This action might not be possible to undo. Are you sure you want to continue?
ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved 1
Mobile devices are taking over many organizations with an increase in employees carrying smartphones into the workplace and demanding the right to use their own device. Whilst the mobile revolution means the CIO can worry less about network infrastructure at the office ‐ such as structured cabling ‐ it introduces a series of new issues, such as wireless security. A complete lockdown of the network is unpopular with workers who want to be able to work on email, documents, and company information using the same device at home as in the office. But with hackers even targeting the Android and Apple operating systems, what could be the price of flexible access to your company systems using mobile devices? An information leak because of security weaknesses created by mobile devices is just one possible outcome from the proliferation of smart devices. There can also be the opportunity to create a more flexible working environment for your team – can you remember a time before the Blackberry, when email could only be answered in the office? Mobile devices can also create new innovations for your end customers too – in many different industries. Customers are interacting with information in new ways and many of them want a mobile offering, so it is only natural that this would translate into the use of more smart devices within the organization. There is a change in customer expectations and in the expectations of your own workers – everyone wants to ability to use mobile devices to access information. But as an IT leader, how do you support all of this change? It’s a long way from the standardized systems of old – now people are bringing their own devices into the office and expecting your IT team to support them. In this IT Decisions report, we explore what our IT leaders think about the explosion of use in mobile devices at work. What opportunities are created for the creation of new services and what complexities are created with the need to manage this?
“…what could be the price of access to company systems through mobile devices?”
2 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
To explore the issue of preparing the IT department for a change in business strategy we asked four questions – three of which were multiple choice and one designed to promote an open discussion. We received answers from 22 executives from 11 industry sectors: Shipbuilding, consumer goods, insurance, media, food production, chemicals, logistics, financial services, consumer services, manufacturing, and transportation. Question 1: Has your organization faced an actual ‐ or the threat of ‐ an information leak because of wireless networks and devices?
Not yet, but is a threat
Yes, but we closed it quickly
Our IT leaders are overwhelmingly in control of their own security risks regarding mobile devices in the workplace. Despite the risk of security breaches being one of the main concerns around the proliferation of mobile computing devices, a full 50% of our respondents said that they have not faced any form of information leak because of mobile devices. This was further strengthened by an additional 36.4% who answered that they have not faced any information leak, but they perceive it as an ongoing threat. Only one in ten of our respondents had faced a real situation where data was stolen or leaked because of mobile devices. ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
Question 2: How have you dealt with the increase of smartphones in the workplace?
Other strategy Blended strategy of company and user devices Blocked access
Better governance 0 1 2 3 4 5 6
It’s a difficult question. Users want flexibility. They want the ability to work on email and other tools from the office and from home – or during the journey between work and home. But if the users are not always using company issued equipment then how much control should be applied? An interesting observation from our research here is that very few respondents suggested blocking access to users with non‐company devices – only 13.6% suggested this is the correct strategy. The actual support for best practice in managing mobile devices was split fairly evenly between improving the governance around device access (40.9%) and designing a strategy that explicitly allows users to use both company and personal devices for work (36.4%). This overwhelming support for designing a strategy around users shows a strong sense of pragmatism – users don’t leave their mobile devices at the office entrance. You can try to block them, but it’s more sensible to design governance that allows users to access office systems within some form of structured governance that allows flexibility with security.
4 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
Question 3: Would you consider paying a fee to users to use their own devices at work in exchange for them agreeing to not use your internal IT support service?
No, it introduces risks
Maybe, if I can see it has worked elsewhere
This was a very unpopular suggestion. It is a strategy that some companies – such at the energy giant BP – have adopted. With all their internal software available via browsers, the actual device used to access company software is no longer important, and they give an annual fee to users to not bother the local IT support team. But this takes a huge amount of planning and it is not always possible to locate every piece of corporate software in the cloud. And if a user cannot fix their own laptop then should their manager simply allow them to keep on struggling, or call on IT support even though it was agreed that they would be left alone? Our own IT leaders could see more problems than advantages with this approach with a full 38.1% saying they would not be interested in this kind of idea, and the same percentage saying that it introduces new risks into the organization. Perhaps this is an idea that has yet to mature.
