The entire corporate IT world has been discussing BYOD (bring your own device) for several years now. With the introduction of the iPhone and more recently the iPad and usable Android devices, the challenge is clearly being presented to every enterprise. It seems there are endless blog or forum postings asking “what should I do?” when it comes to IT governance and which Mobile Device Management (MDM) or Mobile Application Management (MAM) service should I use in my respective organization? As a result, there is a “feature war” happening amongst the vendors to talk about why their approach and solution is “best”.
There are several analyst reports that have been recently published that do a great job of laying the foundation of the strengths and weaknesses of each one. Our human tendencies are to read through all the tables and charts and to just pick the one that has the most boxes checked and has a large installed base. While this may seem like a safe route to go down, I would suggest that this is a recipe for disaster!
The proliferation of mobile devices in the enterprise didn’t happen as a result of diligent planning by the IT organization, but instead was the largely emotional decision of the employee (consumer). IT is now placed in the position to manage and secure this wide range of devices showing up on our corporate networks. We need to think carefully about the implications of our overall governance model before charging down a path largely defined by an application/service’s features. If we think back to our corporate ERP systems, we can see many examples of failed implementations and significant amounts of wasted resources and funds. Many enterprises charged down the ERP selection process with spreadsheets and feature comparisons, deciding that it would be easier to change our internal workflows and policies than to slow down implementations. We don’t want to make that mistake again. So, how should we think about defining our mobile governance model?
I would propose that you START with your company culture, or the culture your senior management would like the company to have. I know that sounds very touchy-feely, but bear with me a minute. Two things are already understood – employees love their mobile devices because of the access to information they have through their apps and they already know what the company culture is like (be it highly flexible or more controlling). The employees already have an expectation based on the company culture. If you define a mobile governance model that mirrors that culture, you will be much more successful in explaining, deploying and enforcing it. Here is a high-level outline of criteria your could consider in exploring your corporate culture as it relates to defining your mobile governance model:
- How do we communicate internally (written memos, email, intranet, blog, etc)?
- Do we communicate top down, within a trusted management group or encourage interaction at all levels of the organization?
- Take a look at expense reporting policies. They are a great indicator of how the company entrusts employees. Are they somewhat rigid or provide employee discretion?
- What groups of users exist amongst our employees (sales, engineering, marketing, finance, etc)?
- Who has access to what company private information today?
One of the big mistakes that have been well documented by the early pioneers of mobile governance is that they began with the devices themselves. This is where the implications of BYOD for mobile devices has been such a huge deviation from corporate provided hardware. It is easy to start with an evaluation of hardware devices, pick one and then tell every employee that is the one that the corporation is going to provide you with. In the mobile device world, the one thing we can be assured of is CHANGE. The governance model you define should be data driven (or at least application driven) and not device or platform driven. We all are well aware of the shift from Windows CE/Blackberry to iPhone/iPad and Android dominance in the enterprise. We have to define a model that characterizes the data and applications we are using, NOT the device.
By gaining an understanding of your corporate culture FIRST, you can then prioritize the features that you need in your MDM/MAM service. If you determine that your first priority is to protect individual corporate applications or data sources, it becomes much easier to open up a flexible environment for the employee that permits them to maintain the usefulness of their mobile device for non-work purposes while protecting the corporate assets they have access to.
It is my hope that you have gained a new perspective in approaching mobile governance models. I appreciate your feedback!