Working at the crossroads of rapidly evolving technology and the growing needs of an increasingly savvy user base, IT directors have a lot to keep them up at night. Unfortunately, counting sheep has never done more than pacify symptoms. The only true remedy is to find adequate solutions to the most pressing issues.
With this in mind, we set out to expose the biggest challenges and collect best practices. In a survey of executives conducted at the end of 2012, we uncovered the biggest IT headaches — and there’s plenty nagging companies these days.
Perhaps, the start of these headaches is simply trying to answer “who owns mobility” in the organization. (See Figure 1.) Only 3% of companies surveyed have a chief mobility officer or similar title dedicated to mobility alone.
IT leadership is certainly trying to take ownership (36%) and business leadership comes in at 21%, however 30% of respondents said that mobility is managed in siloes.
With such a close divide on who is doing what when it comes to mobile, it’s easy to assume that there is confusion and, therefore, obstacles when it comes to getting things done.
There is also likely to be duplication of work and, going forward, companies will need to define a clear path for mobility in order to gain success. This will also help understand where resources are needed most.
The good news is, that regardless of the state of mobility in their companies now, the majority will be taking a new approach within the next five years.
Companies are facing an array of mobility challenges coming at them from different directions. Take for instance the new set of device offerings, and the supporting infrastructure. Android and iOS have overtaken BlackBerry, Symbian and Windows as smartphone OSes of choice. Tablet computers have become viable platforms for business users.
This changing of the guard on the provider side frequently requires enterprises to swap out old gateways and bring in new ones to support new device types.
What’s more, employees at all levels insist on using the same devices for personal and business, so the IT department has to make policy decisions on whether to support BYOD; and if they do opt to support BYOD, they need to decide to what extent and under what conditions.
Because workers are downloading consumer software for business use, CIOs have to decide how to protect business assets from rogue apps. How do they keep track of applications and how can they enforce policy in such an environment?
And finally, cloud computing has become a viable option for many business systems. If the IT department doesn’t jump on this bandwagon, they might be surprised to find out that business units have subscribed to cloud-based services (such as CRM) on their own.
On the other hand, if they do migrate apps to the cloud, IT has to ensure the same levels of service and the same levels of security, regardless of whether a system is running on premises or on a cloud.
Approach to Mobility
With these general trends in mind, how do respondents approach mobility? Even though most enterprises have deployed mobile technology in some form, and to some group of users, and despite the fact that the majority (65%) view mobility as “an enabler of both enterprise and customer success,” relatively few provide full working platforms on mobile devices.
Only 21% of our respondents said they were offering full mobile “offices”; the rest are enabling information access and point solutions to help with specific business processes. (See Figure 2.)
On top of that, less than one quarter of companies are currently offering mobility holistically across a number of business units.
Notably, however, 70% of our respondents said they expect to do so within the next five years. This is quite a significant shift possibly leading to a “new” IT.
Most IT departments have been at least partially supporting siloed solutions all along, but going forward full responsibility for mobility will become the standard.
The data showed that while many mobile solutions have benefited specific workers by supporting processes unique to their jobs, business units are happy to get rid of the task of managing mobility themselves. As one survey respondent put it, “Many business unit leaders would like to give their mobility initiatives back to IT.”
It will be interesting to see if this transition, from having one-off deployments of mobile solutions in different departments to company-wide services supporting mobility across the entire business, actually happens as predicted. We do know that it must happen to even begin to solve the biggest IT headaches.
Taking back one-off solutions and trying to manage them as a general service only adds to the chaos created by BYOD, and with its escalation, our findings might seem discordant at first.
Only 15% of survey respondents said they had a full BYOD environment, whereas 35% said they were still using corporate-liable devices only, and exactly half said they were using a combination of the two. However, on closer scrutiny, this feedback is not surprising at all.
No MDM platforms offer support for all the popular device types, nor do any business applications, other than those that are essentially virtual desktops, with no local storage of information. Most organizations that do offer BYOD maintain a list of device types they’ll support, and allow BYOD only for those handsets on the list.
This blending of personal and professional devices goes hand in hand with the general trend towards consumerization in the enterprise. Users want more. Their expectations of mobile technology have changed dramatically in the past few years, and enterprise solutions have had trouble catching up.
