As users bring consumer technologies into the enterprise, it puts a lot of pressure on IT departments. The situation is most acute with smartphones. Should IT support user-owned smartphones? Can it be a win-win? Are there best practices? Get some answers.
The issue of IT departments supporting user-owned smartphones is such a hot topic right now that at the Gartner Mobile & Wireless Summit last week there was no less than three sessions in which it became one of the primary topics, and there were a lot of other sessions where the issue was abundantly discussed.
Meanwhile, as the Gartner conference was wrapping up in Chicago on Thursday, out in San Francisco, Apple was announcing an SDK and a business-class upgrade for the iPhone — perhaps the most visible smartphone that users have been bringing into the enterprise on their own.
Apple's senior vice president of marketing, Phil Schiller, explains how the iPhone will sync with Microsoft Exchange using ActiveSync technology. Credit: Corinne Schulze/CNET Networks
As a result, I thought it would be useful to take a look at the conventional wisdom that has developed around IT departments supporting user-owned smartphones. We'll take a quick peak at the mobile enterprise landscape, look at whether IT can afford to say 'No' to user-owned smartphones, and then consider some best practices for IT departments that do decide to allow and support these devices.
The mobile enterprise
There are approximately three billion mobile phones in use in the world today, and 70% of businesses are using mobility in some way, but only 17% of those businesses have company-wide initiatives to manage mobile phones. For those who do manage it, they run into the question of whether to make it part of the telecom or facilities department or the traditional IT help desk. Either way, friction typically arises.
"There is a natural tension of opposites in enterprise mobility between what the user wants and what IT wants," said Jim Somers, Vice President of Marketing for Antenna Software.
There is also tension between mobile operators and businesses, as operators see smartphones powering their next growth boom with applications. "Remember how much money [the carriers] made on mobile e-mail? They want to repeat that with mobile applications," said Somers.
It's also noteworthy that there are important differences between enterprise and consumer smartphones.
Gartner VP Distinguished Analyst Nick Jones said, "Innovation in the consumer space runs a lot faster than the corporate space." Specifically addressing the iPhone, he said, "Nothing that corporate IT ever delivers is as easy as the iPhone."
In their presentation, "Riding the Consumerization Wave," Jones and fellow Gartner analyst Monica Basso pointed out the following differences between enterprise-grade smartphones and consumer-grade devices.
Credit: Gartner (Monica Basso and Nick Jones)
Can you say 'No' to user-owned devices?
Gartner analysts feel strongly that trying to ban user-owned smartphones won't work and is not productive. Here are a few quotes:
Nick Jones: "Make sure you have a strategy in place for employee-owned devices. Most of us can't afford to say, 'No.'"
Nick Jones (again): "You can't ban consumer mobile devices. It will just happen behind the scenes without you knowing about it."
Monica Basso, Gartner Research Vice President: "Consumers love these products and they'll use them whether you want them to or not."
Ken Dulaney: "Attempts by IT to prevent the use of handhelds has largely failed because of the number of tools to work around IT policies."
Credit: Gartner (Monica Basso and Nick Jones)
However, in high-security and highly-regulated environments, I think it's not only possible to say 'No' but highly advisable. A few examples: government jobs dealing with classified information, health care environments dealing with patient records, and financial services dealing with sensitive company information.
Best practices for supporting user-owned devices
For IT departments that do decide to support employee-owned smartphones, the Gartner analysts suggested some best practices. The suggestions from Jones are represented in the slide below.
Credit: Gartner (Nick Jones)
Gartner also predicted that by 2012, 30% of knowledge workers in the United States and Europe will access corporate data from a personal mobile device at least one time per week.
"As you see this flood of devices coming into the enterprise, you can no longer have the kinds of standards you've had in the past," said Ken Dulaney, Gartner VP Distinguished Analyst. Thus, Dulaney recommends a "Managed Diversity" approach (see below).
Credit: Gartner (Ken Dulaney)
If IT departments are going to support employee smartphones — and it's a good idea for those not in high-security or highly-regulated environments — then I think they should follow a few basic guidelines:
- Avoid saving corporate data on the employee device
- Use VPN and thin client software whenever possible
- Enforce policies to minimize access to only needed services and apps
- Require user training so that they understand the risks involved
What do you think about IT departments supporting user-owned smartphones? Join the discussion.
Of course, one of the most common cases where this comes up is with the iPhone. Read iPhone in your business: Pondering the ROI case from my colleague Larry Dignan over at ZDNet. Apple's iPhone developments last week will make it more palatable to IT departments, but there are really only two advantages for the iPhone over existing smartphones — better usability and better performance with Web-based applications.
Since the iPhone is more expensive than other comparable phones, will those two benefits be enough for IT departments to adopt it? I doubt it, at least not in large numbers, unless Web-based apps really take off. Please take these two TechRepublic polls on the iPhone: