CIOs need to acknowledge that the IT capabilities of employees’ own smartphones threaten the status quo.
By Bud Mathaisel
Enterprise mobility isn’t happening the way we thought it might. We assumed the IT department would be in the driver’s seat, executing a carefully mapped plan to take the enterprise where it wants to go. That scenario isn’t entirely absent, but in many cases IT is slow to capitalize on the opportunity. When IT does not provide solutions, impatient business unit managers turn to the myriad opportunities outside, including services offered in the cloud by third parties.
Executives embrace powerful new mobile technology from third parties and ask employees to use it. Or employees themselves seize the opportunity and do what they want with handhelds and mobile applications available for download. Rather than following a carefully mapped plan, enterprise mobility is going viral.
CIOs can’t just watch and wait this time. Mobile technology is unlike the earlier technologies adopted independent of IT. With the personal computer, the Internet, and others, the CIO had some level of confidence that the chickens would come home to roost—inevitably, the CIO did gain control at some later stage. Enterprise mobility is different because the applications in use are likely to be in the cloud, professionally written and run. As Figure 1 underscores, the next two years promise substantially more access to corporate information through the use of smart handhelds. There might be no independent trial within the enterprise, nothing for the CIO to eventually take over and make robust for everyone. To stay engaged, the CIO must influence mobility from the start.
Influence this time around begins with acknowledging the new power of personal IT. “The CIO has to come to terms with the fact that everyone’s walking around with significant IT capabilities,” says futurist and interactive media consultant Mark Pesce.
As noted in the PwC white paper The situational CIO,¹ it is a given that a CIO must balance the multiple and sometimes conflicting demands of providing information access and IT services to the organization. Now, because individuals are bringing their own IT assets and infrastructure with them, the CIO and the IT team need a strategy for managing this phenomenon, including how to choose and what to enable.
Through research, PwC has identified several best practices any enterprise mobility strategy should include:
Enable grassroots research and development (R&D) capabilities
Understand device choice options
Assess the payback potential
Establish new governance approaches
Formulate new business process models
Provide new infrastructure and skills
Enable grassroots R&D capabilities
Don’t expect or insist that IT is the only wellspring of ideas. Although IT may have already identified some opportunities, it is likely that new applications will be developed from the ideas and initiatives of employees. Sponsor internal R&D activities for mobility across the whole organization, not just in IT.
This cross-functional approach has at least two benefits:
Because many employees are knowledge workers, they will have insights, experiences, and passions you can leverage.
When you give people an official enterprise channel for their ideas, word gets around and you help make your organization a place where more people, especially Millennials (those born after 1980), will want to work.
Some organizations have sponsored innovation prizes to encourage idea generation and sharing, but the setup and management of that process can be tricky and could work against those who are most inspired to share their ideas. It is likely that many mobility ideas will come from the younger workforce—the Millennials—but it is inappropriate to be exclusive.
Tom Conophy, CIO of InterContinental Hotels Group (IHG), encourages an enterprise-wide approach: “I sponsor R&D-type activities across my team. I have about 800 employees across the globe, most of them knowledge workers and computer scientists. I’ve always been a strong believer that you have to give people outlets. They have their day jobs, and then they have their passions. The idea is to try to turn on some of those passions. So we’ve established these labs, which we call gulags, and we let anybody with reasonable ideas come in.”2
Unlike any previous IT initiative sponsored by headquarters, mobile devices are ubiquitous and designed to provide independence. Some CIOs have invented a few things in their digital labs, but other CIOs are sourcing ideas from end users. For example, Standard Chartered is investing in a special applications development environment in San Francisco’s media district, South of Market.
“We plan to have our San Francisco entity stay very small and nimble, and be able to bring in new ideas, deliver quickly, and then move on to the next thing,” says Todd Schofield, head of a new mobile development unit at Standard Chartered. His strategy is influenced by the creative environment associated with the South of Market neighborhood in San Francisco. However, great inspirations can come from anywhere, and the best advice to CIOs is to give knowledge workers the tools and the resources to make mobility work well.
The CIO needs to ensure that the R&D teams adhere to development and hardware standards, especially for the interfaces among enterprise systems. As CIO, the other important contribution is to put the infrastructure in place to enable the R&D, including wireless access, security, help desks, and so forth, as discussed in the article, “Turning handheld power into enterprise clout,” on page 06.
Understand device choice options
Providing IT devices to end users is nothing new, but mobile devices create a dilemma for organizations: to provide a standard device to every user, or to accept users choosing their own—known as “bring your own device” (BYOD). The first option gives IT the kind of control it is accustomed to having over enterprise technology assets, while BYOD embraces the personal empowerment that has helped make these devices so powerful in the first place.
PwC research suggests that limited BYOD will become the rule more than the exception, in part for reasons expounded in the article,“Turning handheld power into enterprise clout,” on page 06. For some organizations, BYOD is perfectly appropriate right now; for example, when the organization is quite diverse or in a stage of experimenting. In other cases, the diffuse nature of BYOD might require the CIO to spread the applications and infrastructure teams too thinly.
It is true that the shift from an enterprise choice to an individual user choice adds a great deal of complexity, and the shift could result in a patchwork of devices with varying capabilities. For some organizations, this is no issue and actually supports the broader move to create a more employee-empowered culture. For others, it is a problem for two reasons: security and applications integration.3
For security reasons, limited choice might be appropriate in areas where a high degree of rigor and consistency are required, such as in regulated environments, finance, protected data, and physical safety. At least for now, some organizations are limiting the choice of device, operating system, and applications in these circumstances. It is wise to apply this restriction sparingly and to let BYOD be the default. Providing the devices at no cost to selected end users is a helpful catalyst to reduce clutter and ensure focus on a mobility strategy. A variation on BYOD that might be best for many enterprises is to limit employee choice to a few of the more popular consumer devices that can be more easily integrated and supported, ensuring a first-class approach to that support.
Applications integration is another argument for providing every user with the same device, or at least limiting the choices. “We previously had message-centric devices and we are converting those to iPhones,” Schofield says. “The intent is to be a more application-driven company rather than an e-mail-driven one. We want to move from an e-mail-centric device to an application-centric device that also does e-mail.”
To enable this conversion, Standard Chartered is launching an enterprise applications store roughly equivalent to the Apple App Store, from which applications can be downloaded that fit the specific purpose and parameters of Standard Chartered.
Assess the payback potential
CIOs usually have an investment payback mind-set. Because enterprise mobility is relatively early in its adoption cycle, many organizations approach the investment as either a means for cost reduction or for improved personal productivity. Although the justification may be quantifiable, many organizations take as a matter of faith that their mobility investments and initiatives will produce a payback.
Cost reduction could come from two approaches, depending on the organization. One path reduces the number of devices to a manageable few and provides complete help desk, security, and support for those fewer devices. Another path exploits the fact that many mobile applications and data could reside in the cloud and leverages cost-effective economies of scale in the cloud.
Whether an organization achieves improved productivity depends on the organization and the nature of its business. For a consumer-oriented business, the opportunity to reach out to end customers through applications that they would want is considered an eventual benefit. For other organizations, enabling mobility is a way to attract and keep the best and brightest of younger workers.
Standard Chartered is counting on improved productivity through benefits to employees. “A lot of the return in the long run is going to be about employee efficiency and effectiveness,” Schofield says. “We really want decision making to be able to happen faster. As everyone knows, e-mail is a horrible form of communication.”
PwC research suggests that, for the foreseeable future, enterprise mobility devices will be used in addition to the PC. However, as more computing activity occurs on mobile devices and more applications are based in the cloud, PCs may be used less often, allowing enterprises to keep employees on older models longer. It is also likely that companies will eventually be able to invest in a set of wireless peripherals, including full-size keyboards and computer screens that would allow the mobile device to become the “hub” in a docking-as-you-need-to approach for desktop computing chores, giving employees even greater flexibility.
Establish new governance approaches
Even more than with previous technologies, mobility is about people and their use of the device, which can be a very personal matter. The IT organization often underestimates the cultural change needed to employ technology, and this challenge is especially true for a technology with roots in the personal domain. The wise CIO will seize this opportunity to establish a culture around mobility.
Current best practices suggest establishing a culture appropriate for this stage of evolution—a culture that aligns with the reality of the workforce today. Right now, excessive controls could stifle the creativity needed for enterprise mobility. Early adopters are—by nature—likely to be among the most creative users, and you don’t want to squelch them. The “feel” of this culture is about experimentation and early adoption, but with important boundaries. Balancing the two will take persistent leadership and frequent, open communications.
The PwC white paper The value creating CIO makes the case for balanced controls in situations such as enterprise mobility. Establish basic rules of behavior, but not too restrictive, given this early stage. The rules of behavior for IT professionals may not need to change, but because the value-creating team now expands to include many non-IT professionals, the rules of behavior must accommodate the broader base. For this broader base, the rules of behavior could include:
Continue to strictly follow the enterprise security policy (updated for mobility)
Avoid any potential embarrassment, especially given the potential for social networks to be a source of embarrassment
Minimize the use of company time to do this work
Share what you learn
Perhaps most usage policies reflect the enterprise’s awareness of data privacy and other legal matters. But the more that mobile devices are used for both personal and business applications, the more diligence CIOs, legal counsels, and human resource executives will need to exert over unresolved legal standards. The realm of data privacy, particularly regarding mobile devices, has not been fully resolved by the courts.4
Rules that are too restrictive could be a problem for new employees, presumably hired because of their accomplishments in previous jobs. But what if those results were aided and abetted by a mobile device and a number of applications that—under your policy—the new hire can’t use? You run the risk of “cutting off half of the value that you are hiring the person for,” notes Srinivas Krishnamurti, senior director for mobile solutions at VMware.
Celebrate the creative ideas and breakthroughs of those who produce useful results. PwC’s The situational CIO white paper emphasizes that communication is an essential skill and a crucial part of the CIO’s job. This is especially important in mobility because of its very broad range of participants.
While specific approaches to fostering the right culture will depend on the organization, the digital labs referenced earlier can be a convenient and visible way to organize mobility initiatives. It is important also to reach outside the enterprise to customers and business partners.
Some organizations address the customer side through focus groups and structured marketing initiatives around mobility. Others approach this less formally through social networks, monitoring what customers say about the company and do on their own. Mobility is a great opportunity to connect with the customer base, especially if your customers are among early mobility adopters. Establish and publish the code of conduct for the enterprise and for those who connect to the enterprise, much as you already have done with privacy and security standards.
Mobility is also a great opportunity to leverage partner ideas and buy-in. In the same way some lean manufacturing organizations encourage partners to contribute to the design of products or improvements in distribution, collaboration could work well when creating mobility applications. This collaboration could be especially important in industries that have unique security requirements or regulations that affect everyone in the ecosystem.
The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) “forced us into data encryption for our remote sales force,” says Larry Herrmann, manager of global IT customer support at DJO, a medical device manufacturer.
Most IT organizations have worked diligently to secure their wired networks and data to meet regulatory and compliance standards. Mobility will challenge the traditional approach to imposing security standards on end users. Because they consider these devices their property rather than a corporate asset, end users will likely balk at the centralized controls now available and appropriate for devices containing corporate and client information. CIOs should begin the education process early, since there is benefit to early cooperation and buy-in from users and business partners.
Formulate new business process models
Those who have adopted business process reengineering as a continuing endeavor will find mobility to be another opportunity to rethink workflow, touches, and information exchanges. The fundamentals of business process reengineering, postulated in the early 1990s by Tom Davenport, Michael Hammer, and others, are perhaps even more relevant with mobility because one of the fundamentals is to start with the customer experience and work backward to envision how the customer experience might be improved.
Tom Conophy of IHG observes that “a perfect storm” of new capabilities is converging. The example of D7 Consulting described in the article, “Turning handheld power into enterprise clout,” on page 06 underscores how nagging process bottlenecks finally can be alleviated with the help of the current generation of smartphones and tablets.
In contrast with an R&D effort, which is more about sourcing product line innovation, business process improvement implies a strategic focus on any potential enablers of that improvement, as Figure 2 illustrates. Procurement of the devices, by contrast with the other two activities, would seem to be straightforward. The value a CIO adds will come from considering each of these elements in conjunction with the others. Much depends on a holistic approach to the resources that are available—not just what the enterprise owns or can procure, but a broad view of the capabilities employees bring with them, and how those capabilities can lead to IT as a “competitive differentiator,” in the words of Srini Koushik, CTO of Nationwide.
The CIO’s leadership of mobility entails simultaneous focus in co-dependent areas:
Redesigning business processes; customer-facing processes are a first priority
Establishing R&D centers for in-house development of leading applications
Reducing procurement barriers to device adoption; this is clear CIO leadership territory
Provide new infrastructure and skills
Mobility requires some new skills in the organization and changes to the basic infrastructure. Even when ideas and applications are developed in a grassroots lab, the CIO and IT organization will be responsible for integrating the innovations into the IT infrastructure. While the specifics will vary by organization and its legacy, some important new elements must be addressed.
There are two fundamental integration issues for enterprise mobility. The first is browser capability or enabling the mobile device for the same screens that appear on the laptop or desktop. The second is to use the capabilities native to the device to augment previous applications or new ones. Under the CIO’s leadership, the technology plans for each must be inherent in IT strategy and budgets. Knowledge of the emergent technologies is essential to develop a coherent plan; developing or hiring those with that knowledge is the CIO’s responsibility.
Specific skill sets, of course, are important. Because HTML5 is likely to be crucial to mobility, it would be wise to have at least a few people in your IT organization acquire or update those skills. This is also a time for CIOs to update their portfolio of vendors. The IT organization needs to lead in researching, identifying, and contracting with providers that will be the future suppliers of choice.
A related challenge is modification at the front end to integrate devices with enterprise applications and data in the current architecture. Many of the executives interviewed for this issue of the Technology Forecast suggested they would handle this integration through the cloud, provisioned internally or externally. Mobility could become the tipping point that encourages the use of cloud services.
