In my last post. “What The Consumerization of IT means and how to think about it, I described how we’re thinking about the “Consumerization of IT”, the background driving the changes, and the key trends.
In this segment we’ll focus on one of those trends – the Consumer Device Tsunami – how this trend will affect the delivery of IT and where the opportunities are for service providers.
To recap, “The Consumer Device Tsunami” is the move from PCs to newer, often personally owned, endpoint devices like smartphones and tablets. The drivers are both the devices themselves and the generation of users that have had their expectations about how to interact with technology shaped by these devices.
New data from the Gartner IT symposium last week supports this, showing tablets and smartphones as key environments that IT will need to support from here on out. http://www.techrepublic.com/blog/hiner/look-out-the-10-rising-tech-trends-of-2012/9470?tag=content;blog-list-river
Within the context of having to deliver IT services then, what are the key problems these devices raise? They breakdown into four categories:
- Security (and compliance)
- Service readiness
The first step is to find out what devices are connecting into your environment. Unless you’ve already written Apps for specific devices (like iPhones, iPads or their Android equivalents) the most common entry point is email. For most organizations this means Microsoft Exchange – and the connection point today is usually Exchange ActiveSync (for smartphones and tablets). With tools provided by with more recent releases of Exchange, you can fairly easily list the mobile devices used by individual accounts to find what is connecting. On-going discovery then allows you to control device access and make exceptions when required.
This isn’t a complete solution – for a full view you’ll need a security tool that audits connections to PCs to see what types of devices are connecting through local PC connections as well. Here’s a link to a free tool for security tool provider Safend that will give you an idea of what’s connecting into your environment –no endorsement of this product is implied – it is listed as an example.
Security and compliance.
Security and compliance is harder. If your organization is in the Medical, Insurance, Financial or Government areas, or if you just handle personally identifiable information (PII) in any organization, there are regulatory requirements for control of specific types of data. The cost of non-compliance ranges from simple (but large) fines, to per record lost costs that can exceed $200 per record. A few years back the US Veterans administration lost a laptop that contained unprotected personal information for a very large number of veterans – in addition to per-record-lost-costs the VA paid that are estimated in the tens of millions of dollars, they also paid $20M in judgments as a result of this event.
But how does this apply to newer devices? Now that Tablets and Smartphones have the power, storage capability and compute capacity of PC’s from just a couple years ago, near ubiquitous adoption, and access to corporate email these same issues directly apply.
Email can easily result in exposure of sensitive data on these devices. Exchange Activesync allows you to control a number of policies for the devices that you allow to connect. These include; which devices and family of devices can connect, block or quarantine specific device, wipe device after too many password attempts, require a passcode and complexity of password to access the device and more. Mobile device management applications may be required to enable additional security features – for instance full encryption of the device or capability to install Apps. Symantec, McAfee as well as a number of smaller organizations offer solutions for mobile device security management that can be used for these purposes.
The reality is that you may need to re-write portions of your front-end to be mobile device ready. Smartphones with their smaller screens are a special problem – there simply isn’t the real estate that older applications expect. But the issues also include support of browsers that aren’t standard in the PC world – Chrome and Safari most commonly. Older screen layouts for sites and on-line services will need to be re-architected for use with these devices. To create a new front-end to older client – server (and even mainframe) applications, you may need to write a custom App.
If you are re-writing your web properties to be more accessible, HTML5 seems the clear winner for deployment. Flash is increasingly available for these platforms (although still not available for Apple IOS devices), but, most developers looking for rich content are writing for HTML5 deployment.
One example – Nimsoft offers and iPhone monitoring App that connects directly to your specific instances. Over time expect to see all of our offerings optimized for usage with both the small screen and larger displays.
Apps are where it’s at these days – you may even need to look at having your own customized App Store for your users – Quixey and Chomp allow novices to find the right apps by application platforms. Quixey even allows controls to power your local search. In the near future, these solutions may even to be able to support a “qualified application” model that would allow you to control the Apps your users have access to.
The short story is that organizations need to set appropriate policy for access to corporate environments and sensitive data. These policies need to be based a conscious decision of the appetite for risk as well as the regulatory and compliance environment that they operate within. Additional variations by role may also be required. If you think about it, Smartphones and Tablets have the same risk profile as a laptop, except that they are much more liable to loss or theft. If you allow access to sensitive data on these devices (and access to email means that you will be allowing that access), you will need to set and enforce appropriate policies. Policies will need to include:
- Company owned or Bring your own device
- Allowed / supported devices for connection (hint – only choose devices that you can enforce management policies for)
- What policies will you enforce: Password required? Complex Passwords? Erase or lock device on too many failed login attempts?
- What usage will you allow? Full local control? Limited App access? And so on.
Where are the opportunities for Service Providers?
If you are monitoring and managing your customer’s environments there are a number of opportunities resulting from these devices. Some of these are:
- Advising your customers about the best way to formally adopt support
- Implementations of security and connection policies
- Best practice policies and discovery of current usage
- Administering policies and management
- Alarms and audits for compliance with policy and regulatory requirements
In the same way, if you are a managed hosting provider or co-location provider providing services to customers – a good higher value offering for customers using hosted Exchange (or other email services) would include assessment, implementation and on-going management of these devices.
If you manage major portions of IT infrastructure for your customers, the opportunities are not only those above but also include creating centralized services that can be used with multiple customers for managing and monitoring the usage of mobile devices as a service, creating new front-ends for existing applications used by these customers, and even qualified App access.
For Cloud-based service providers, you already know that one of the major delivery vehicles for your services will be these mobile devices. Architecting your services to be mobile friendly from day one will save you having to re-architect your solution later.
Last installment on this topic coming next – The Consumerization of Data Center IT – The move to delivery of fundamental IT infrastructure and services as replace-able, easily consumable resources.