This blog post is contributed by Jungun Cho, a member of the IBM Global Technology Services Workplace Architecture team within the IBM Mobility Center of Competency.
In “2013: The year of the snake and the year of mobile!” I explained the importance of becoming a mobile enterprise. In this series I will explain how
to do so, beginning with development of a mobile strategy and policies,
as well as the education of employees to overcome barriers to the use
of mobile devices.
Start with strategy
Many companies hastily start their environment conversion (for
example, implementing Bring Your Own Device [BYOD]) by activating email
features on smartphones and tablets, and then thinking about what they
can apply next. I don’t recommend this; a CIO organization should first
set up a long-term roadmap and then choose the proper security level in
order to minimize investment cost and carry out a successful project
that satisfies everybody.
Working with personal mobile devices is completely different from
working in the traditional work environment, and it’s accompanied by
lots of security and legal issues. First, enterprises need to
sufficiently consider how to support working with mobile devices. In
particular, privacy and license issues are very sensitive in a BYOD
environment and you should operate BYOD services only after you provide
proper education and warnings. (And, of course, you should bring in
solutions to minimize security risks.)
Every corporation has guidelines and standards for its operation.
Before considering technical matters, the CIO and legal team should
revise these policy documents in order to implement mobile enterprise.
For years IBM has been continuously revising its business conduct
guidelines and security standards in accordance with the currents of the
times—consumerization and a mobile environment.
I’ve observed a company in Korea that has been preparing to convert
itself into a mobile enterprise and now has all necessary technical
infrastructure in-house. However, only a few persons are able to use the
infrastructure outside of the company, as its internal regulations
strictly prohibit information leakage. Because the company started its
conversion without properly establishing policy, this might cause a
waste of investment.
Educate your workforce
I also cannot overemphasize the importance of overcoming cultural and
generational barriers with proper training for users. Here is an
example from my experience. In 2011, I expected employees of IBM Korea
to be happy when I planned to provide email, calendar and contacts
features for their smart devices, including non-BlackBerry devices such
as iOS and Android devices. It seemed to be a reasonable expectation,
since the pilot program had shown that the satisfaction rate of most
employees was encouragingly high.
Like now in 2013, in 2011 Korea was one of the top countries in terms
of smartphone ownership rates under the influence of Samsung
Electronics, one of the biggest mobile producers in the world. IBM Korea
employees’ smartphone usage rate was almost 80 percent when the email
service for smart devices was provided in IBM Korea. WiFi and WiMAX
services were almost everywhere, and all wireless data services
including tethering service were provided without limit. However, to my
surprise, the usage rate of mobile email service remained around 50
percent after three months, and I had a hard time increasing users in
order to meet return on investment (ROI).
What should’ve been done to successfully convert IBM Korea into a
mobile enterprise? What caused this situation? The reasons I’ve found
- Compulsory usage of eight-digit passwords for device security
- Concerns over possible increase of working time, which might raise concerns over work-life balance
- Some employees’ refusal to adapt themselves to new devices
Let’s look into each one of these problems. First, an eight-digit
password and storage encryption are essential requirements for
protecting a company’s information if a mobile device is lost; these
should be enforced right away. However, many employees just give up
using company email because of the inconvenience of entering the
eight-digit password every time. This inconvenience can be reduced by a containerization
technique, which asks users to enter their passwords only for using the
company applications. IBM is still pilot-testing this technique, and
users’ feedback is very positive.
Second, peculiar cultural characteristics might cause concerns over
working time increase and work-life balance. In some Asian countries,
strict respect for seniors is expected, and there is pressure upon
employees to carry out their seniors’ requests any time and right away.
The management was pleased when email services were enabled on mobile
devices, but many employees did not ask for the email service because
they felt pressure to check email all the time and work around the
This problem can cause labor-management conflicts in companies or
countries where overtime compensation is strictly calculated and paid.
To prevent this, “A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs,”
written by the US Digital Services Advisory Group and Federal Chief
Information Officers Council, recommends that a company should discuss
the BYOD program with a joint labor-management conference (or a labor
union) from the beginning and operate the program together. There must
be a shared understanding that the conversion into mobile enterprise
should be considered from the perspective of employees’ efficient
working environment, instead of the perspective of a company’s profits,
and that it can actually help work-life balance, as against the
prejudices of lots of employees.
