- Forefront Endpoint Protection (FEP) 2012 – Part 2: Deployment and configuration - Wed, Jun 29 2011
- Forefront Endpoint Protection 2012 –Part 1: Installation on Configuration Manager 2012 - Wed, Jun 22 2011
- iPad for business? The consumerisation of enterprise - Fri, Nov 19 2010
One of the big topics doing the rounds amongst IT professionals these days is the increasing influence of consumer technology in enterprise IT and in particular the question whether the iPad is valuable for business and should be supported by IT. End users have access to more and more business-ready devices in their personal lives, and the traditional line between personal computing and work computing is looking blurrier than ever.
There is increasing pressure on businesses and IT professionals to provide (and support) infrastructure which enables users to connect and be productive on a variety of consumer devices, now that these devices can, with relative ease, cross the boundary between home and work. Business-focused platforms like Windows Mobile and Blackberry have had to improve their consumer functionality, while consumer devices like the iPhone have had to beef up their enterprise features.
In many ways, there’s nothing particularly difficult about this trend, despite the fact that the traditional nemesis of the IT professional has been the end user with a better-than-average grasp of technology. Business devices have traditionally been quite dull and functional, and a new paradigm which sees end users more engaged with their tools of the trade is no bad thing.
However, the problem which many of us see out on the coalface is that businesses are often keen to distribute these devices and “empower” their users without considering the implications or even the appropriateness of doing so. In many ways this is unsurprising – business managers and CEOs are consumers too, and anything which excites them tends to get implemented quicker than many IT professionals are comfortable with.
The Problem of Support
The problem with bringing in personal devices is that they also come with outside baggage – support agreements with other vendors, personal data and often investment of personal finance. Most businesses don’t have an internal support model which can cope with personal devices in a cost-effective manner. The usual approach is for the support staff to say something along the lines of “I’m sorry, but we don’t support personal devices” and just wear the inevitable abuse.
This is generally the only sensible approach available, but it’s coming under increasing pressure. After all, if a business “officially” supports users accessing their work mail via a personal smartphone, how can the internal support staff continue to remain disengaged? The problem comes when a user pops up and says, “Hi, since you configured work email on my iPhone, two of the apps I bought have stopped working. Can you fix them please?”. Or even, “Hi, my iPad has stopped working and you were the last person to look at it. I want the business to buy me a new one.”
They’re not massively unreasonable requests on the face of it, but is it really the job of the support staff to troubleshoot personal software? Without clear direction from management, such support calls can quickly dissolve into a nightmare of confusion, resentment and recrimination (especially when there’s a suspicion that the user isn’t telling the whole story). At a previous company I worked for, the support staff were under strict instruction not to even touch any personal device which came their way, simply to avoid those kinds of nasty situations. A tad inflexible, perhaps, but as a risk mitigation strategy it was certainly effective.
The Problem of Management
As an IT professional, do you trust your users? I mean, really trust them to always do the right thing and keep the business’ interests in mind at all times? Of course not. This is not because users are inherently untrustworthy, but because we each are paid to perform a particular function, and only a few people are paid to constantly maintain an overall picture. From the perspective of enterprise technology, that’s ultimately why we have IT professionals – these are the people who are paid to care about aspects of day-to-day operations so that each user doesn’t have to. Also, if each user were required to, they wouldn’t.
The personal approach where users can purchase and bring in whatever equipment they like, and have full rights to their system might create a happy, touchy-feely environment but it certainly doesn’t scale efficiently beyond a few end users. Hence enterprise infrastructure, locked-down desktops, distributed applications and centralised management of devices. But as a general rule, personal devices don’t fit into this management structure. It’s a brave IT department which insists on installing agent software or applying group policy to personal computers.
The Issue of User Disconnect
The ultimate problem is one which is present in many businesses – users are essentially disconnected from business drivers, and the bigger the company, the more pronounced the disconnect. And vice versa, in general the smaller the company the more engaged the users are.
A CEO is paid to care deeply about the direction of the company, and to take an interest in anything which may impact productivity or expose the business to unnecessary risk. The assistant in the mail room isn’t, and yet has that expectation imposed on them. Additionally, if a user can circumvent rules and restrictions to get something done, they will, regardless of who they are and regardless of the outcome.
Consumer devices in the enterprise are inherently risky, to a greater or lesser extent depending on the business’ risk profile. Unfortunately many businesses would have no idea of their risk profile – investing time and resources into generating one has little obvious short-term benefit, and in any environment controlled by quarterly figures and annual budgets, it’s difficult to build a business case to generate and maintain an ongoing and flexible risk mitigation strategy.
But the benefits of having such a strategy in place are huge. When a business clearly understands its workflows and their dependencies, then it’s also well-placed to clearly articulate that understanding to all employees and has a stable base from which to tackle new initiatives with a few to producing beneficial outcomes. Another word for it is “leadership”.
