Milja's Mobile Musings

In my last blog I started a new series on setting the stage for a mobility center of excellence. Now we’ll talk a bit more about what a center of excellence is and some key dimensions of them. This information is based on a whitepaper written by SAP’s Vishy Gopalakrishnan. Vishy works with Global 1000 customers to develop and deliver on their mobility strategy. He is also a co-author ‘Work Goes Mobile” (Wiley, 2006). If you are interested in more detail on this topic, I encourage you to join Vishy and Mike Golz, SAP’s CIO of the Americas, as they discuss this topic in a webinar on December 1st. We’ll also send you the whitepaper when it is available.

Now, getting to our topic… What is a Mobility Center of Excellence? To make typing easier, I’ll shorten this to MCoE going forward. Vishy defines an MCoE as ‘an attempt to coalesce around a set of principles for an effective and efficient use of mobility across the entire enterprise’. The goal is to capturing learnings, best practices, and reference architectures from mobility projects within your company. Of course collecting is one thing – but the ultimate goal is to accelerate the adoption of mobility within your company.

A Mobility Center of Excellence can facilitate success by:

• Leveraging existing IT processes (standards, governance) and people;
• Defining standards, vendor and technology selection and security policies relevant to mobility;
• Acting as the trusted advisor to the line of business leaders;
• Reviewing, evaluating and approving mobility projects;
• During implementation, providing technology expertise to the business, authoring best practices, facilitating training and technical support;
• Post deployment, offering thought leadership, consulting on mobile technology, and providing metrics reporting and support.

If you think that this kind of approach makes sense for your business, it important to next understand how mature your company is in mobility. Everyone reading this is probably at different stages of mobility adoption and maturity. Regardless or where you are in terms of comfort and expertise, a mobility CoE has three dimensions to consider; scope, organization and governance. We’ll introduce the areas here and talk more about them in the next blog and in the webinar.

Scope: As a first order of business, you need to define the scope and the charter of the Mobility CoE. This is an essential element to grounding the MCoE for everything it does going forward. We recommend that you answer the following questions to help define the scope of your MCoE.

• What is the core function of the MCoE?
• How broad is the span of mobility capabilities that the MCoE covers?
• How will the MCoE interface with your existing IT organization?

Organization: Once the scope for the MCoE has been defined, the next element to review is the underlying organizational structure and associated ways of working. This starts with securing buy-in from major stakeholders across the organization. Since mobility has an impact across most of the organization, it is important to get sponsorship from senior and influential individuals across business and IT for the MCoE. The next steps are to outline the key roles and reporting structure and finding the right person to lead the CoE.

Governance: This element of the MCoE defines the ground rules for its operations, the funding model, the mechanism by which decisions are made, the criteria used to track its ongoing effectiveness, and the process for communicating key decisions and milestones to its stakeholders

These three areas will form the basis for what your CoE becomes and will evolve to. I encourage you to register for the live webinar to dive into this topic in more detail and to ask questions of Vishy and Mike Golz. Registration is available and the whitepaper will be available soon.

As mobility adoption across the enterprise continues at a rapid pace, IT organizations are trying to deal with many challenges that are unique to mobility. We are often asked to share recommendations on how companies can structure their business to support this environment. This is the next topic that we are exploring in the Mobile Sense series; specifically we’ll talk about Best Practices for Setting up a Mobility Center of Excellence. A whitepaper was written on this topic by SAP mobility expert Vishy Gopalakrishnan. A webinar on is being held on Thursday December 1st from 1-2pm eastern and registration is now available.

To get started on this topic, first we should explore some of the unique pressures that mobility is placing on enterprise IT departments. In future blogs, we’ll dive deeper into specific recommendations.