It’s a misjudgment that everyone who has a smartphone naturally uses
Twitter, runs a blog and uses social apps as well. I’ve seen many people
who don’t know how to tweet and think that it’s enough to use camera,
texting and navigation features. They find it hard to install and use
email service, and cannot use even the half of the email service
features. So some workers simply don’t want to adapt to a mobile
Effective ways to change this passive attitude and overall
environment in a company include training, active engagement of top
management and utilization of social tools by way of internal
IBM is using its own social tool named IBM Connections
for communication between management and employees, which facilitates
active responses and prompt feedback from anywhere in the world. Some
people are more active in using social tools than they would be in
public, and the participation of employees was highly improved when
management took the lead in using social tools.
The first step for a social tools–friendly environment is to train
employees. Just as extensive training was provided for employees when
converting into a Windows-based environment, trainings for using social
tools and collaboration tools should be provided to employees—especially
for senior-level workers and non-technical workers. Virtual education
can be useful. And this should include non-functional trainings such as
social tool usage etiquette and social guidelines.
A prerequisite for a successful mobile enterprise is that a large
number of employees utilize social tools. When seniors with accumulated
knowledge actively participate in socializing and sharing their
knowledge, more people will participate and a true synergy will be
Stay tuned for future installments in my series, “How to be a successful mobile enterprise.” Junggun Cho helps oversee security, network and mobility areas in Korea BT/IT. She is also an IBM Redbooks thought leader. Follow Junggun on Twitter at @junggun_cho.
This blog post is contributed by Gregg Smith, a member of the IBM Global Technology Services Workplace Architecture team within the IBM Mobility Center of Competency.
If your organization finds itself stuck with an enterprise mobility strategy
that hasn’t kept up with the times or doesn’t embrace the idea of Bring Your Own Device (BYOD)
all is not lost. With just a few steps, your organization can align
their strategy against the ever-changing mobility needs of the modern
Step 1: Document your current environment
The good news is that you may have already
documented your current environment. It’s an important step in
developing your strategy because you are going to want to compare what
you have today to the potential alternatives that you are going to lay
out in the next step. Including your current environment in the
comparison is important because you may discover that the strategy you
have in place today suits your organization just fine. If you are
looking for some tools that can be used to help you document your
current environment, IBM has a self assessment
tool that help you identify where you are today.
Step 2: Define your requirements
Start by developing a set must-haves and
nice-to-haves. Be sure to solicit the input of not only your C-suite but
also representatives from your business and user communities. Ensure
that not only technical requirements get documented. Non-functional
requirements like install-by dates and meeting financial objectives are
more than acceptable and should be included in your approach.
Once you have gathered all of the must-haves and nice-to-haves get
all your stakeholders back together to agree on them and then take the
important step: vote. Of course each of your different
stakeholders is going to have their own set of opinions of what is
important to the organization. Give each of your stakeholders a few
votes and let them put their votes toward the nice-to-haves that are
most important to them. Once your voting is done you are then left with a
list of must-haves and a prioritized list of nice-to-haves that your
whole organization can stand behind.
Step 3: Set and score your strategy options
There is probably a short list of less than a dozen strategy options
that your company has put on the table for the directions they can go
with their mobility strategy. Document each of those options now and begin the process of comparing them to your list of must-haves and nice-to-haves.
When doing the scoring, remember that if one of the strategy options
that you have laid out does not meet all of the must-have criteria then
that option needs to be ruled out. For example, if one of your
requirements is that the strategy must be in place within two months due
to an upcoming corporate merger, any of the options that would take
more than two months to implement shouldn’t be considered.
To score your nice-to-haves, begin by evaluating each strategy option
against each nice-to-have. Example: if option 2 does a superior job of
fulfilling a nice-to-haves on wireless networking you can score it a
five, but maybe another option just does an okay job, so maybe it would
get a three. The final step in scoring is to factor the weight/number of
votes each nice-to-have received against how that nice-to-have was
scored as performing against the option. The result is a net score for
each of your options, with the option that received the highest score
being the one that scored best against your nice-to-haves. If the
process of doing decision modeling like we explained here seems confusing to you, maybe this sample showing how to use this process to buy a new car will give you a different perspective.
Step 4: Compare the variances and map out your plan
All that is left for your organization to be on their path to a new mobility strategy
is to analyze the differences between where you are today and where the
decision model from step 3 directed you to go. You can generate a map
of the path you are going to take by documenting the high-level
activities that you need to complete along the way. As you eventually
add more detail into your map, project plans and detailed maps will
If this process sounds compelling but your organization doesn’t have
the time or energy to execute this right now, IBM can help. IBM MobileFirst Mobile Infrastructure Strategy and Planning can accelerate the deployment of a modern mobile strategy for BYOD or next generation devices.
