The media tablet market did not exist in early 2010. But now, millions of workers use these tablets in the enterprise every day, and the tablet market is just the tip of the mobility iceberg. Just below the surface lies a torrent of innovations that includes mobile applications, social media, mobile health, cloud computing, mobile payments, interconnected machines, mobile collaboration and wireless technologies.
Mobile innovations have accelerated the change in the relationship between IT and users. In the past, IT had the exclusive technical expertise to know which technologies were both feasible and useful, whereas users did not. IT also had the tools, time and charter to establish the necessary management and monitoring infrastructure to support those technologies. However, IT increasingly no longer has the tools, time or exclusivity that it had in the past.
Unfortunately, IT is burdened by an overwhelming array of regulatory, compliance, security, privacy, expense, organizational, policy and legacy technology constraints that dramatically shapes IT's response to these changes. Simply put, the innovation rate in mobile devices, social software and cloud computing is accelerating faster than the enterprise adaptation rate. IT organizations that fail to adapt to this new reality will lose their relevance in the era of pervasive mobility.
A recurring theme in many of our conversations with Gartner clients is their struggle with mobile governance. We define governance as the management of the people , policy and process issues. Enterprises often organize their people into functional silos (for example, human resources, legal, business managers, security group, networking group, application group or workstation group) to improve operational efficiency. Such an organizational structure makes it difficult to solve mobility problems because the solutions often span many operational domains. A good example of this is the bring your own device (BYOD) policy challenge. BYOD policies are not simply a matter of asking the security team to assess risk; they will also require input from users, business units, human resources, legal, support personnel, application developers and the networking team.
Many enterprises tend to focus on a single overriding mobility issue (for example, security). However, the desire to focus on a single issue can mask other important issues and result in unintended consequences. For instance, IT may decide to minimize risk by mandating that all BYOD devices access enterprise resources using server-hosted virtual desktop (SHVD) technology so that sensitive data is kept off the device. But the decision to use SHVD technology may worsen user experience (thereby decreasing productivity) and increase wireless LAN (WLAN) dependency (possibly requiring WLAN capital improvements) compared with other mobile solutions.
The process of creating mobile solutions often requires that enterprises make decisions between various conflicting tradeoffs (see Figure 1). The enterprise may believe that maximizing user experience is important for a particular mobile solution and therefore decide to build a resident mobile application instead of mandating the use of SHVD. The effect of "sliding" the user experience tab from "worse" to "better," moves the security risk tab from "less" to "more" (because sensitive data is stored on the mobile device) and moves the network dependency tab from "more" to "less" (because mobile data is stored on the device instead of on a remote server).
Source: Gartner (April 2012)
Enterprises should create mobile solutions using an enterprisewide architectural methodology. An architectural methodology helps IT by providing a framework to consider all of the major issues, highlight interdependencies and facilitate decision making between conflicting tradeoffs. Before creating a mobile architecture, the enterprise should create a cross-functional architecture team that includes representatives from not only the IT organization but also business leaders, HR, legal and the user community. The architecture team should use a repeatable and defensible methodology that iterates among many interdependent tradeoffs to create and refine its mobile architecture. Refer to "A Methodology to Achieve Mobile Endpoint Independence."
The mobile team should consider the needs of all stakeholders by aligning business, user and IT perspectives. The mobile team should create a mobile architecture that:
Source: Gartner (April 2012)
Endpoint independence refers to a mobile architecture that enables an enterprise to protect sensitive information regardless of the type of mobile device or who owns that device. IT organizations do not know what type of device or mobile operating system workers will want to use next year or next month (see Figure 3). That uncertainty is pressuring enterprises to create endpoint-independent mobile solutions. Mobile endpoint independence will enable enterprises to support and manage application service levels, regardless of which devices their users want to leverage.
Source: Gartner (April 2012)
The following sections examine mobility from several perspectives:
Mobile infrastructure provides the foundation upon which enterprises build their mobile solutions. It includes WLAN technology such as Wi-Fi access points (APs), mobile cellular equipment such as distributed antenna systems (DASs) and virtualization technology such as SHVD. Mobile infrastructure also includes the system management tools that enable enterprises to provision mobile equipment and to efficiently triage, diagnose and mitigate problems.
