baked these must-haves into their mobile e-mail packages. While we were impressed with both Nokia's and Sybase's cross-platform management capabilities in Network Computing's April review of device management products, enterprises will need to weigh these enhancements against increased software licensing costs.

RIM also offers excellent management capabilities, but for BlackBerry devices only. Non-RIM smartphones that use RIM's BlackBerry Connect platform may have to be managed through a separate program; the ability to manage through BlackBerry Connect depends on vendor implementation.While we haven't tested Motorola Good's security and policy enforcement features (the company declined to participate in our mobile device management review), based on the RFI and our limited experience in the lab we feel that the feature set is adequate.

Finally, we've long hounded Microsoft for offering a limited set of policy enforcement features in Exchange 2003 and 2007. The company has apparently gotten the message and is slated to drastically expand the breadth and depth of its policy enforcement features with the release of Exchange 2007 SP1 (see sidebar ).

O Device, Where Art Thou?

Until device independence becomes a reality, you'll need to create a shortlist of what smartphones and operating systems you'll support. Yes, employees have strong opinions about what they want to carry. But IT must drive selection or face a management nightmare. Make a list of two or three devices that mesh well with the roles your employees serve, for instance, ruggedized devices for field service workers, and that provide required levels of security and management.We based our RFI on a company with sites outside the United States. If you won't have clients in Europe or Asia, device selection will be easier. In fact, you may be tempted to jump right in with the company whose products have become synonymous with mobile e-mail. Research in Motion was one of the earliest vendors to enter this market and has used its first-mover status to amass a commanding market share of over 50%, according to Strategy Analytics' latest numbers.

But while you may figure no one ever got fired for buying a BlackBerry, RIM no longer has a lock on innovation.For example, Symbian has positioned itself as the clear market leader for mobile operating systems, even though its penetration within the United States has remained relatively low. This should change as companies like Nokia move beyond carriers to pursue alternate handset distribution channels. Symbian is quickly becoming the platform of choice for mobile VoIP and FMC/MMC development thanks to its more uniform hardware platforms, particularly in Nokia handsets like the E61i. In contrast, Windows Mobile devices, which draw from OEMs, can have a variety of different hardware stacks depending on the handset vendor. Symbian does have a downside in that recent efforts to secure the OS through mandatory code signing have made the application development process more protracted, as code needs to be independently tested for security.

If applications are your main focus, Windows Mobile is considered by mobile app vendors as a more straightforward development platform thanks to the common .NET programming environment it shares with the desktop versions of Windows. Windows Mobile also provides employees a familiar user interface, which can be a mixed blessing. Some believe that the familiarity of the Windows UI makes it easier to migrate to Windows Mobile. Others argue that navigation in Windows Mobile isn't geared well toward mobile devices. We take a middle-of-the-road view. Yes, most of us are occasionally frustrated by Windows Mobile, yet we find it easy enough to use. A more valid complaint is that Windows Mobile can be sluggish in terms of performance compared with leaner OSes like Symbian. In our experience, performance varies from device to device, with some being underpowered while others are entirely adequate.

While it still has an entrenched base, Palm's Garnet OS is declining both in terms of market and mindshare, mainly due to a lack of OS development on behalf of Palm. Moreover, while competing operating systems support protected memory and multitasking, Garnet can do neither. Palm has committed to develop a Linux-based OS that can emulate the Garnet OS, but don't expect a release until late 2008.

Finally, RIM has its own Java-based operating system for BlackBerry handhelds, with its own developer tools and ecosystem.

Keep Me Safe and SoundWe stressed in our RFI that security was important, and all the vendors provided extremely detailed responses in that area.

All offer AES encryption support and ensure that messages are encrypted from the moment they leave the mobile e-mail server until they reach the device. Motorola Good noted that it has achieved FIPS 140-2 certification. RIM told us the BlackBerry system has been certified by NATO along with six governments, including the United States and Canada, for storage and transmission of sensitive data.

