Businesses in the SMB market may find themselves the object of enterprise envy. When it comes to mobility, it’s often perceived that smaller organizations have more flexibility to make decisions and deploy technology.
This was the case with SIHO Insurance Services, which also had to consider regulatory compliance and serve clients much larger than it.
The good news for all companies, however, is that the solution they put in place is secure and easy for any size organization to implement, and the ROI that Mike Clancy, VP Information Technology for SIHO, reports is also exponential.
SIHO is headquartered in Columbus, IN, has 250 employees and is growing by the day. Clancy’s team supports six locations, and 1,000 clients of varying size—from very small (5-15 employees), to the largest with over 40,000 employees.
SIHO provides any type of health plan a business may want, and also offers claims administration, pre-certification, case management, concurrent review, utilization review, member services, benefit consulting, a national pharmacy network and a comprehensive network of hospitals and physicians in one facility. “If you couldn’t guess, we have a lot of sensitive data in our organization, since we deal with medical records and personal information for all of our members,” said Clancy.
In the pre-2011 iPad world, SIHO operated with all corporate-owned devices, mainly at the C-level. There were only 30 or so smartphones, including BlackBerries and a BES was in place. Other devices were managed via Active Sync and controlled by pin lockdowns—controlled being the key action here.
Then came iPads, and that tipped the BYOD scale for the company; everyone wanted one and everyone wanted to be connected to the corporate network. Clancy said they started with putting policies in place, but they also quickly recognized that relying on adherence was not enough.
The top concern was security, but they needed visibility too—into which devices were trying to connect and how they were being used—and ultimately, of course, the goal was to enable employees to be productive. Plus, they wanted to support the devices those employees really wanted to have.
The trick was in balancing employees’ needs against the need to be HIPPA compliant and protect customers’ information at all times.
“We needed to have a way to do that systematically, through a very contained process. We needed to have security and to make sure that if there were concerns around that security layer, IT would know right away,” according to Clancy.
For many technology projects, the first piece (sometimes before the biz case) is getting executive support. Clancy suggests leading with your “strongest” punch—meaning: What’s the most compelling reason for the deployment?
In his case, it was security and compliance. It also helps when the executives (which is the case in many organizations) are the ones asking to be connected. They tend to have the latest and greatest devices and, since they have a vested interest in having access, but are also (ultimately) responsible for protecting the business’ interests, they will also have a vested interested in the project.
Clancy said that in building the case, they broke it up into two parts: business requirements and technical requirements. The goal was bridging these two imperatives. On the business side: compliance; corporate devices and BYOD; low capex up front and low TCO; rapid deployment; support of business continuity plan; GPS location; and remote device wipe.
Clancy said, “HIPPA compliance was the top driver. Corporate devices were a known and BYOD was the unknown. We wanted to make sure that all security concerns were addressed; that we had everything completely locked down from end to end. We wanted low cost of ownership, but didn’t want to skinny down the solution and it had to be easy to deploy and enforce quickly.”
On the technical side: iOS, Android and Windows support; Active Directory integration and policy management; SaaS or on premise option; date in transit and at rest encryption; scalability; vendor support; centralized management; apps control; and device lock and unlock. (The company will support legacy BlackBerry devices until they age out, but and offer up to three OS’es. Android and iOS are the first two.)
“While we were starting with a small percentage of our users, we knew this would explode. As soon as people found they could get access anytime, anywhere, they were all going to want it—immediately. So, we needed to make sure this would scale up as we grew as an organization. Having experienced about 150% growth over past year and a half, the solution has already grown with us,” he said.
Application control—is a “touchy” area according to Clancy, and a very important piece of the solution. The question becomes: What is allowed on corporate devices and what about non-corporate devices?
“Do you allow an employee to install Angry Birds, or whatever the latest hot app is today? It’s their own phone; it’s their own iPad. Do you allow those things to function at your work facility or only at home?” he asked. They had not decided on apps policy yet, but, knew how important it was in the overall solution and strategy.
They did not want to overlook the more obvious things either. “One week of having this solution deployed, we had a number of people who came to us and said, ‘I’ve locked up my device, what do I do now?’ For us it would take longer to login to the cloud—which is less than 30 seconds— then to reset a PIN code; it’s the simple things like that you need to be able to do just to keep people productive,” noted Clancy.
Moving into the selection phase, SIHO developed a grid with multiple layers of decision points. These included:
What does it cost to maintain the cost of the security infrastructure?
What’s the support look like from the vendor?
Is it a scalable solution?
What’s the enrollment process for end users? How easy and intuitive is that?
What’s the goal aspect for how the user authentication actually occurs?
Can it be integrated with Active Directory while dealing with security across all mobile technology at the same time?
What is app management?
What power does IT have from the administrative console? And again, how easy is it to use? How easy is it to get reports?
Can security risks be seen at a glance?
What things are soft warnings? What things are critical warnings?
How does the application actually deal with that, when it’s not being attending to?
Does it have some automation to shuts things down, restrict and block those devices automatically?
Going through this, and “a plethora” of other criteria, Clancy said they ranked several vendors. “We came up a scoring system that allowed us to narrow it down and select demos. We also utilized a Spiceworks forum—where a lot of IT professionals participate and where we could get a lot of real world feedback.”
All of SIHO’s criteria were met by the Fiberlink (an IBM Company) MaaS360 SaaS Solution. According to Clancy, it only took half of a day to prepare the IT environment for the new implementation and they were able to enroll devices within “moments’ of deployment.
“This was, by far, the quickest deployment I have ever experienced,” he said.
An IT “favorite” is making any solution program “as painless as possible.” This means for both the employee to enroll and IT to manage. “We can’t have it taking hours of helpdesk time just to get a phone connected to our corporate servers,” according to Clancy. With a “quick list” and a few links, users are up and running. Plus, the solution quarantines and block any rogue users or devices that try and enroll.
Clancy is confident that the results he is realizing would be equivalent in any size organization. “If you take your number of employees, locations and devices, and multiply that times our numbers, you will see very similar solutions and savings,” he said.
$15,000 estimated minimum savings in startup costs
$10,000 estimated minimum savings in ongoing annual costs
Hours versus weeks deployment
No additional hardware, capital or support costs
Predictable future expenses
To hear the SIHO story first hand and gain Research Director, Mobile and Wireless, 451 Research, Chris Hazelton’s insight into this deployment and the enterprise mobility management market, listen on demand.