Gregg Smith is a member of the IBM Global Technology Services Workplace Architecture team within the IBM Mobility Center of Competency. He is also an IBM Redbooks thought leader. Follow Gregg on Twitter at @greggasmith.
This blog post is contributed by David Judge, Technical Solutions Manager for Workplace and Mobile Enterprise Services.
Mobile strategy can be a complicated arena,
particularly when you actually begin to contemplate every element of the
organization that may be affected today or, more importantly, in the
future. Mobile is everywhere, and for the enterprise this obvious
principle has become very apparent. Strategy now spans well beyond
planning a Blackberry infrastructure for mobile email or a point
solution for enabling a mobile application. Mobile strategy
is now all of this and much more—from how you will maintain or
transition your Blackberry infrastructure, to satisfying your mobile
application requirements, to providing remote worker solutions
supporting multiple devices and multiple operating systems. It can be an
absolute minefield, and on top of this the expeditious mobile trends,
technologies and relative solutions are constantly changing! Indeed the
considerations for developing a mobile strategy are many, but here are
six that may apply to yours in 2013:
- Exercise control. It has been impossible to ignore
the Bring Your Own Device (BYOD) trend. Many organizations will be clear
on their BYOD policies and most likely have implemented some form of
control in terms of a mobile device management solution.
For those that have not and are considering the relative pros and cons,
you must understand that it is not just a technology choice. Deploying
the correct mix of HR policy, legal policy, technical control and
security is key to the successful adoption of any BYOD initiative.
- Mobile device management (MDM) is changing.
Implementing some form of traditional management of mobile device
security policies is an obvious necessity and is easily provided by any
of the mainstream MDM vendors. MDM is evolving and providing
capabilities far beyond policy management as mobile-focused vendors from
all disciplines (not just MDM) begin to take a piece of the mobile application management (MAM)
pie. This additional functionality typically supports tailored
application personas, enterprise application stores, integration and
control of document-sharing solutions and application wrappers that
control encryption, access privileges and secure data transmission.
- Solutions under lock and key. The security risks
posed by the implementation of mobile technology are indeed significant,
and careful thought and planning are needed to make sure all loopholes
are identified and secured. Mobile solution security comes in many forms, and organizations must give specific thought to:
If it moves, it’s mobile! Although
this can be true of any inanimate object in the world, for the
enterprise I am referring to the blurring line between desktop and
mobile strategy. The fact is, laptops running Windows (or any
traditional desktop operating system) are still mobile devices and must
be considered under the same guise as the iOS, Android and other
“mobile” operating systems you manage. This convergence of mobile and
desktop strategy is in answer to the increasing user requirement for
corporate network access on any device, anywhere, anytime (within reason
of course). The foundations of this unified approach can be facilitated
through technologies including desktop virtualization and traditional
desktop management tools such as IBM Endpoint Manager that now incorporate the ability to manage mobile and desktop operating systems.What’s new? The answer to this
question will probably introduce hundreds of new technologies and
three-letter acronyms that we need to learn alongside additional
operating system updates for iOS, Android and Windows Phone. On top of
this, we’ll see significant releases in Blackberry 10 and Windows
Embedded 8 in 2013. Whether you choose to utilize these technologies or
not is likely a consideration dependent on your incumbent technology.
Blackberry 10 will bring a new user experience, containerization in an
enhanced version of Blackberry Balance and the ability to manage
multiple mobile operating systems from the Blackberry Enterprise Server.
Windows Embedded 8 will begin to appear on ruggedized handhelds,
creating another platform for future task worker mobile application
solutions.See the bigger picture.Over the
years it has been all too easy to only deliver point solutions for
mobile applications that silo data, and then to eventually require some
kind of horrible integration project to try and report on the disparate
data stores that these types of solutions create. Of course, as mobile
applications grow within the enterprise, so too does the amount of data
and the need to try to aggregate that data into a “single pane of glass”
that enterprises so prevalently desire. Enter big data, analytics and the mobile application platform.
These three concepts are not just buzzwords; they represent
opportunities for the enterprise to finally take control of its
cross-platform mobile application development and data. This data can
then be used to support and pioneer any number of multilevel strategies
and key business initiatives.
- Providing solutions for secure remote enterprise network access from a variety of operating system platforms.
- Moving beyond device-level IPSec VPN for secure mobile device
communications, for example; application level SSL VPN or “VPN like”
- On-device endpoint protection including antimalware, antivirus
detection and on-device firewall (specifically if you are dealing with
- Device containerization in terms of only providing access to
corporate data from within secure containers installed on the mobile
device to provide data leakage prevention.
