Integrating mobile devices into a disaster recovery plan is something that many IT managers overlook, yet it has become an important part of disaster recovery.
In the past few years, mobile devices have gone from being a "gee-whiz" technology that didn't quite fit as a corporate necessity to becoming business critical -- an absolute necessity from the executive office down to the stockroom floor. The question is, what needs to be done to your disaster recovery plan in order to incorporate these ubiquitous mobile devices? While the answer will be different for every organization, the following steps will help guide you toward the best plan for your company: :
- Locate your mobile devices.
- Determine the importance of mobile device data and applications.
- Understand how quickly you can recover from a disaster.
Know where to find your mobile devices
Ignoring for a minute the security ramifications, identifying where mobile devices are located in your company can be extremely difficult. The best place to start is with your business process flows. These flows at the user level will often give hints about how users interact with company systems. An example might read something like this: "After cycle counts, user enters data that is transmitted to the ERP."
Clues like that help you begin the identification process. Outside of defined business processes, it is also important to consider sales, management and executive users who rely heavily on mobile devices. In addition to any manual efforts, there is always an array of third-party products that will track subscriber identity modules, called SIMs, to help control the inventory and location of mobile devices.
Data, applications or both?
After you have established the locations of your mobile devices, you can begin to build them into your disaster recovery plan. To integrate them appropriately, you have to determine what you value most about the devices -- the data they hold or the applications that run on them?
The biggest value of a mobile device is that it allows quick access to important data almost anywhere. However, this is also the biggest risk to your organization and should be addressed in your disaster recovery plan. You have to worry about the accidental loss or theft of the devices and what happens to them when employees leave the company.
Throughout the evolution of mobile devices, keeping tabs on data has been extremely difficult. Fortunately, you can integrate Windows Mobile 5.0 with Exchange Server 2007 to protect your organization from big or small disasters where handheld devices are lost, stolen or need sensitive data removed from the wrong hands.
In addition to standard features, such as device lock and enhanced passwords, the device wipe offered in Windows Mobile should be a critical piece of your disaster recovery plan. The device wipe gives organizations the ability to remotely delete all data -- both on the device and on any removable storage cards.
Because of the inherent problems involved with storing data on mobile devices, they are often used only to run applications to collect data that is transmitted back to a central server. In these cases, your disaster recovery plan should be more focused on device provisioning or the ability to redeploy hardware and software in a scaleable manner.
Although you might be prepared to keep up with the month-to-month deployment of devices, you must also consider your ability to redeploy devices to an entire site under extreme pressure. A wireless push or packed install on removable storage are the most common ways of preparing for these situations. You can also use Active Directory to facilitate and maintain security in these situations.
Determine disaster recovery speed
Once you have a clear understanding of where your mobile devices are located and how your company uses them, determine where these devices lie in the food chain. Regardless of where on the list they fall, the speed in which you can recover from a disaster is all about planning. Therefore, consider the following:
- Standard devices: The more you can standardize which mobile devices are allowed to access data or run applications, the easier it will be to recover. Standardized devices also allow for packaged images and the ability to redistribute devices from one location to another.
- Standard methods: Require users to authenticate to Active Directory for email, data and applications. It will ensure that options like Microsoft's device wipe will help protect your organization.
- Points of failure: Have you planned on how to replace 300 -- or even 3,000 -- handheld devices? Acquiring the hardware could be just as difficult as deploying the software. Understanding deployment and reallocation strategies beforehand will allow you to calmly handle a wide-scale failure.
Helping upper management understand how mobile devices integrate into your disaster recovery plan will help get the backing you need to enforce device standards. Remember, speed without quality will only make the situation worse. Testing your deployment strategy cannot be overlooked.
With mobile devices supporting everything from healthcare to manufacturing, IT managers need to recognize that these devices are here to stay. If you ignore them in your disaster recovery plan, chances are you haven't fully grasped how important these devices are to the business. Like it or not, mobile devices are no longer just toys; and they need as much respect and attention as you would give a laptop computer.
Russell Olsen is the CIO of a medical data mining company and previously worked for a Big Four accounting firm performing technology risk assessments. He co-authored the research paper "A comparison of Windows 2000 and Red Hat as network service providers." Russell is a CISA, GSNA and MCP.
This was first published in August 2007