by John Lytle of ISG
Employees of large business enterprises are increasingly bringing iPads, iPhones, Android, and other devices to the office and using them for work-related purposes. This trend, the consumerization of IT or the bring your own device (BYOD) phenomenon, has CIOs concerned, and rightly so.
The proliferation of personal electronic devices in the workplace raises some immediate and urgent issues around corporate policy, infrastructure, and applications. While immediate action is essential, the best approach to BYOD may lie in the context of long-term strategy, one that turns the challenge into an opportunity to optimize the enterprise’s operational environment.
CIOs need to recognize the changing nature of the workplace; specifically, the evolution of the mobile worker into the virtual worker, for whom location is irrelevant. Whereas once, new employees were issued a laptop, and more recently a Blackberry, today the expectation is ubiquitous wireless access to any information, from any location, at any time. While that expectation creates a challenge, the upside is to encourage and enable that desire to work, and to allow employees to be far more productive and valuable.
Enterprise security, which is hard enough to get right without the added requirement of ubiquitous access, is probably the central overriding concern around the BYOD phenomenon. Corporate boards do not want critical IP being inadvertently made available to the wrong people. More specifically, no CXO wants to be on the front page of the Wall Street Journal explaining how their critical data got exposed.
Recognizing the potential risk, enterprises are investing significant resources in this area. Initiatives around defense-in-depth, identity management and multi-factor authentication are receiving highly specialized and qualified resourcing.
While the security challenge posed by BYOD can appear overwhelming, the key to success is to isolate and manage specific criteria such as identity, devices, and presence. For example:
Another set of considerations revolves around the question of support. If they haven’t been already, CIOs will be tasked with providing mobile access to company information. Support of mobile devices is much more difficult with character-based legacy applications rather than browser-based applications. Meanwhile, telling the folks in the boardroom that they can’t access sales figures on their “executive jewelry” devices isn’t a viable option.
The right approach
A successful strategy focuses on simplification and standardization; specifically, on reducing application access complexity to the lowest common denominator. For user devices, that lowest common denominator is a browser-based user interface be it Chrome, Firefox, IE, etc. This means that browser limiting applications may require the UI layer to be switched to a virtual Windows session simply to make the application available to any platform.
In terms of implementation, simplification is again the watchword. Start small, with “super users” or subsets of users to run pilots. Use email access to any platform as a starting point, and Web enable everything.
Another imperative is to rationalize the application development platform. Having fewer technologies in place for application development reduces costs in many ways, and significantly simplifies the user access issues.
The consumerization issue also affects infrastructure, and the network’s perimeter security is a particularly critical concern. The influx of mobile devices could impact the entire network strategy. CIOs need to consider the question in the context of how to manage “data in motion.”
CIOs are increasingly concerned about building their operational defense plan, about managing their legacy applications and rationalizing their portfolios. They’re looking for a good understanding of overall staffing and support costs, and how to pull together their shared services and sourcing strategies. Ultimately, they need to understand what they’re spending and what they’re getting.
In this larger context, the IT consumerization challenge can be a way to address the big picture tasks of IT operational strategy. So, rather than a putting out the fire exercise, the imperative to effectively support mobile devices can become part of a strategic plan to transition the enterprise from where is now to where it needs to be.
John Lytle, consulting director at Information Services Group (ISG) company Compass, a leading independent sourcing data and advisory firm. He has over 25 years of experience managing complex IT organizations for large multinational organizations. His areas of expertise include: IT Operational Effectiveness; Infrastructure architecture and standards (servers, LAN, WAN, TDM & VoIP voice and data centre); sourcing strategy and vendor management; business continuity and risk management; and emerging technologies.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.