On the flipside, the lack of an in-place risk profile means that each time a new project surfaces, the risks need to be considered from scratch every time. And considering that this would cause each project to take longer and cost more, the usual approach is to avoid the immediate pain and not consider the risks (which is very risky!).
Diluting an enterprise IT environment with consumer technology has the potential to be a really bad idea, but like any IT project it can be implemented successfully as long as due diligence is performed. If users are to have greater access to business systems than before, old support models need to be re-worked, expectations need to be clearly articulated and change management needs to happen. Of course, this has always been the case and some businesses do it better than others, but as consumer technology becomes more prevalent in the workspace, it’s never been more important.
What is your take? Do you think IT should support the IPad for business?
I really do not understand all this speculation about the introduction of iDevices in the IT space. Of course they will be adopted. Remember the Apple II from the same company followed by the pc? These were consumer devices, with fragile hardware, buggy software, difficult to identify as a need, and horribly unsecured. In time some of these problems were removed and some we adapted.
Saying that the issue is good planning is of very little help. This is a disruptive technology and it will sweep the managers running after it try to figure out how to best use them. The shame is that back in 1999 the coming of the iPad and it’s future was already obvious. IT manAgers, not so proactive and visionay, are waiting for the tsunami, instead of have invented and designed it themselves.
I’m not saying that they won’t be introduced and adopted – of course they will be and it’s already started across a lot of industries.
My point is that there are a LOT of risks involved, not least of which that Apple are a totally non-enterprise company in their ethos and business model, and for businesses to start RELYING on these products is going to take a massive amount of work and planning to make sure that it’s not a total disaster.
Some businesses seem to have already put the necessary frameworks in place, which is great. Others are just plunging head-first into the whole consumer tech deployment and are certainly going to get burned.
We’ve embraced iOS / any ActiveSync device and are moving rapidly AWAY from corporate BlackBerrys simply because, like public cloud services (SaaS ones, at least), if you don’t do it right internally, the business will do it organically without you, and in a more detrimental way than the one you had in mind.
Good example. When you made the move, was this at the behest of the business, or did you see the change on the horizon and simply made the move ahead of time?
I wrote an article about apple and the enterprise a while ago.
This was around the concept that the apple range was ready for the enterprise, it was a case that the enterprise wasn’t quite ready for apple. This has now changed. With the release of office 2011, and the announcement from autodesk that it was providing apple products after many years, apple firmly can be placed in the enterprise environment.
The company I work for supports the use of apple, we have them on the desks of over 60% of staff, and several executives use them. The point to make is that most of us are using our own units, not company assets, thus reducing the overall cost to the business – the onus for repair and maintenance falls on the user, not the organisation.
This is, by far, the best solution for an enterprise adopting apple technology – the only support that I require is access to the domain, AD and exchange, all software is my own, all work remains the property of the company as I do not save locally.
Consumer Tech environment and enterprise are now blurring so quickly that the option to keep the separate means that organisations could be potentially be at a disadvantage – if they do not adopt any technology that meets a specific need, or provide access by staff to a collaborative environment including multi platform.
It’s interesting – the comments here, plus some others I’ve received sort of bear out what I’ve said, which is that Apple products (or consumer products in general) don’t fit well with the traditional enterprise lifecycle and support models, but that businesses which have made the necessary changes to accommodate them AND have managed expectations accordingly have then successfully integrated the two.
Let me give you a bit of a perspective from someone who was once very much entrenched in IT, and who is now very much in the business, and without admin rights.
What I have learnt since leaving is that often business opportunities are fleeting. Access to technology might spark an idea. I’ve experienced it numerous times, where I read about something over and over again, but it isn’t until I pick it up and use it day to day where I will suddenly get an idea “Wouldn’t it be cool if we used this thing to do X!”
If I think about the change management processes I used to subject people to in order to get an idea off the ground, it would be dead before it got off the blocks. Governance is designed to protect the status quo, and in general terms tends to block innovation. I know the agile / optimised IT crowd will argue with me here, but I know of very few organisations that have got their shit sorted out to the point where IT is innovating with the business.
So what’s the solution? I think the approach to IT needs to change. I don’t believe in these holus bolus solutions where once size must fit all. I think the solution is to manage users in two tiers. Full SOE users, get SLA 1.
Then you have the rest of your users provisioned as cloud users. Outside the firewall basically. They access files like they would BaseCamp/DropBox/Skydrive, there’s probably an enterprise version etc… Email/calendaring and IM can be treated purely as cloud apps, which is being done already in alot of places. Then you really just have your LOB and enterprise apps which can be offered through a Citrix / web portal.
People bring whatever device they want, they support it themselves and IT helps on a best efforts basis – SLA 2.
Anyway that’s my two cents. 😉