A recent IDC survey highlighted the growth of mobile device use within the enterprise, as well as the burgeoning immaturity of corporate IT departments to take advantage of this trend with innovative use-cases and application development. Indeed, every organization that I have spoken with seems to be struggling with the mobile device trend in one fashion or another. Decisions abound from which platforms to support for corporate access, corporate liable versus personal liable ownership (and control), requirements definition, provisioning and management capabilities, and in-house application development versus outsourced (or none at all). Whew, what a lot for an organization to think about!
Given all of this work to be completed, how can organizations successfully embrace the emergence of mobile devices?
Focus on Business Strategy and Adding Value with Mobility
Organizations must remain focused on adopting mobile platforms for the correct reasons, namely to add value to the organization and drive competitive advantage. Work to identify existing business processes that can be improved through the use of mobile technologies and drive innovation into new capabilities and experiences for both employees and customers that disrupt current market dynamics. This can only be accomplished through collaboration across the organization, involving forward-thinking leaders from both core business teams and IT departments.
The vision is to leverage the broad and powerful capabilities of feature-rich mobile devices through nimble and innovative application development (in-house, outsourced, or purchased) that empower users to be more productive and have access to the full suite of business capabilities literally in the palm of their hands at all times, in an intuitive, integrated, and natural way. It's not simply enough to migrate existing processes into a mobile environment; organizations must re-invent core processes to take full advantage of mobile capabilities. The nirvana of this vision is to align business capabilities, ease-of-use, and mobility into one package with the resulting synergy creating powerful market disruption and competitive advantage.
Organizations should develop a comprehensive business strategy to incorporate mobilility by identifying core capabilities and processes that can benefit from mobile platforms. Building a parallel enterprise mobility strategy outside of the larger business context is the wrong approach and will ultimately result in mis-aligned capabilities that must be shoe-horned to fit business processes, deteriorating the value proposition.
It's also too easy to fall into the trap of adopting mobile platforms for the wrong reasons, such as consumer market trends, generic employee request, or executive fashion. It's actually interesting how many corporate mobile device initiatives begin at the executive level. How time's have changed from corporate IT forcing change to on an unwilling employee base, to employees and executives demanding support for the latest cool consumer gadget!
Different Scenarios Require Different Approaches
Organizations will need to build a framework of business processes, capabilities, and tools to meet various objectives, and deploy solutions as dictated by user role and responsibilities, if they have not done so already. Varying user roles will require unique workflows, interactions, and content which leverage various and mobile platforms and applications. Organizations must acknowledge and understand these variances, and be prepared to tailor solution requirements accordingly.
Here are a few examples:
- Office users may require access to mobile email, calendaring, document collaboration, and eventually unified services such as voice and video collaboration.
- Knowledge workers on the other hand may require more advanced capabilities to conduct in-depth research, prepare subject-matter design documents, view rich media content, and collaborate more broadly inside and outside the organization.
- IT staff will benefit from access to networked systems for on-demand provisioning, maintenance and support, especially given the shortage of skilled IT workers within many enterprises. Allowing greater mobile and remote access will provide organizations flexibility to leverage workers with specialized skill sets more effectively.
- Manual workers may require access to only a few, well designed applications that allow execution of well-defined tasks. For instance retail associates may require application functions to perform product lookup, inventory management (both in-store and online), transaction processing, and two-way radio communications.
- Educational institutions may require unique workflows tailored to classroom use, allowing teachers and administrators to easily and intuitively control student mobile devices to enhance, rather than detract, the learning experience. Immersive and rich digital content are best suited for tablets to engage students.
Additionally, capabilities and solutions will need to evolve to meet changing demands. This should be fluid throughout the organization, from business strategy, tactical planning, application development, provisioning, support, and troubleshooting. For instacne, while office workers may be requesting simple email and calendar integration today, tommorrow will bring a new set of requirements. Are your organizational processes able to quickly adapt to support document collaboration, video conferencing, or voice on mobile devices? If not, how will you get there? Being able to deliver new capabilities fast and efficiently will be required in this fast-paced environment and will be a point of differentiation.
