Enterprise mobility is driven by the need for seamless access to information anytime, anywhere and from any device. However, mobility has far-reaching effects on the enterprise in areas such as security risk, use policies, manageability and governance. This three-part series on enterprise mobility trends discusses mobility drivers, risks and mobility governance issues and examines how workforce demographics can affect enterprise mobility.
Anytime, anywhere, any device
One of the biggest drivers for enterprise mobility is the need for seamless access to information. Employees have grown accustomed to having ubiquitous information access in their personal lives and expect the same in their professional lives. In the past, employees would try to compartmentalize their personal and work lives in order to protect their personal time from job encroachment. Now, the opposite is true. Many employees move seamlessly between work and personal life and expect that their employers will support this new work paradigm.
Some enterprises struggle to create a business case that quantifies productivity gains and calculates a return on investment for mobility technology. This is very difficult to do, however, and most enterprises simply accept the idea that mobility results in productivity improvement. For many employees, a mobile work environment is now an expectation, analogous to the expectation that their employer will provide a local area network and Internet access. Therefore, many enterprises often deploy mobility technology without any up-front justification or global planning.
The most profound risk to enterprise mobility is data leakage on mobile devices. Once a user transfers sensitive data to a mobile device, that data can be compromised if the device is lost or stolen, or the data is transferred to another device. This concern is exacerbated by the fact that the design of most mobile devices is driven by the needs of consumers rather than businesses and therefore is often unsuitable for the enterprise. Lastly, the mobile device has become the new network perimeter, so enterprises can no longer simply rely upon firewalls in order to lock down their sensitive information.
Some organizations have a policy that requires users to encrypt sensitive data on a laptop hard drive, but few organizations encrypt sensitive data stored on handheld devices. This means that sensitive data on a handheld is often more vulnerable to theft. In the event of a lost or stolen mobile device, many enterprises will remotely "wipe" the device, thereby removing sensitive information. Some vendors, such as Research In Motion (RIM), enable the IT manager to remotely disable the mobile device and restore it to factory defaults. Some enterprises have invested in technology to find lost or stolen laptops, such as Computrace's LoJack for Laptops product.
Many organizations encrypt sensitive information that is transmitted between the mobile device and enterprise servers by using virtual private network (VPN) technology. This "in transit" encryption is typically performed while users communicate on the road or at home. A few organizations even enforce the use of VPNs while users communicate over the office wireless LAN (WLAN).
Although many organizations enforce the use of two-factor authentication on laptops, handheld authentication policies lag behind laptop authentication policies. For example, many organizations require a simple four-digit personal identification number (PIN), or no password at all. If a handheld device does not have a password and is lost or stolen, any sensitive data stored on it is easily accessible. The small size of handheld devices makes it easy for them to fall out of a pocket or purse and thus to become a security risk.
Data leakage on mobile devices is a major risk for almost every enterprise. Unfortunately, handheld security policies often lag behind similar laptop security policies. This can result in security breaches and increased legal liability. Enterprises must carefully evaluate their risk tolerance and then secure sensitive information before granting mobile device access privileges to users.
Mobile policies and governance
Mobility governance refers to the people, processes and policies associated with mobility deployment within the enterprise. With few exceptions, enterprise mobility deployment is reactive and tactical. The lack of a corporate mobility strategy results in the deployment of incompatible point solutions, coordination issues and inconsistent policies.
In addition, most enterprises have no coordinated approach to mobility funding. This includes decisions to deploy a wireless LAN, purchase mobile devices, and select mobile cellular service plans. Some managers demand that business case analysis be applied to the decision-making process for such things as wireless deployment and social networking implementation. IT managers often express frustration over the difficulty of developing a business case for mobility products and services. Other managers go to the other extreme and simply mandate mobility technology deployment without any upfront analysis.
Personal-use policies on handheld devices often vary widely. Some enterprises prohibit personal calls, forcing employees to carry two phones -- one for business use, the other for personal calls. Others allow personal phone calls only if employees do not exceed their minutes-of-use plan. Some enterprises have a "no text messaging" policy, although it is unclear how that policy can be enforced if the employee owns the phone.
Similarly, handheld ownership policies vary widely. Most enterprises allow only company-owned devices to access the network. Some allow personal laptops to access the network when using an enterprise-provided USB key that contains an approved bootable image.
Enterprises often struggle to balance the needs of IT staff to secure and manage mobile devices with the desire of employees to use mobile devices whenever and wherever they want. Some organizations opt for a laissez-faire approach that provides users with broad device usage and ownership flexibility. However, this approach often exposes the enterprise to inordinate security and legal risk. Alternatively, concerns over insufficient mobility security and management, coupled with the lack of coherent mobility governance, cause many IT organizations to simply reject user demands for greater mobility solutions. This approach can lead users to find ways to bypass the IT staff and enterprise policies.