All well and good, but the fact is, we've seen very few instances where sensitive e-mailed data was intercepted from the wireless network. The much more likely scenario is that a device will be left in a cab, stolen, or, in the case of an executive at a major financial company, sold on eBay.

The good news is, all of the vendors we spoke with provide the ability to enforce passwords, encrypt data on the handheld, remotely wipe data from the device and, in some cases, disable hardware features such as cameras, a nice plus.

Nokia and Microsoft have raised the bar further by allowing users to perform some security functions, such as remotely locking or wiping a device, from a Web portal. Offloading these tasks to end users should reduce help desk calls and, more importantly, increase the likelihood that a user will lock and/or wipe a device if they believe it to be lost or stolen during off hours. Decision PointsThere are several core features that all vendors support. In addition to synchronizing mailbox and calendar, users are able to schedule meetings, query the corporate directory for clients, sync their address book and perform other routine tasks.

As for e-mail server support, not surprisingly, everyone works with Microsoft Exchange. Nokia and RIM add IBM Domino and Novell GroupWise, Good Mobile Messaging integrates with Lotus Notes and Domino, and Sybase supports Exchange and Domino. Microsoft packs the most advanced mobile features into Exchange 2007.

Some value-adds: Microsoft includes the ability to access SharePoint Intranet sites through ActiveSync. Nokia cites several features geared toward business travelers, including one that parses out travel itinerary information, stores it in the user's calendar, and can then look at the calendar and use the destinations listed to provide turn-by-turn directions. RIM also targets the directionally challenged with BlackBerry Maps, which provide directions and integrate with GPS receivers found on select handhelds. Motorola Good includes an RSS news reader to keep users in sync with the world around them. Sybase iAnywhere is unique in providing instant messaging integration through a separate product.

While we don't believe any of these features will make or break a mobile e-mail deployment, they are niceties designed to help vendors stand out from a pack where client features are increasingly reaching parity. In fact, in responding to our RFI, each homed in on strengths beyond mobile e-mail.

• Microsoft's ace is that it owns both Windows Mobile and Exchange. With no added software needed for mobile e-mail integration—support is included in Exchange 2007 CALs—costs are relatively modest. Support will be less expensive as well as there is no additional mobile e-mail system to maintain, separate from the collaboration environment. Microsoft supports only its own Exchange 2003 SP1 and Exchange 2007 collaboration servers, and as is the case with most new software, the latest and greatest features are found in Exchange 2007.Exchange 2003 SP1 offered limited mobile e-mail functionality. For those considering Exchange as both their collaboration and mobile e-mail environment, the upgrade to 2007 is well worth the cost. For instance, Exchange 2007 adds self-service support to allow users to perform basic management on their own devices. While we knew Microsoft would support only Exchange on the server side, we were surprised at the broad client support cited (see //ref client support matrix chart//). The enterprise CAL, which adds unified messaging features, managed e-mail folders, filtering and security, and additional Exchange ActiveSync policies, lists for $920 per user.

Where Microsoft fell short in the RFI is in policy support as well as a weak statement with regard to mobile application development. Given Windows Mobile's perceived ease as a development platform, we were a little surprised to find that more emphasis wasn't placed here. Bottom line, Exchange represents a good way for enterprises, particularly those with Windows Mobile deployments, to get mobile e-mail piloted for relatively low effort and cost.

RFI Response

Click to Download Document:Microsoft

• Nokia's strength stems from its history as an OEM for major wireless carriers' mobile e-mail services. As such, the company offers the greatest device choice, with support for both smartphones as well as consumer handsets that run BREW or J2ME. This translates to maximum flexibility when it comes to selecting devices.

Nokia has gone so far as to develop its own e-mail client for each platform, ensuring a unified experience across hardware. This is a particular draw for swamped IT shops because you can train users once for a variety of native e-mail clients. Suddenly, switching from Outlook Mobile to the Symbian mail client isn't such a big deal. Nokia's wide array of device choices make it ideal for international deployments as well.