• There is an unprecedented rate of change across the ecosystem – The pace of change in innovation and technology in mobility is faster than other IT areas. This rapid pace of change results in the need for greater alignment between lines of business and IT on mobility initiatives, to prevent duplication of effort.
• Mobility has the potential to be applicable across the entire organization – Mobile devices are everywhere and being used by everyone from true road warriors to information works and well beyond. This pervasiveness creates opportunities to make employees more productive, to engage with customers in a more targeted and deep way, and to collaborate with partners in a streamlined fashion. IT needs to be ready to meet a diverse set of requirements while being agile to meet these needs in a timely manner.
• End user expectations of delivery lifecycles are significantly different – As consumers ourselves, we are used to the relatively smooth and easy process of downloading and using mobile apps from the various app stores. This experience has conditioned people to expect a relatively rapid application development (and enhancement) timeline, without compromising on the quality and user experience of the application.
• There are implications for security – Enterprise IT needs to put in place the appropriate infrastructure, processes, and organization to ensure it can get the desired visibility and control across the lifecycle of these mobile assets (devices, users, and applications). The blurring of lines between professional and personal devices leads to diversity and complexity, as well as data security considerations. IT needs a robust set of tools that automate as much as possible the operational complexities of a mobile infrastructure and still provide actionable insights to deal with issues and exceptions as needed.

Now that we understand the context of today’s mobile environment, we can next look at what a Mobility Center of Excellence actually is. In essence, it is an attempt to coalesce around a set of principles—organizational and architectural—for an effective and efficient use of mobility across the entire enterprise. I’ll dive deeper into Vishy’s opinions on this topic in the next blog. For now, don’t forget to register for the webinar. You’ll also receive a copy of the whitepaper when you register.

Knowing what devices actually on your network should be at the top of your mobile checklist. I’ve heard many stories of companies who took this first step and quickly found out that many devices were accessing corporate data without permission. In fact in one case, over 1,200 smart devices were gaining unauthorized access to the company’s enterprise email servers. That’s a little bit scary… but it should be a wake up call to many that knowing exactly what physical devices are on your network is critical.

Once you have a handle on assets, you need to determine how to authorize devices and provision them for particular capabilities on the network. For example, define exactly what sorts of devices you want to permit. You may narrow this down by platform such as iOS, BlackBerry, Android and Windows Mobile are approved, but another list is not.

Next up is to ensure that these devices follow corporate security policy. This might involve requiring authentication from the handheld in order to send and receive email, access corporate databases, or run approved applications.

For personally owned devices, your policy may dictate that you treat these devices differently than corporate owned devices. You may choose to block users with certain devices to not access particular data or applications (eg. block access to Android 2.0 or 2.1 devices, and grant it to Android 2.2 or later devices).

Another key aspect of mobile governance is giving users the ability to take care of a lot of tasks themselves, freeing up IT. Allowing employees to set up or troubleshoot their own devices, giving them self-diagnostic tools and directing them to where they can access management information and applications.

Without a solid mobile governance strategy in place, companies run the risk of exposing sensitive corporate data, spending time and energy on ad hoc management of devices, and creating a climate where users don’t feel trusted or empowered to work how they want to and where.

By creating a solid policy that clearly defines the rules of the game and making sure everyone from upper management and down complies with them fully will ensure that organizations enjoy the best of mobility – efficiency, flexibility and productivity – without the headache of security breaches, device loss, or worse.

For a mobile revolution to occur, IT first has to allow enterprise data to exist on the device in a secure manner. We’ve talked about the invasion of smart devices in the enterprise. Now, as more users bring personally owned smartphones and tablets to work, IT is suddenly faced with the need to come up with a governance plan for mobile.

With this rapid adoption of smart devices, it is becoming very important for companies to define their mobile policies. Those who don’t embrace and support smart devices may run into many issues that can hinder workplace productivity. Those who do should implement a mobility governance strategy to increase success.

IT departments are certainly used to creating and enforcing rules and regulations. They are experts at enforcing policies that cover everything from how often users need to change their passwords to what software needs to be installed on each computer. In any computing environment, these policies are absolutely critical to protect the physical network and ensure that intellectual property remains secure.

But IT departments often overlook — even deny — information access to mobile devices. Instead of denying access, you should instead be proactive about managing smartphones, tablets, and other handheld devices throughout their lifecycle, from activation out of the box all the way through to when they are taken out of production.

If you think of mobile governance as a strategic initiative within your organization, it will be more likely be accepted and followed. A critical first step is to document and publicize policies to all groups of mobile workers. Depending on their role within the organization, each of these groups will likely have different requirements when it comes to mobile communications – keep in mind up front that one size does not fit all.