The considerations for a mobile strategy are always going to be relative to the challenges and opportunities you encounter within your enterprise. What is top priority for one is less so for another but the key is to make sure a consummate road map is constructed. IBM MobileFirst is ideally placed to help construct your strategy with a blend of services such as mobile infrastructure strategy and planning which can underpin the essence of your future mobile initiatives.
David Judge is a Technical Solutions Manager for Workplace and Mobile Enterprise Services and an IBM Redbooks Thought Leader. Follow David Judge on Twitter at @themobilejudge.
This blog post is contributed by Mohamed El-Refai, Executive Architect with GBS and the Chief Architect for China GDC.
With mobile enablement in the enterprise being a mandate and no
longer optional, the existing enterprise architecture practices we
developed for our complex enterprise solutions are being challenged.
In a typical enterprise architecture practice, the initial focus is
on the business strategy, and that usually drives the business process
transformation needs, which in sequence drive the IT strategy and the
required projects to support these business transformation needs.
But in the new mobile enablement paradigm, this changes. We now focus
mainly on how to make it easy for the user to access data instead of
focusing on business strategy. That is a major shift in the enterprise
architecture practices we have followed and enforced over the years.
It is very important for enterprises to notice this change early on
in their mobile enablement journey, as the current governance process
would dictate that every project maps to a business strategy and would
block any mobile enablement initiatives from progressing or would give
them a hard time.
The governance model you use needs to be adapted to mobile enablement
by validating the impact of productivity and measuring that against
specific business strategy initiatives, rather than trying to map the
proposed solution to the business strategy.
To phrase it in another way, the impact of mobile enablement initiatives needs to map back to the business strategy somehow.
But what if it doesn’t? Could it be that the enterprise doesn’t have a
complete business strategy, and some of these impacts resulting from
our new mobile enablement initiatives shed light on areas that the
enterprise should have considered in their business strategy?
We recommend that enterprises evaluate their mobile enablement
projects before they send them to the enterprise architecture governance
board, which might shut them down when they do not find a direct
mapping to the enterprise business strategy.
Mohamed El-Refai is an Executive Architect with GBS and the Chief Architect for China GDC and an IBM Redbooks Thought Leader. Follow Mohamed El-Refai on Twitter at @mohelrefai.
This blog post is contributed by Chris Pepin, Mobile Offering Manager and Evangelist.
According to the 2012 IBM Tech Trends study,
the top barrier to enterprise adoption of mobile devices (for example,
smartphones and tablets) is security. Specific concerns include device
loss and theft, data leakage and malware. While technology is important,
it’s only a piece of the puzzle. In this post, we’ll discuss the role
of strategy, policy, technology and education in addressing mobile security.
It starts with a strategy. What’s the business problem I’m trying to
solve with mobile? Who’s my audience? What types of devices will they be
using, and what device features will be used? How will users access my
application? What are my success criteria? Having clear and concise
answers to these questions will make it easier to apply corporate policy
in the next step.
Every enterprise needs a written mobile policy with the terms and
conditions clearly spelled out. This is particularly important for use
of mobile devices inside the company. If the company already has a
personal computer policy, this is a great starting point. Key questions
to be addressed in the policy include: What devices, operating systems
and apps are supported? Do I need a device passcode? Is there a
requirement for remote wipe of enterprise data in the event the device
is lost, stolen or the employee leaves the company? What applications
are allowed to be used? What are the data privacy requirements? What’s
the Bring Your Own Device (BYOD) policy? What’s the policy for employee
reimbursement for mobile expenses? You’ll want to include IT, human
resources, legal, procurement and reimbursement in the discussion.
Technology implements, monitors and enforces corporate policy.
Specific technologies includes endpoint management, encryption,
containerization, network access (for example, WiFi, VPN), anti-malware
and authentication—just to name a few. In addition, the mobile
application architecture (native, web, hybrid, virtual) and how it will
be developed, deployed and updated on users’ mobile devices is critical.
Security starts with the user and with building a culture of
security. Regularly educating employees on how to identify cybersecurity
threats, protect corporate and client data, safeguard devices and data,
and practice security incident reporting is critical.
In conclusion, I’ve provided a high-level overview of four aspects to
consider when approaching mobile security. In many ways, security
solutions on smartphones and tablets are immature but are continuing to
improve. While you may be tempted to hold off on embracing mobile until
the market matures, the risk of getting left behind or of facing a
security exposure is very real.
Chris Pepin is a Mobile Offering Manager and Evangelist and an IBM Redbooks Thought Leader. Follow Chris Pepin on Twitter at @chrispepin.