Employees are spending increasing amounts of time away from their primary workspace and understandably want access to technologies that help them remain productive. The benefit is clear—Yankee Group’s Enterprise Mobility: Empowered Employee survey (June 2013) showed that employees’ self-stated productivity can increase by as much as 40% when they are provisioned with mobile devices.
While many employers are struggling to manage this technology shift, employees push on regardless. With the growing ubiquity in mobile computing power in their personal lives, mobile workers are also turning to a variety of consumer tools and technologies for work purposes.
According to the survey, 20% of all employees use consumer instant messaging services for work on their smartphones, 14% use social networks and 8% use consumer web-based productivity tools for work; 56% use or would be interested in using consumer productivity apps for work and 16% do so even knowing their IT department’s policy is to prohibit their usage. In fact, one-third of all employees believe they would be more productive at work if they had access to the tools they use in their private lives.
The main reasons why employees resort to their consumer-grade apps are their familiarity with them from personal use, the absence of an alternative from the enterprise and the fact that they are more likely to be updated regularly than work-provided equivalents.
This wave of consumer technologies flooding the workplace and workflows is compelling IT departments to revise their policies about what devices and technologies are sanctioned and which are restricted. This trend shows no signs of slowing down and it is evident that over the past two years IT has been forced to adapt. (See Figure 1.)
Consumerization at a rapid pace may seem inevitable, but IT needs to clearly understand the consequences of adopting a permissive policy, as this will open the floodgates to mass usage. Explicitly allowing employees to use consumer tools increases usage from 16% to 64%. (See Figure 2.)
Enterprises cannot afford to sit idly by and watch employees change the corporate technology landscape. Businesses need a toolkit to turn the tide in their favor. Thankfully, although still a relatively nascent marketplace, there are many providers offering up innovative solutions to help IT bridge the gap. Here are key considerations for making consumerization work.
Start developing to gain control. As mentioned prior, and as Figure 3 shows, there are three main reasons why employees resort to using consumer apps for work in the first. Whereas mobile application development in the enterprise was once the preserve of mobile application enterprise platforms (MEAPs) or custom from scratch development by either external partners or internal developers, the options now open to IT are much more numerous.
Many traditional MEAPs are revising their offerings to become more agile, with new mobile backend-as-a-service and platform-as-a-service offerings, an explosion in front-end development tools and a range of connectivity platforms designed to quickly mobilize data onto simple mobile clients, so IT has more choices than ever.
This partly explains why Yankee Group’s IT Decision Maker survey in June showed that 50% of companies are planning to increase their in-house development of apps over the next 12 months and 31% are planning to increase the outsourcing of application development.
Replacing all consumer grade apps with an enterprise alternative, however, is not the answer. IT can standardize some of its generic workflow processes and mission critical field and CRM users onto core enterprise-developed mobile apps, while supporting employees in their use of commonly accepted mass consumer apps.
Federate identity to manage heterogeneity. With IT needing to enable access to a heterogeneous environment — consumer and enterprise applications, cloud, on-premises and data-center, mobile and fixed — there is clearly a need for identity access management (IAM) solutions to enable this.
Recently, cloud-based solutions have emerged which aim to do this either as a replacement or, more commonly, as a corollary to existing enterprise identity and single-sign on regimens. It will take time for some of these approaches to mature, but IT needs to start thinking now about how IAM can scale across this heterogeneity.
Over time this will be taken a step further through BYOidentity — employees using their existing social media logins, as an example, to access both their personal and professional applications and content.
View distribution, security and management as integrated capabilities. IT still focuses too much on security, and the more they do the more users will circumvent it. Thirty-three percent of companies (at least) say they have had corporate data compromised on mobile devices (employees say much higher!)