As one respondent said, “While enterprises understand the importance of mobility, the continuing evolution of technology can be overwhelming to IT departments, and therefore creates severe priority issues.”
The Top 5 Headaches
To avoid a big pain point, the first tip we got from respondents, is to take your choice of device types very seriously. As one CIO put it, “Device selection is critical to how you take on any of the top five issues. You have to have that somewhat put to bed before you can firm up the rest.”
Headache #1: Lack of internal resources
Because responsibility for mobile services is shifting from business units to the IT department, organizations need to adapt their approach to funding such services. But most haven’t yet done so. As a consequence, CIOs are taking it on themselves to seek support from a collection of internal business leaders to put together the case for common platforms.
This is a difficult and time-consuming process that rarely results in sufficient funds in the timeframe needed. One IT director told us, “Investments in mobility have such a limited lifespan that they are difficult to justify. But they are absolutely needed, and that’s the dilemma we’re in.”
On top of the pressure to come up with funding for common infrastructure, IT directors are scrambling to find the skills needed to support the newest generation of mobile apps. Spending is still slow, so CIOs can’t fully rely on the standard three options (training staff, hiring from outside, or bringing in consultants).
Headache #2: Security
Getting users to change their mindsets about devices is one of the challenges in securing the mobile enterprise. If people override policy or just get sloppy in their behavior, even the most robust password protection and encryption schemes amount to nothing. This is why within the category of security, policy enforcement is a key component. As one CIO put it, “Since we deal with so much sensitive customer data and since our institutions have such big Internet pipes, securing devices and the network is essential.”
Two other big security issues arise when companies support BYOD. The first is data loss protection. Almost any MDM system can take care of that threat through device wipe and device lockdown features, but many employees don’t want MDM software wiping their personal device or locking it down. They don’t want software disabling or controlling any of the subsystems.
Companies are left with two options: Either refuse use of the device or accept the security risk. Some MDM platforms address employee concerns by offering containerization, which allows dual device personas, and total separation of work and personal data. Some new devices such as the BlackBerry 10 (but only through BES10) have this built into the smartphone as well.
The second security issue stemming from BYOD is that more applications have to be managed, because users are getting apps from public app stores. IT has to either maintain a whitelist (a list of acceptable apps) or a blacklist (a list of unacceptable apps) and restrict access accordingly through a mobile application management (MAM) platform.
Interestingly, many CIOs are looking to virtual desktop solutions as the best way of solving some of the pressing security issues. If a device runs a virtual desktop, the user can access business applications without accessing local data, and without storing sensitive business information on the handheld.
Headache #3: Device management
Most CIOs agree that a device management solution is necessary to support significant mobile enterprise services. Those who made the decision to use MDM several years ago, might find themselves limited to sanctioning only those devices supported by an aging platform. A new generation of device management has since evolved, offering improvements along several dimensions.
Some of the newer systems are on-premise only, some are cloud-based only, and some can be operated either on premise or on a cloud. Many offerings provide application management as well to whitelist and/or blacklist applications and to control licenses. Finally, different platforms support BYOD in different ways, usually with varying degrees of containerization.
A big challenge for IT directors is to choose the right MDM platform. Several CIOs have cautioned that enterprises should make decisions about the set of devices they want to support before shopping for a platform. Companies who do it the other way around - that is, those who lock in to a platform first - wind up having to live with the device types supported by the MDM solution.
Headache #4: The business case for tablets
The C-Suite were early adopters for tablets because they usually want (and get) the latest and “coolest” device. As with smartphones, however, the tablet trend is not being driven from the top down, but, from the employee up.
Tablets are quickly replacing laptops and, in fact, Gartner recently declared the “end of the PC,” but many CIOs are still waiting to see the business value of this form factor before fully taking them on board. This could be a mistake, as even though the pricier iPad is far out front as the leading device choice, the market is flooded with options. With price points as low as $100, every level of employee may eventually bring a tablet to work.
Since, enterprises can’t afford to support all device types CIOs need to figure out not if there is business value, but what the value is in their business in order to stay ahead. One CIO commented, “Getting employees to demonstrate a business case is essential to preventing device creep.” But this approach, waiting for employees to make a case, puts the enterprise in catch up mode and BYOD history will repeat itself.