Companies need to clearly document and publicize policies for each unique user group. These policies should be given directly to employees, who should then have a chance to review them.

Alongside user education, it’s critical to have the technology to back up the policy governing mobile devices on the network. Consider deploying an enterprise mobility management solution that extends existing corporate IT policies out to handheld devices. This platform, such as SAP Afaria, should support a variety of devices (most importantly today iPhone, iPad and Android) and allow you to see what’s on the network and ensure mobile devices are in compliance with policy.

Unless you’ve been hiding under a rock lately, you probably aren’t surprised that smart devices including smartphones and tablets have invaded the enterprise over the past 18 months. According to recent Aberdeen Group research (March 2011), 82% of companies currently have smartphones accessing their WLAN – and 99% of them plan to in the next 12 months. When it comes to tablets the numbers are equally as impressive – 75% currently allow access and 94% plan to in the next 12 months.

These numbers are staggering considering that media tablets only came on the market exactly 12 months ago. This forecast is just shy of 100% of enterprises expecting to support smartphones and tablets in the next year — I think this certainly qualifies as an ‘invasion’.

We talk to an incredible array of large and small enterprises who are trying to figure out exactly how to manage this ‘invasion’ successfully. The consensus is that this is not a trend or a fad – it is driving a fundamental change in the way businesses operate. Mobility is a core component of leading companies’ strategy – and it is helping them get ahead of their competition.

So, that begs the question ‘what are these companies doing about it’? I’ve seen two distinct ‘camps’ in how companies are approaching mobility today. The first camp seems to want to start by gaining control over the device invasion – they are wrapping their arms around security and policy enforcement of mobile devices. They see this as a necessary first step to deal with the immediate need of getting devices on the network and secured. Often this is driven by the BYOD model where employees are demanding access to corporate email from their personal devices. Once devices are securely onboarded, this camp swiftly realizes that mobility is about much more than access to email – they rapidly look for and deploy mobile applications to improve business productivity.

The second camp seems to take a broader strategy up front. They are investing in mobility with the expectation that it will transform their business. They are fundamentally looking at smart devices to change how work gets done. They know that mobility is all about the Apps, and they seek company-wide input on an application strategy that will fundamentally change their business. And, of course they build security into their plans as well.

Both strategies are excellent approaches to gaining control of the invasion and will ultimately end up with the same result – business transformed by the power of mobility. The most important consideration is not to wait. Because mobility isn’t going away.

Years ago when you were a mobile sales rep, you started a new job and on your first day, you were given a badge and a company car. The company owned the car, but you drove it for work purposes. The rules of engagement were pretty clear in terms of who paid for what. If you blew a tire, cracked the windshield or simply filled up the tank, the company usually paid for it.

Over the years many companies changed their policies and require employees to use their personal vehicles for work purposes. The game changed significantly – you were given a monthly stipend to cover the cost of repairs, gas, and more. If you cracked the windshield you were the one on the hook for the repairs.

In order to avoid insurance and legal nightmares, both of these options required companies to clearly define policies around use of the vehicle.

Switch gears now to the world of enterprise mobility. Five years ago, you started a new job and on your first day, you got a badge and a company-issued mobile phone. There were clear rules around what the phone was for, who paid the bill and what acceptable use was.

Now, just as the company car concept has slowly disappeared, so too has the corporate owned smartphone. Recent statistics indicate that as high as 60% of enterprises enable their users to bring in personally owned devices to access corporate data. And this number seems to be constantly growing.

Just like business use of a personal car, the concept of a mobile computing policy sounds natural. However, many companies have no mobile computing policies in place, nor do they have them clearly defined for separate corporate owned or personally-owned models.

A ‘getting started’ approach for some IT organizations has been to treat both ownership models the same by simply locking devices down. While this may have worked to some degree, it doesn’t truly address the unique requirements of different user types. People want to bring their personal devices to work. They want to use them, and they want access to corporate data.

What most companies need is a mobile device management strategy and a solution like SAP Afaria to help separate corporate data from personal data on both personally owned and corporate owned devices