In addition to device support, Nokia delivers a credible story in security, device management features and application support. Self-service options, such as the ability to lock or wipe a device, are available to reduce the helpdesk burden. The disadvantage is that, while these components are integrated as a suite and managed from a single console, they're priced individually. The pro Nokia Intellisync product costs $12,255 for 100 users, $103,200 for 1,000, not including device management.

Enterprises looking to deploy mobile e-mail on the cheap may be deterred by Nokia's a la carte pricing, but the company does provide a full feature set for mobile e-mail, great flexibility in device choice and a credible framework for future application mobilization.

RFI Response

Click to Download Document:Nokia

• Motorola Good is banking on security as a value add by integrating its previously separate security product into Good Mobile Messaging, a move that may reduce implementation costs. Like Nokia, Motorola Good has created its own e-mail client that it believes offers an improved user experience over native clients like Microsoft Outlook Mobile. It quoted NWC Inc. $6,000 for 100 users, $55,000 for 1,000 employees.Motorola has also developed its own mobile application development program, Good Mobile Intranet, which allows developers to extend enterprise applications to mobile devices. Where the company is weak is in cross-platform support; development strengths have been with Windows Mobile and Palm, and client support has not appeared to progress much from there. A lack of additional client support may limit Motorola Good's international appeal. Bottom line, Motorola Good offers some nice features, a pleasant client experience and a good application mobilization roadmap.RFI Response Click to Download Document:Good Mobile• Research In Motion: RIM's mobile e-mail story is compelling and has grown from simple e-mail and PIM synchronization to include delivering a wide variety of mobile data from behind the corporate firewall to mobile devices. RIM has enjoyed great success, particularly in financial and government verticals where security is of primary importance. As such, RIM provided the most complete and impressive response to the security section of our RFI.

The BlackBerry was originally developed to run on older packet data networks like Mobitex and DataTAC. As such, RIM has spent considerable effort in optimizing the efficiency of data transmissions, which has traditionally resulted in above-par battery life. For pricing, it quoted us $9,395 for 100 clients, $51,495 for 1,000.

While RIM has offered superb security and hardware, its e-mail client is beginning to show its age. Where companies like Microsoft have worked to display rich, HTML-formatted e-mail, RIM's reader supports mainly text-based messages. RIM has also traditionally gotten knocked by industry pundits as a less favorable platform for application development; in this area the company has improved, making strides through both partnerships and its own efforts to deliver mobile enterprise applications to the BlackBerry. In part, this is handled through RIM's Mobile Data System, which can be used to deliver a variety of IP data using the same, secure connection used to push e-mail.

Another knock against RIM has been that to get the benefits of BlackBerry Enterprise Server, including its policy management features, you had to use BlackBerry devices. RIM has again made strides to deliver both e-mail and MDS connections through its BlackBerry Connect platform on select Windows Mobile, Symbian and Palm devices.A recent offering, the BlackBerry Application Suite, allows the RIM OS to be virtualized on Windows Mobile 6 handsets, meaning the BlackBerry experience and RIM OS-based applications can run on Windows Mobile. The downside is that while BlackBerry Connect can deliver mobile data from BES to a non-BlackBerry device, you'll likely have to manage these handsets through another device management system. And while the BlackBerry Application Suite is an interesting concept, we've been unable to articulate just what the real benefit is for the enterprise.

RFI Response

Click to Download Document: RIM

• Sybase iAnywhere bases its competitive advantage on the breadth and depth of its application mobilization as well as its device management. Both feature sets have allowed Sybase to land big contracts, such as with the U.S. Census Bureau to provide database and device management support for 500,000 mobile devices (see the press release ).

Sybase is also one of the few vendors to offer mobile instant messaging in addition to standard collaboration tools, like e-mail and calendaring. This can be particularly useful for younger staffers who see IM as an ubiquitous communications medium. It quoted us $19,900 and $165,000, including management.

Bottom line, Sybase's mobile e-mail product is well suited for companies that already rely on Sybase for either mobile device management or mobile application support.

RFI Response

Click to Download Document:Sybase iAnywhwere

To NOC or Not To NOC?