Enterprise mobility is dependent upon the existence of a well-designed and pervasive infrastructure of WLAN and mobile cellular technology. Wireless began as a "nice to have" convenience, but it has quickly evolved into a "must have" necessity. Users expect pervasive service, high performance and seamless mobility. Satisfying this expectation is difficult for IT organizations because the number of mobile devices, and mobile communications traffic, is growing exponentially. In addition, most wireless systems were not designed for mission-critical performance and seamless mobility. Many enterprises need to invest time and capital in order to improve network capacity, reliability and manageability.
Many enterprises have neglected their wireless networks because they were focused on more pressing issues (for example, BYOD policies, mobile device management tools and mobile applications) and most users were not complaining about the wireless network. But enterprises are slowly realizing that they will need to invest in WLAN and mobile cellular technologies in order to ensure a robust wireless foundation.
Most enterprises define application delivery by physical devices. Any type of failure (for example, power supply or hard disk), device loss or theft, can halt user productivity. An alternative to device-centric application delivery is emerging and is often referred to as user-centric or people-centric application delivery. Delivering traditional applications to people instead of to devices requires new investments in technologies such as SHVD, persistent personalization and application virtualization. Although virtualization may increase the reliance on the wireless network, compared to a resident mobile application, the result can yield considerable total cost of ownership (TCO) savings.
Virtualization affords many benefits, such as improved security, business continuity and access to legacy applications. Still, the path forward is difficult and can have a significant impact on IT processes, application delivery architectures, management tools and security (for example, data, endpoint and network access control). Complementary technologies such as persistent personalization and server-based computing also have a significant role in supporting mobile compute models.
System management is considerably more complex for mobile communication. Radio signals are difficult to control, easy to disturb, and impossible to see. Many factors can negatively affect wireless performance, including poor network design, unpredictable station behavior, and interference. In addition, modern communication systems consist of intertwined mazes of servers (physical, virtual and cloud-based), which communicate with endpoints (mobile and fixed) through networks (wired, wireless LAN and wireless WAN) run by different organizations. The enterprise may not own the endpoint, the network or the servers, but must ultimately ensure end-to-end service delivery and must support users when problems arise (see Figure 4).
Source: Gartner (April 2012)
Enterprises should establish a system management team that is chartered with supporting this complex communication system. The team should ensure that the enterprise is collecting relevant, accurate and timely performance metrics. These metrics provide a basis to help optimize enterprise investments in technologies and people, meet required service levels and ensure user productivity. The metrics also justify charges to users and help the enterprise more quickly detect and manage incidents and problems. The group should also define network triage responsibility domains, document diagnostic processes and ensure staff are well trained and have access to the necessary tools.
Users, Applications and Data
Mobile users (for example, employees, customers and partners) increasingly expect to integrate their personal and professional information using mobile devices. This expectation is driving enterprises to build mobile applications that enable users to access enterprise data at any time, anywhere and on any device.
For many employees, the terms "office hours" and "work place" are anachronisms. Work flexibility is a necessity, not an option. They integrate their professional/personal lives on their consumer devices and use social media to share, communicate and collaborate. Users often have a better sense than IT of what mobile products and services are feasible. They also feel empowered to use them, regardless of security concerns. The growing wave of consumerization, expectation and sophistication has created a powerful force for change.
Mobile technology has also dramatically changed customer expectations. Customers expect to use mobile technologies to research, buy, sell, rent and rate virtually any product and service. Enterprises have an opportunity to grow market share and expand addressable markets by using mobile technologies to provide qualified customers with the specific products and services that they need, at the right time and wherever they need them.
Business partners such as suppliers, distributors and value added resellers (VARs), expect to use mobile technology to accelerate time to market, improve customer satisfaction and increase profit margins. For instance, enterprises can use mobile applications to improve VAR training, shorten the sales cycle and streamline supply chain logistics. These mobile initiatives require thoughtful planning, development, deployment and continuous mobile application refinement.
The rush to develop mobile applications is similar to the rapid introduction of websites in the late 1990s. At that time, enterprises viewed websites as a powerful channel through which to sell goods/services and to communicate with employees, customers and partners. Enterprises view mobile applications as providing many of the same opportunities. However, unlike the 1990s, where deploying a simple website was good enough to get started, simply having a mobile application is not. Increasingly sophisticated user requirements are driving the enterprise to buy and develop applications that deliver an elegant, powerful and intuitive user experience. The application needs to leverage the underlying native capabilities (for example, GPS, camera and accelerometer) of the mobile device operating system and hardware. In addition, applications must increasingly incorporate location-aware capabilities (for example, mobile marketing) and social networking integration. Users want to be impressed.