Another critical issue is mobility security, which requires a rigorous approach to asset management. For example, to know which devices are being used by whom and to be able to update the information, IT must monitor device activity and manage the contents of the devices. As Figure 3 illustrates, the current generation of smartphones makes good use of the security model that evolved during the e-mail messaging generation.
Technology has followed a cyclical pattern three times with enterprise mobility. Each time, the technology arrives and enterprise adoption lags while the enterprise voices security concerns. Then vendors address the concerns. In the case of third generation application-centric phones, good security is becoming available and should be broadly adopted soon.
During interviews with PwC, many CIOs indicated that a major enabling factor to mobility is the ability to wipe devices of content if they are lost or stolen, which most smartphone platforms now support. The IT organization needs to choose the tools to do that and be able to respond immediately when it is required. (The article, “Mobile technology’s journey from peril to promise,” on page 20 explores the security issue in greater depth.)
IT leaders have two new security approaches to mobile devices:
The capability to restrict mobile device information and network access; devices configured with a unique IP address have a distinct ID.
The capability to remotely wipe and completely clear any device lost, stolen, or compromised.
So, while enterprises can allow some flexibility in the choice of devices, any device must comply with the security standards. As Todd Schofield of Standard Chartered states, “We use unique digital certificates for access to the VPN [virtual private network] as well as to the wireless itself. Based on the unique serial number of my iPhone, a certificate is generated for me that restricts access to data and applications.”
The cost of wireless communications will be another challenge. Many cell phone users have experienced the nasty surprise of an unexpectedly large phone bill. That problem was eventually addressed through fixedprice plans and by negotiating attractive rates from carriers. PwC research indicates awareness of this issue and some early discussion with telecommunications carriers, which are offering no new programs yet.
“Telecom is going to be an issue for all of us. We see that the unlimited is going away,” Herrmann says. The best approach may be to begin service contract discussions with carriers now and to ensure that users have access to their usage costs. In the meantime, to provide a direct incentive for cost control, many companies are reimbursing employees a fixed or capped rate for smartphone communications usage.
Besides working with carriers, some enterprises are preparing internal facilities to accommodate a broader use of wireless within the enterprise, which can help control costs. “We are building Wi-Fi networks in our major offices, so that if I got to Hong Kong or London or Shanghai, or wherever, my iPhone will see that [a wireless network is available] and it will transfer me from roaming on a 3G network. It will move me over and make my data connection go through wireless Internet, so now I’m not roaming anymore,” Schofield says.
Another big challenge is to provision more robust input and output capabilities than are possible with the mobile device itself; for example, the ability to input or output large amounts of data, especially from spreadsheets and presentations. This challenge relates to the wireless telecommunications challenge, but is internal to the enterprise.
Apple enabled wireless printing capability for the iPhone and iPad in its iOS 4.2 update in November 2010. More such features are coming from mobile vendors themselves, although the internal IT organization can do a great deal to prepare and enable this capability by choosing display and printing facilities that work wirelessly. Once this input/output piece is addressed, the “mobile mainframe” is in the hands of the users.
Conclusion: The mobility imperative
Timing may differ by organization, but eventually mobility will play a significant part of any enterprise information services—both internally to the organization and externally to customers. Some people see the opportunity to create a specialty position: chief information mobility officer.
In some organizations, CIOs have decided to free themselves from their current responsibilities and focus on enterprise mobility and new IT strategies. To a CIO, mobility at this stage can be frustrating. It may seem a contradiction to lower costs and improve security and controls while simultaneously encouraging the innovation mobility can provide. In one organization, the CIO named himself the chief technology officer and appointed someone else to be the CIO. Patience and a balanced control approach would be the main attributes of the IT leader of mobility, because the rewards will come.
The CIO has an opportunity to lead; otherwise, someone else will. Enterprise mobility is either the next CIO leadership opportunity, or the next missed opportunity.
¹ See http://www.pwc.com/us/en/technology-innovation-center/cio-operations-strategysourcing- budget.jhtml.
² See the interview with Tom Conophy on page 16.
³ See the interview with Srini Koushik on page 44. 4 The closest the US Supreme Court has come is its unanimous decision in Ontario vs. Quon, in June 2010, involving the privacy of the personal use of an employer-issued digital pager. For many reasons, not least of which is the majority opinion stating the ruling was narrowly based on the particulars of the case, the issue of data privacy in mobile devices still appears to be wide open. For more on the case, see http://www. supremecourt.gov/opinions/09pdf/08-1332.pdf and http://www.nytimes.com/2010/06/18/us/18scotus.html, accessed November 2, 2010.