5 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
Question 4: Once people had to be in front of a PC to access the Internet, now they can do it from anywhere using a mobile device. This introduces new opportunities for businesses in all sectors ‐ new services can be devised around location‐aware mobile devices, but it creates new security challenges too. What are the mobile innovations you are exploring in your business and where do you advise caution should be applied? The most relevant responses from our CIO respondents are listed here. Insurance: Our main challenge is "having to keep everything open" Mobility is something desired for a long time and now is a big reality. Like any "new" technology, the safety factor must be well planned, and frankly, today, very few institutions are prepared to understand and close security gaps that currently exist. My company operates exactly in this field, and we have developed products that help a lot in this sense, and costs have decreased a lot, but the main blocker is the culture of having to "keep everything open." Media: Every new technology creates risks Every new product linked to mobility which enables access to the enterprise environment creates security demands, even if it's only to review policies and methods. There is no way to prevent access to these devices, since the dynamics that businesses demand requires access to corporate information outside of the organizations as an essential element of market competition. Consumer goods: This is a one‐way journey The era of consumerization arrived, it is already within medium and large companies, is a one‐way journey. The major challenge in IT is to mitigate the impacts of this revolution. Food production: Carry out pilots beforehand The adoption of consumerization in business is inevitable. Thus, we have been discerning in that regard and have limited use to a limited audience, with the implementation of policies that make clear that only a few applications available. Chemicals: We can't swim against the tide Mobile devices in the enterprise are a reality and we cannot swim against the tide. In addition to distributing many smartphones, we extended our base with the policy of "bring your own device." That is, we will devices that belong to our own employees to receive corporate e‐mail or access a segregated wi‐fi network. 6 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
We will manage the risks with rules and technology, but being connected is essential. We're late in the development of applications to leverage this important technology. That will come in the next few years. Logistics: Create a support policy for personal devices We have a policy that is already in place which allows the use of personal devices (smartphones and tablets), so long as they are not supported by the internal service desk. In practice, this does not work very well, because we still get calls and not answering them generates dissatisfaction from those who put the calls in. The consumerization associated with social networks is still a big challenge for companies, but I think the fundamental problem is one related to education and trust, which ultimately generates a high management cost. Financial services: The mixed model is the reality The CIO has to face up to a new reality: providing, with appropriate controls and security, applications and company information on multiple devices ‐ some belonging to the company, others to the user. Customer Service: Application of mobility requires maturity Indeed, mobility is a factor that can not be dismissed as a tool that gives competitive edge in business. Access to information at any time allows more agile decisions. But mobility technology is still fairly immature from the standpoint of information security. Companies need to look more closely at this issue, otherwise we will live the problems that were experienced earlier during the boom of Internet access. Financial services: Do not ban access What has no solution, is already solved. Invest in educating consumers of IT (formerly known as users), set policies that are consistent with the reality of your company and do not prohibit access (there is no way to prohibit access ‐ even in prisons that is not possible).
7 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
Manufacturing ‐ Set the importance and benefit of using mobile devices Indeed, this is a situation that is here and has to be dealt with. The easiest way would be to prohibit the use, but if we are to create value for our organizations, the attitude should be: minimize the risks and enable benefits. Therefore, we need to answer the following question: how significant is [the use of mobile devices] and where does the benefit come from? Other CIOs also said ... Shipbuilding: The advent of mobile devices is a reality that companies must consider and take advantage of the opportunities that can generate. Consumer Goods: Even the mobile device manufacturers are concerned about the security issues of this type of equipment. Certain features of IOS5 already demonstrate that.
