What is Happening? Ongoing inquiries from Saugatuck clients are a prime driver of our research. One of the areas under greatest scrutiny by both our CIO and IT provider clients right now is Mobility, with inquiries regarding a wide range of mobile IT evolution, market trends, services, providers, and especially impact on user enterprises. This Research Alert presents information and insight from client inquiries on enterprise Mobility adoption, use and management since January 2013.
In that timeframe, the vast majority of Mobility-related inquiries have focused on two enterprise aspects: CIO mobility management concerns, and mobile business applications likely to be the most influential/disruptive for the enterprise.
The most-frequently-cited CIO concerns regarding Mobility right now are about BYOD, and are primarily around the costs and risks of technology management - including the very high likelihood of increasing and accelerating technology fragmentation. As we said in a recent Strategic Perspective, “BYOD” is really “BYOT.” And BYOT’s main challenge is the increasing scale and diversity of device numbers, device types, software ecosystems (OSes, apps, development stacks, etc.) and access points.
In simplified summary form, the BYOD/BYOT management concerns that we hear about most often from enterprise CIOs, CTOs and other IT leaders include the following:
- Hardware: Device differences, manufacturer viability, device reliability, device/manufacturer technology strategy(ies), device capabilities (e.g., cameras in secure areas)
- Software: OS differences, UI differences, app quality, app provider viability, apps store support/security/viability, built-in cloud services (e.g., iCloud, Google Apps, Kindle Store)
- Services: Provider adaptability, provider technology(ies), provider ecosystem relationships and viability; provider data management, integration, protection, and compliance
- Users: Identity management, device/app/Cloud services management & usage (e.g., potential tech/operating incompatibilities, security)
- Security and risk management overall: Everything. When it comes to mobility, CIOs and other enterprise leaders simply do not yet know what “security” should include, who has responsibility for it, what the best practices are, and so on. It’s very similar to the growth of web site usage in the early to mid-1990s. The technology is very widely used, but its real effects, exposures, limitations, and capabilities are only just being explored. In addition, a great deal of the security risk lies outside of enterprise controls, with the network and its providers.
Why is it Happening? The concerns about managing Mobility flow from the unavoidable trend toward BYOD/BYOT. As Saugatuck has discussed in some depth for our CRS subscription research clients, the challenges stem not just from mobile devices, but also from personal applications, clouds, services, and data within the enterprise (read “The False Dichotomy – Should Enterprises Embrace BYOT?”). Below, we summarize what we have said previously regarding the key challenges and factors that enterprise IT leaders face – and need to learn how to manage ASAP:
As the number of systems in the BYOT expands, the multitude of device versions and types can quickly outgrow previous management software in both scale and scope. At the same time, if the company does not eliminate corporate devices entirely, a BYOT policy will not obviate the need for the old system, and enterprise IT must then add more capabilities for the new devices, while leaving the old system in place.A variegated device landscape within the enterprise poses further challenges to management than just the cost of supplementing / replacing the existing management software. Often with consumer-targeted devices, the focus from the device makers has not been on enabling enterprise security or data management services, and the operating systems themselves actively resist being managed in certain ways.
Software and OS version fragmentation is also a key inhibitor for successful management, and the source of increasing complexity for Enterprise IT. Best Practice: start BYOT programs with support for only a few of the most popular devices and OSes. This will enable you to focus your efforts on delivering the best value to the top platforms and reduce overall effort. Additionally, maintaining an initially tight focus on device versions and types will give you a better ability to ensure that the device software itself is up to date and secure.
So far, the concerns have focused mainly on how the enterprise IT will have to approach the technical and economic challenges posed by BYOT. The users themselves, however, pose additional challenges. Because the users are the owners of their devices, complete company lockdown of the devices is often beyond what they consider acceptable. While strict policy enforcement on a company-supplied device is possible, it is often overly intrusive to exact the same control over a personal device. As a result, a more subtle approach is needed to enforce device policy at the application and data level, not necessarily at the device level (read “ Mobility in the Boundary-free Enterprise™: More Than Device Management”). While enterprise vendors such as EMC Syncplicity and Good can currently sandbox the enterprise data they load onto devices, this is not yet the case for all MDM solutions.
For an extended version of this Research Alert, visit Saugatuck Technology.