So when it comes to tablets, the enterprise needs to be the leader, rather than the follower. As seen with smartphones, employees will figure out what devices work with or without IT support and you’ll be facing headaches one through three all over again.
Admittedly, that the clear case for tablets, in some industries and functions is more obvious than others. For example, doctors and nurses carry tablets around in hospitals as they walk from patient to patient and need quick access to medical records. We have seen examples of the sales process being completely transformed through the use of tablets, which provide an ideal platform to view product images and information.
Headache #5: Application development process and platform
Even though many simple business processes (time management, expense reporting, email) are addressed by “consumer” or “off-the-shelf apps,” business processes specific to job functions are where mobility can make the most difference. And while so much talk is around devices, it’s the apps enabling the business processes that are really running the enterprise.
These apps must be custom built. Some companies develop mobile apps themselves. Others have apps developed by partners. In approaching development, the questions are fairly familiar. What am I trying to accomplish with this “technology?” What’s the business case? What’s the ROI? What resources do I need? But, unlike like other IT projects where the available technology dictates the scope, when it comes to enterprise app development, the business dictates the technology and the requirements, and the app must not only meet these business needs, but work across OSes and devices. Plus, if the business requirements exceed the capabilities of the existing infrastructure, other options such as the cloud must be considered.
Apps also come with user expectations that must be built into the interface, functionality and deployment in order to ensure adoption. As one IT director said in the survey, “User expectations of mobile platforms have grown tremendously in the past few years. Real solutions are having to catch up to those expectations.”
In reality, most organizations do not have the knowledge or resources to achieve successful app development on their own and businesses need a mobile application development platform and or partner to work through the entire lifecycle of app development for business and IT success.
No matter how apps are developed, having a common development environment is necessary. But since in the past, as we have already mentioned, mobility was supported by different business units in different geographies, most companies have to support different platforms for different apps. While migrating from one platform to another is usually not a viable option, CIOs can hope for some degree of consolidation by selecting a common environment for future apps.
These five headaches clearly equate to the common challenges for all mobile initiatives. Resources, security, device and app management — everything else falls under one of these pain points. As we have seen, many organizations were just trying to keep up, but the “lights” are now on and we are moving towards a wider approach.
As mobile technology evolves even faster, it will touch most (if not all) parts of an organization. Centralizing ownership, but working across the business will be the only way to move forward successfully. To really become agile in 2013, based on what we’ve seen in 2012, enterprises should take 5 steps (see sidebar), minimizing these 5 headaches and reacting to the fast changes in the mobile landscape, all while sleeping a bit more at night.
5 Steps to Minimizing Headaches
Every mobile enterprise should take the following 5 steps in 2013, if they haven’t already:
Pick the device types you want to support, independent of existing infrastructure. Many other decisions will be based on this choice. When looking at devices, consider security, the future of the device type, the capabilities of the platform to run the apps you need and the suitability of the UI. Choose all gateways and platforms only after you’ve selected the device types you’ll support and then plan to phase out any current gateways and platforms that can’t support the selected device types.
Define your usage policy in a document to be signed by all users. Your usage policy should include whether you support BYOD and under what conditions. Only sanction device types from the set you pick in step 1. You may want to provide different levels of support — for example full support for sanctioned applications on sanctioned devices, and “guidance” for everything else. Part of your policy should be that if any business unit wants to use other devices, they have to show a business case explaining why a given device does the job better than the ones on your list.
Favor a policy of whitelisting rather than blacklisting applications. This gives you more control, and it’s much easier to pick the apps you’ll allow than to sort through a nearly infinite universe of apps you won’t tolerate. Whitelisting reduces your staffing needs and it cuts down on security vulnerabilities.
Favor the cloud. Cloud-based MDM, for example, allows you to more easily swap or adjust solutions. Given how fast device types and mobile workers are changing, your organization needs support flexibility and to be able to scale user base up or down.
Think about application management. As long as your applications conform to your security policies, preventing data loss and controlling access to information and networks, the device type won’t matter (but still needs base security). Look to policy-based application wrapping as the way forward.