Part of the problem is that IT still sees security as conceptually unique from management. However mobility’s ubiquity means that security is now directly tied to user analytics and user management. IT needs to take more of a risk management approach and plan for governance, risk and compliance (GRC) contingencies across mobile assets. To help with this IT should look to institute the following:
Make sanctioned mobile apps available in one centralized internally managed store — custom developed and off-the-shelf apps from third party marketplaces such as Google Apps Marketplace or Salesforce’s AppExchange.
Look at app wrapping services to wrap policy controls around all application types without new code being needed.
Consider per-app VPN tunneling and app-level DLP and remote wipe capabilities.
Over the air user-policy and version updates not requiring users to search
Integrated usage tracking, license management and volume purchasing support
Clear policies help—a lot. While the majority of organizations have been compelled to move with the trend, some confusion clearly remains among employees as to what consumer technologies they are and are not allowed to use. For example, 34% believe their IT department prevents the usage of consumer apps for work purposes — compared to the 13% of IT decision makers who claim that is their policy, and a sizeable 30% are not sure what the policy is.
Being explicit about the policy goes further than just communicating whether usage is allowed or not; IT needs to explain the reasons why the policy is as it is. This includes outlining the relevant security risks associated with allowing usage, the possible implications for productivity around managing a heterogeneous environment of apps and the demands on providing support to users in such an environment. Users must be aware of the issues involved and understand the appropriate level of responsibility apportioned to them for their conduct.
Shift the IT mindset. For organizations, a lack of clarity and the resulting lack of transparency about what is and isn’t being used or allowed in the corporate environment is the worst of all scenarios. To avoid losing all control over the enterprise technology environment — and to remain relevant— enterprise IT needs a culture shift to becoming productivity enablers rather than policy enforcers.
Trying to control mobility is a contradiction in terms. IT departments need to become more progressive and proactive in their attitude toward mobility and look to segment their workforces to understand how best to match the mobility solutions to the employee role and the business processes, rather than providing a controlled (i.e., limited) environment that employees will go around.
Employees are more likely to work with IT if given a choice of apps they can use and clear policies around how to use them. This approach will help an organization get ahead of the game. IT should be proactive in selectively embracing consumer apps where they have clear productivity benefits, and by giving simple guidelines so employees know how to use them.
The enterprise must also be realistic about what it can control. While implementing flexible policies ensures greater transparency, stronger management of the risks inherent in mobility and hopefully a more aligned device and application environment, consumers will always reach for non-sanctioned tools. To manage a pool of corporate and personal technologies as effectively as possible, IT departments need to be clear in their policies about what is and what is not allowed.
For critical enterprise apps, IT departments need to deliver a consumer-grade experience. Since usage is due partly to the perception that consumer apps and devices either include better functionalities and UI than enterprise apps, success requires that IT ensures the UX for the latter is on a par with what employees are experiencing with their consumer tools. Not doing so will only drive further unmonitored usage of unsanctioned applications.
Throughout all this, it’s important for enterprises to be flexible. IT should both ensure continuity and innovate in a constantly changing technology environment, adapting to the needs of their business.
3 Places to Start
None of this is easy in the complex world of mobility. However, there is a fundamental change in the way users access and consume apps and content, and IT needs a radical departure from how it used to apply policy, security and compliance. Follow these three steps to avoid getting lost in the flood.
Get to know your workforce. Yankee Group research shows that 38% of the workforce can be classed as mobile workers —from a broad range of knowledge workers to those dedicatedly mobile and remote workers in field service or sales. These are different workers, in different environments engaging with many common but many distinct business workflows. The first step is to segment the workforce into user profiles to understand the buckets of users with common behaviors, attitudes, technology profiles and workflows.
Identify common consumer applications. IT should understand which apps have the widest usage and provide access and limited support for these to their employee base through their central portal/catalogue/store.
Manage the right thing. Look to mobility management tools that enable policies to apps rather than the devices. This gives more control over what matters for IT and is less likely to induce push back from users than if IT tries to control their device. IT should then work with lines of business to educate the workforce on the new policies.