No boundaries: the mobility challenge

The increasing desire for businesses to deliver services to staff and customers on any device, at any time and in any place is driving the third era of IT delivery.

The first two eras, focused on centralised computing on mainframes and decentralised computing with client-server systems, shared one common feature. The boundary of the business was well defined.

In the third era of IT, the business is shedding its boundaries. The boundaries of when, where and how systems are used are being shed and IT managers have a choice. They can either ride the wave or get dumped.

If you’re looking for a silver bullet solution or a business that can be used as an illustration of best practice, then you’re going to be disappointed. While a solution might work in one context, it’s unlikely that it will easily translate to another.

As Shaun McLagen of EMC said to us, “It’s a tough one to do it right. It’s so different for every organisation. Every day what mobile means to the organisation, be it big or small, public or private, it changes every day. I know that anybody would put their hand up and say they’re doing it right.”

The trouble is that mobility doesn’t have a neat definition. It can mean very different things to different organisations.

This is an important consideration. When a company is considering mobility as a new set of services for the business, it needs to decide what that means for it. At one end of the spectrum it could mean supporting email and calendars on personal portable devices. On the other hand, it could mean full access to the full suite of corporate application or support for limited types of devices.

If it’s the latter then the business will likely need to consider a plan for migrating or updating applications for multidevice and multiplatform access. That means getting a strategy in place, defining appropriate policies and guidelines for users and developers, and changing the way you think about managing end users and devices.

Vive la Revolution

Consumerisation of complex technologies, primarily smartphones and tablets, has created a user and customer lead revolution. But while it’s easy to point the finger at the hardware being a key driver, the cheap and ubiquitous access to mobile networks has provided the connectivity tissue that allows mobile devices to connect to the business.

Across Australia, it’s taken barely a decade for us to move from slow and expensive technologies such as GPRS to 3G and now 4G/LTE networks. Anyone who used GPRS for data will recall the horrendous charging that accompanied it. It was easy to spend over $100 in a day. Today, that gives gigabytes of data access. And public Wi-Fi networks in restaurants, airports and hotels make it easy for travelling executives to connect to the office even if they are overseas.

While many companies maintain secure VPN access, a shift is taking place. Mobile device support for VPNs isn’t as universal as for regular computers and making VPN connections can impact service delivery.

Simon Spencer, IT Manager at the Master Builders Association of Queensland, told us about their new mobility strategy. While the previous system of staff using laptops connecting back to the main office over an SSL VPN worked, it wasn’t as mobile as they’d like.

“We wanted to present a more professional approach and not sit at a desk, open up a laptop and then say to the client ‘Hang on a second’. A professional approach said that we just had a tablet, could open up the CRM app and have all the details of that lead or account at their fingertips.”

Choosing mobile platforms

The IT business has always had its own religious wars. Apple vs Windows. Oracle vs SQL Server. Proprietary vs Open Source. It’s no different when it comes to mobility.

The two main players at the moment are iOS and Android. Developed by Apple and Google respectively, both take very different approaches to security. In Apple’s case, access to third-party apps is tightly controlled through its App Store and device management is bound by tight guidelines governed by Apple.

As many different vendors use Android, each adds their own customisations to the operating system. As a result, some devices ship with Android’s default system security while others have extra components added through APIs that Google supports. While IT departments, intent on reducing costs, might consider ‘no name’ tablets rather than branded products for known vendors, those cheaper devices might not have security features that are added by vendors who understand the needs of enterprise customers.

For example, as Ron Hassanwalia of SOTI explains, “Prior to Ice Cream Sandwich [Android 4.0], you could not encrypt the SD card of many Android devices with the exception of Samsung and HTC. If you wanted to allow Gingerbread [Android 2.x] devices then you probably wanted Samsung or HTC.”

Adding to complexity for IT executives who are choosing mobile platforms is the potential rise of BlackBerry and Microsoft. Both have recently released new operating systems that target the growth in enterprise mobility.  What’s interesting is that just a few years ago, they were the incumbent powerhouses of the market but they are now the challengers.

To BYOD or not to BYOD

The challenge for technologists is to not start with the solution. In some cases, the decision as to what hardware is deployed is centred on the specific devices. However, that’s not the best place to start.