8 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
Conclusion and Executive Summary
The world has changed. Not only is work and home time blending, but mobile devices have allowed executives to manage their work on the move – but the use of mobile devices with Internet access has now moved far beyond the boardroom alone. There is now a wave of user‐owned devices entering the workplace and those users expect to be able to work on their own device as well as any tools supplied by the company. In many cases, the personal devices are more powerful and user‐friendly than the corporate tools. But our IT leader responses demonstrate some important initial findings this week: • There is not much evidence of user devices causing security threats yet, but many of our IT leaders are aware of the possibility and taking measures to ensure security is improved. • There is a strong sense of pragmatism. This cannot be prevented. Everyone now carries a phone, most have Internet access, and many are carrying tablet devices we can’t return to an age where our users carried an old LCD screen Nokia phone that was just a phone. The best way to approach the problem is to define governance and behaviors, so the workplace can be flexible, but also secure. • There is very little support from our IT leaders for a push to moving the workplace to an almost 100% reliance on user owned devices. Some companies have tried this, and reduced their support requirements, but it is a difficult ideal to achieve and our IT leaders don’t see it as a target worth aiming for just now. Our IT leaders reflected these key views in their additional comments on the subject; with the key theme being that enterprise IT managers cannot swim against the tide of consumers. The people formerly considered ‘users’ are now extensive IT consumers in their own right, with personal iPads and smartphones – all equipment that is powerful enough to be used within the enterprise in addition to their own personal use. Prohibition creates no value and denies users the opportunity to add any value to the organization. The smart IT leader will explore how best to open the organization to every user, so they can use their own devices to work away from their desk, but without opening the company to dangerous security risks.
9 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
The members of our research network believe that this is now a one‐way journey and cannot be changed, but they urge caution and self‐awareness. Mobile security is still evolving and is therefore an easy place to slip up. If a determined hacker really wanted to target your organization then a flexible network policy promoting remote access could be your Achilles heel. Times change and users of enterprise business systems are now all technology users at home and at work. The smart IT leader can capture this enthusiasm to create a flexible working environment, encouraging a blend of company‐issued and personal devices.
10 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
IT Decisions Research
IT Decisions produces a report like this every Friday, based on what CIOs told us that same week. It is fast and relevant knowledge from your peers, it is only available to the CIOs in the research network, and it is free. What is the catch? You pay by participating. Every week, we will send you four simple questions that will take no more than five minutes to answer. The more participants, the better the quality of the research. So please do invite your colleagues to join! Get in touch with recommendations via firstname.lastname@example.org. Do you want to direct the research and define the topics alongside our board of founder members? We also offer Platinum memberships that allow you to steer the process, as well as other benefits including comprehensive reports, face‐to‐face focus sessions and more. The IT Decisions FutureSkills fund is a charitable, transparent fund focused on improving IT education and training in Brazil. If you recommend a Platinum member to the network, we will donate R$500 to the fund in your name – and Platinum members will get to choose which organization gets the money at the end of the year. Please contact us for more details.
11 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
About IT Decisions
IT Decisions is the premier source of insight into the technology and high‐tech service industry in Brazil. The company creates English‐language news and insight for a CIO audience with regular features and analysis that cannot be found elsewhere. We focus on decision‐makers and influencers – the “buy‐side”. Reproducing the sales pitch or adverts of suppliers is not our thing; we focus on those buying the systems. IT Decisions was founded in 2011 by Mark Hillary and Angelica Mari, two of the most respected business and technology writers in Europe ‐ with a collection of best‐selling books and industry awards between them. The IT Decisions research network is an invitation‐only group of CIOs in Brazil who work together to produce a new research report every week. Take a moment to connect with the IT Decisions management on LinkedIn and take a look at some of their books, other media, blogs, and publications: Mark Hillary, CEO http://j.mp/markhillary Angelica Mari, Publishing Director http://j.mp/angelicamari Mark, Angelica, and the whole IT Decisions team is based in São Paulo, Brasil – the biggest city in the Southern Hemisphere.
Image Credits – licensed under Creative Commons Horizontal Integration ‐ http://www.flickr.com/photos/ebolasmallpox/3536804299/ (capa) Ed Yourdon ‐ http://www.flickr.com/photos/yourdon/2675323741/ (woman with Blackberry)
12 ITD #13 Mobile devices and the IT department © IT Decisions 4 November 2011 – All rights reserved
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.