All these systems are designed to sit securely behind the corporate firewall. The main difference is how data gets relayed from behind the firewall to endpoints on a mobile network.Both Motorola Good and Research in Motion rely on a central Network Operations Center to handle relaying of messages to and from handhelds. In this setup, the mobile e-mail server sits behind the firewall and establishes a secure outbound connection to the NOC. Two-way communication between the e-mail server and the NOC is established through the outbound initiated connection. Mobile e-mail clients then connect to the centralized NOC, ensuring that no inbound firewall ports need to be initialized.

Both Motorola Good and Research in Motion tout advantages of a NOC-centric model. First, both claim increased security and reliability. Because there are no inbound ports open, there's less security risk to the corporate network. Both vendors also stressed that because messages are encrypted end-to-end, from the mobile e-mail server to the handheld, data cannot be intercepted. RIM also said its architecture is optimized to send the least amount of data possible which, in turn, leads to increased battery performance. We have indeed seen superb battery performance from BlackBerry devices in our past testing.

Vendors who don't use NOCs, like Sybase and Microsoft, argue a NOC introduces a point of failure outside of the enterprise's control, a fact that was demonstrated when Research in Motion's NOC went out in April, leaving millions of users without e-mail access for roughly 12 hours while enterprise administrators were left scrambling to determine whether the issue was in their own network or RIM's. A NOC-based model also requires that more expensive data plans be used—in part to subsidize the NOC—and can limit global coverage. And, because the NOC has direct connections to the carrier's core infrastructure and those agreements take time to set up, it simply does not allow for a truly connection-agnostic model.

Two alternate architectures can be used. The first allows handhelds to connect directly to the e-mail server, an exercise that involves opening ports in the corporate firewall for inbound connections. Because of the security risks involved, a better choice is a relay, or reverse-proxy, server. With this option, a mobile e-mail server resides behind the firewall, and a relay server is placed into the corporate DMZ. The mobile e-mail server establishes an outbound-only connection to the relay server in the DMZ. Handhelds connect to the relay device, offering security advantages similar to a NOC. Building Up: Mobilizing Applications

As we noted earlier, mobile e-mail is a good way to get a mobility strategy started. However, there can often be real value by going further, mobilizing vertical applications such as CRM and SFA to increase the efficiency of your mobile workforce. While there a variety of paths to follow in terms of application mobilization, one option is to look toward your mobile e-mail vendor for help.We asked all of the vendors to discuss their strategies for application mobilization and were particularly impressed with RIM, Nokia, Sybase and Good's responses. All four vendors have at least some framework for mobilizing applications and have made alliances with major ERP, CRM and other vertical application vendors to extend these applications out to mobile workers. Microsoft's response revolved mainly around Microsoft Dynamics CRM; we would have liked to see a more fleshed out strategy on this particular topic.A Policy Holding Pattern

We've been critical of Microsoft's posture on mobile e-mail, however, with the pending release of Microsoft Exchange SP1, we're beginning to change our tune. In addition to standard features available today, like enforcing passwords, remotely wiping devices and encrypting storage cards, SP1 brings a variety of additional policy enforcement features to the table. With SP1, administrators can control hardware on devices, such as blocking Wi-Fi connections, Bluetooth and disabling cameras. Control is extended to the software layer as well, so that administrators can block unsigned applications and create application block lists.

So when can end users expect to see all these features? Exchange SP1 will most likely be out in late 2007 or early 2008, but that's only half the story. Exchange SP1 handles the server side of policy enforcement, but to be able to use all of the new features, users will need a new version of ActiveSync (version 12.1). Windows Mobile 6 currently runs version 12.0, so policy support won't be available, even on Microsoft's newest mobile OS, until an update for ActiveSync is released. And Microsoft has yet to commit to when ActiveSync 12.1 will hit the streets.

RFI Responses

Click to Download Documents: NWC's Request For Information
Microsoft ::Nokia ::Good Mobile :: RIM ::Sybase iAnywhwere