Some enterprises are using the Information Technology Infrastructure Library (ITIL) for mobility service management. ITIL is a widely adopted framework for IT service management. ITIL can help organizations create a mobility strategy, personal-use policies, security best practices, and funding procedures.
Enterprises should consider the following recommendations:
- Embrace mobility as a strategic initiative rather than simply a technology purchase decision.
- Consider applying the ITIL concepts and policies to the challenge of enterprise mobility.
- Consistently adhere to security best practices, and avoid making exceptions to security policies.
Enterprises often deploy mobility in an ad hoc, department-by-department fashion, in much the same way that local area network technology was deployed in the mid-1980s. Such an approach results in coordination issues, incompatible point solutions, inconsistent policies, increased security risk, and costly mistakes. Enterprises can avoid many of these problems if they embrace mobility as a strategic initiative, consider applying ITIL concepts, and consistently adhere to security best practices.
Today's mobile workforce
This third and final section of our series discusses how workforce demographics can affect enterprise mobility.
Mobility generational gap
Younger workers are pushing many enterprises to embrace mobility solutions. These younger workers are often referred to as Gen-Y, but as there is no precise definition for the Gen-Y cohort, I simply use the term "younger workers" in this section. Younger workers prefer instant/text messaging instead of email, and they frequently use social networking services like Facebook, MySpace and Friendster. They often prefer to use personal, consumer-oriented devices (both laptops and mobile devices) in the work environment, and they adapt quickly to new technology.
Face-Off - Do you really have the right to expect privacy on the Internet?
Dave McMahon and Margaret Rouse take sides on whether or not employees have the right to expect privacy on social networking sites. Privacy, the Internet and the workplace — should boundaries exist?
In contrast, enterprises often describe their older workers as slow to accept mobility solutions and reliant almost entirely on voice communications and email. These workers often don't see the benefit of instant messaging and social networking. Interestingly, older workers are often in positions of authority and control staffing and budget, and they can therefore greatly influence mobility policy.
These different points of view between younger and older workers have created a mobility generational gap. Older workers sometimes see younger workers as being "spoiled" or "entitled." Conversely, younger workers sometimes see older workers as a barrier to progress.
The widening gap
Enterprises should recognize the fact that a mobility generational gap can exist even between groups of younger workers where there is as little as five years difference in age. This is because the Internet, mobile cellular services, mobile devices, social networking, wireless technology, and online usage norms have evolved rapidly over the last five to 10 years. This can lead to a situation where some workers become "mobility laggards" while an advanced group of workers become "mobility leaders."
It is not surprising that younger workers are more likely to take advantage of mobile services -- they grew up in a world of pervasive mobile communication. It is interesting, however, to see the degree to which age-based differences in mobility usage, proficiency and expectations can create problems within the enterprise. In my discussions with enterprises, I sense frustration and even shielded animosity that some employees feel toward their co-workers.
Two distinct groups characterize the mobility generational gap. One group is comfortable with mobile technology and uses it to integrate work and personal life. The other group is less comfortable with the technology and tends to compartmentalize work and personal life. As more mobile-savvy younger workers enter the workforce, the mobility generational gap will widen. As it widens, both groups may become more disconnected and distrusting of each other.
Enterprises should consider the following recommendations:
- Recognize the extent to which a mobility generational gap exists in the workplace, and then put in place programs such as mobility training to help employees become proficient with mobile technology and services.
- Rethink device-use policies and take into consideration the expectations of younger workers for ubiquitous information access, collaboration services, and personal device usage within the enterprise.
- Learn to manage and secure sensitive data on personal, consumer-oriented devices. Carefully evaluate risk tolerance for each consumer device under consideration.
Many enterprises are concerned that they will not be able to recruit and retain younger workers unless they provide enterprise-wide mobility solutions. But the differing attitudes of younger and older workers toward mobility usage have created a mobility generational gap. Enterprises should recognize the extent to which a mobility generational gap exists in the workplace and then put programs and policies in place to help employees become proficient with mobile technology and services.
About the author: Paul DeBeasi is a senior analyst at the Burton Group and has more than 25 years of experience in the networking industry. Before joining the Burton Group, Paul founded ClearChoice Advisors, a wireless consulting firm, and was the VP of product marketing at Legra Systems, a wireless-switch innovator. Prior to Legra, he was the VP of product marketing at startups IPHighway and ONEX Communications and was also the frame relay product line manager for Cascade Communications. Paul began his career developing networking systems as a senior engineer at Bell Laboratories, Prime Computer and Chipcom Corp. He holds a BS degree in systems engineering from Boston University and a master of engineering degree in electrical engineering from Cornell University.
Paul is a well-known conference speaker and has spoken at many events, among them Interop, Next Generation Networks, Wi-Fi Planet and Internet Telephony.