Ian Hodge from Quest said, “Businesses are going to start seeing business advantages in implementing BYOD. But it starts by looking at the user and not the device. Rather than letting everyone plug in their iPads, it might be ‘let’s understand what the users in their various roles in the company are doing and let’s provide a technology solution for them that helps them go about their business more effectively and actually contributes to the bottom line’.”

In contrast, the Master Builders Association of Queensland didn’t tread the popular BYOD path. Instead, the organisation chose to purchase and distribute iPads to staff. This was driven by the gentle learning curve with the devices as it was already a platform staff was familiar with. Most already had their own iPhone or iPad so the transition from laptops to iPads was relatively easy.

“The more mature companies that embrace that user-centric model say that they believe that BYOD can help their employees be more productive. They can respond more quickly to customers. They can improve work processes,” according to Hodge.

The middle ground is to allow users to bring their own devices but limit what is supported on different platforms. The BYOCD approach advocated by Hassanwalia of SOTI calls this BYOCD - bring your own certified device. “Organisations and companies are going to be defining what is certified, what is allowed and what isn’t allowed.”

What are we really managing?

In the past, IT was very focused on managing physical assets. When a user was issued with a notebook or mobile phone, IT made sure they had a record of who had the device and where the device was. But when a business embraces mobile applications, it’s also taking on the risk of data being held on devices that are not tightly managed.

That requires a two-pronged approach around securing the device through appropriate policies and practices as well as shifting the focus away from the hardware to the data. While the loss of a $700 tablet is annoying, losing confidential data is more damaging.

Adding to that challenge is that if a device holds both corporate and personal data - a situation that needs to be considered regardless of whether the strategy involves BYOD - then the management solution needs to take that into consideration. Remotely wiping a BYOD device because the user has forgotten and mistyped a corporate password a few times might result in the deletion of valuable personal information such as photos or videos. The focus for businesses needs to be on protecting corporate data and not everything on the device.

One of the challenges of mobile device management, or MDM, is that IT departments need to change their views on asset management. When the business owned the assets there was significant effort just tracking devices through their life. However, that changes when the focus is on tracking data and applications rather than hardware.

Part of the challenge is that a BYOD policy that doesn’t restrict the devices that users can bring into the business will require systems to deliver applications and data to many different devices and operating systems.

The BYOCD approach advocated by Hassanwalia of SOTI allows “you to have a very secure policy without compromising across every single platform”.

Is VDI the answer?

Many organisations look a the mobility issue and decide that the safest way to push corporate applications and data to portable devices is by virtualising desktop environments.

Hodge of Quest warns, “Desktop virtualisation is not the same as server virtualisation. With servers, it all exists under one roof in the data centre. So, physical proximity means that changes are made in close control of IT. With the desktop, we’re talking about devices that exist out in the world and are moving.”

When VDI is done well, it offers some significant benefits when dealing with increasing organisational complexity and the need to support increased levels of mobility. A successfully implemented VDI solution is expandable and secure.

“The ability to separate data, to cut the company’s data from the user’s data, you can’t do that if you allow devices into the network and access into corporate systems - for all that data to be sitting on the one device unmonitored and unmanaged it becomes a risk,” he added.

One of the costs that is often underestimated when deploying VDI solutions is storage. As data is removed from end-user devices, there may be a need to increase storage in the data centre. Data that was once held on smaller islands of storage on tablets and notebooks can be being pulled back into the data centre.

Safety first

In a recent report, Gartner identified three security hurdles that need to be overcome when shifting to BYOD. These were conflicts between the right of users to leverage the capabilities of their personal devices, conflicts with enterprise mobile security policies, freedom of choice with devices and the differing security profiles of platforms and devices, and privacy concerns emanating from the personal ownership of devices used at work.

Clearly, security is a significant issue and there is no simple solution to the problem. There’s no role model or best practice that applies universally to all mobility scenarios.

McLagen of EMC suggested that when security is done well that “you see a layering of technologies. It’s people who have a good mature security posture, layer technology appropriately, who understand where their key assets are and manage to that risk. People who use a combination of people, process and technology well will be able to open up business and not lock down innovation.”

Image credit ©iStockphoto.com/urbancow