But many may be wondering, "what about security concerns to control data access and prevent information theft?" Let me go out on a limb here and say that while mobile device security is part of the overall consideration, it should not be the focus of enterprise mobility. Organizations should focus on incorporating enterprise mobility into the broader business strategy, identifying and prioritizing business areas where integration makes the most sense.
|Don't Overreact About Mobile Device Security|
A level-headed approach to determining non-functional requirements, including security, should be sought. Many organizations fear the unknown and the information security personnel are quick to point out the risks of supporting mobile devices. Although security is a key consideration for mobile device adoption, it should not overshadow the potential business value. Organizations that are quick to dismiss enterprise mobility due to security concerns will suffer a comparitive disadvantage versus competitors, and will likely work just as hard to enforce draconian constraints. These efforts would be better utilized by identifying gaps and architecting a multi-layered security strategy to minimize risk.
The new challenge for IT and for enterprise application owners will not be around technology and standards -- setting limits and narrowing choice -- but around helping manage this new hybrid infrastructure and in providing guidance to the business on the optimal deployment models for application productivity. IT is truly moving from a custodian role of setting standards and constraints to a far more strategic, trusted advisory role helping to guide key technology, policy and business-related considerations.Enterprise mobile environment management and controls have been discussed ad-nauseum by various sources. Therefore, I will only outline the capabilities that should be considered and what functionality each provides.
- Nicholas Evans, ComputerWorld
- Information Security Policies define data classifications and controls that form the framework that guides conduct and appropriate use of corporate information. These policies should be in place and updated to protect information based on context including data classification, user role, location, date/time, and device/platform.
- Mobile Device Management enables corporate IT departments to effectively manage corporate-liable devices for provisioning and maintenance. This includes device inventory, settings, firmware updates, locking, and wiping. Many organizations inaccurately confuse MDM with mobile security, but the two are distinctly seperate. Although MDM may incorporate a subset of security capabilities, such as locking and wiping, it's core function is ... get this ... management of those devices. Not device security or data security. The confusion stems from MDM market vendors realizing the concerns over mobile device security and playing the tune to customers' ears. Overall, the MDM market is fairly robust, if not quite mature.
- Mobile Application Management will provide methods for organizations to deploy and manage corporate and 3rd party applications on mobile devices. This includes both corporate and personal liable devices. Application management should form the tactical focus for IT since this capability is core to enabling enterprise mobility. Enterprises should also pay close attention to how public application storefronts handle volume purchasing and distribution since these processes today are immature and often times too prohibitive.
Another core feature is application security and data security. Due to the dual-purpose nature of almost all mobile devices, separating personal data from corporate data on mobile devices is becoming a mounting concern. This topic has been covered by The Enterprise Mobility Forum in their article on Personal Clouds Vs. Remote Device Wiping, and Douglas Haider in his ComputerWorld articles on The App Internet and Mobile Environment Management.
Enterprise mobile application management is definitely immature today, look for advancements over the next 3 years to provide solutions in this space.
- Network Access Controls enable the organization to enforce information security policies through context-aware access enforcement throughout a corporate network. Solutions are emerging by network vendors that redefine network access controls to enable dynamic policy enforcement by closely matching policy. Example solutions include Cisco ISE/TrustSec, Aruba MOVE, and Aerohive Cooperative Control architecture. This goes beyond firewall and NAC capabilities, to provide true user and device identification, profiling, centralized policy management, edge policy enforcement, and comprehensive visibility.
Combined together with the right approach, these capabilities will enable comprehensive mobile environment management without detracting from the the main objective of building organizational value through the strategic use of mobile technologies.
Revolution or Evolution? - Andrew's Take
Organizations are rushing to adopt mobile technologies, often without taking time to plan a strategic approach. Instead, organizations can build greater value by focusing these initiatives on strategically incorporating mobile capabilities into key business processes, tailoring the experience to the situation and the user, adopting a nimble and responsive application development and delivery framework, and taking a level-headed approach to meeting non-functional requirements.
Enterprise mobility is here to stay, spurred on by the advancements in mobile device platforms that are transforming our economy and culture. Mobile applications represent a disruptive shift in how consumers and users want to interact with the broader world.
Don't be left looking like grandpa!