As if this were not challenging enough, enterprises must also deal with many complicating factors such as short device life cycles (less than 12 months), lack of mobile-friendly legacy applications, immature mobile application development tools, privacy concerns, security risks, development costs, competing application architectures and inadequate mobile application development expertise. The combination of these complicating factors, coupled with increasingly demanding user requirements, increases the complexity of mobile application development.
Mobile technology is an equal opportunity disrupter of communication, collaboration, content and social (3CS) software management technologies. Unified communications (UC) clients must run on a wide variety of smartphones and tablets; today, most of them don't. Collaborative workspaces such as IBM Connections and Microsoft SharePoint must allow mobile workers to be full-fledged members of communities. That's often impossible today — in-house implementations of Connections and SharePoint are frequently inaccessible from tablets, and workflow approvals sometimes can't be executed from mobile devices.
Enterprises need to create mobile-friendly portals and websites so that employees and customers can easily access and read documents on varying screen sizes. Unfortunately, many companies still don't do so. In addition, the proliferation of devices has made a manual content synchronization process too onerous, thereby driving employees to rely on consumer services such as Dropbox. Social networks often blossom via mobile devices — workers can notify others where they are, take and post pictures and otherwise generate a steady stream of comments and questions. However, enterprises often continue to think of social software within the context of working at a desk and, therefore, don't unlock its full potential.
Mobile data requirements are emerging as a key factor in the design of mobile applications and user experience (see Figure 5). Enterprises must consider requirements such as data input/output (for example, transaction rate), accuracy (for example, accurate up to the second, hour or day), synchronization, mobile device storage, back-end storage, processing complexity, risk sensitivity and privacy. The decisions that enterprises make to satisfy their mobile data requirements can affect user experience, mobile application design, security, and privacy.
Source: Gartner (April 2012)
Security and Identity
Mobility has not changed the fundamental types of information security risks that enterprises must confront. Risks such as malicious software, device theft and sensitive data loss existed prior to mobile devices. But mobility adds new twists, such as endpoint ownership, no dominant operating system, very short device life cycle, and immature management and security tools. Although sensitive data requires protection, the data must be available to authorized users. Traditionally, enterprises protect the data by placing controls on the endpoint, but it may not be possible to place controls on the endpoint in a BYOD environment.
Enterprise security teams have lost control over the mobile endpoint. They increasingly do not own the hardware or control the software on the device. The variety of devices and short product introduction life cycles make it impractical for security teams to lock down every mobile device. Content-aware data loss prevention (DLP) solutions for mobile devices are at a nascent stage with little or no local native device capabilities. In addition, endpoint protection platforms (EPPs) have little, if any, support for smartphones and tablets. Although security controls such as encryption, device firewalls and application controls vary from device to device, third-party products are available to augment the controls and to provide management of heterogeneous devices. Refer to "Endpoint Protection Platforms: Blending Security, System Management, and Data Protection," and "Comparing Security Controls for Handheld Devices" for further information.
IT organizations must address how users authenticate when operating smartphones and tablets. Gartner defines authentication as "the procedure through which a user provides sufficient credentials to satisfy requirements for access to resources." Implicit within this definition is the concept of proof; the organization must have confidence that the entity at the other end of the transaction is a legitimate user. Without first assuring that the entity using the device is a legitimate user, the enterprise cannot take comfort in its other logical access controls to business systems. Although authentication is a major concern within mobility architectures, it is important to note that identity management systems have little to nothing to say in terms of how a legitimate user authenticates to the mobile device.
The discussion of mobile devices and identity has focused upon the use of mobile device services as an authenticator for accessing resources via another computing platform. For example, users may enter a one-time password that is generated on a mobile device for access to resources via their PC or Mac. Because smartphones and tablets have become viable computing platforms for end users, enterprises should also focus on user access to corporate resources via the mobile device, facilitated by authentication methods such as X.509 certificates, software one-time password (OTP) clients and out-of-band communication. Refer to "The Evolving Intersection of Mobile Computing and Authentication" for further information.
Third-party management software vendors are rushing to fill the void created by the immature endpoint security and identity controls. Mobile device management (MDM) software provides the ability to define and enforce mobile policies across a variety of hardware and software platforms. Some MDM solutions provide container technology to isolate enterprise information from personal information. Managed containers separate enterprise information from nonenterprise information on a mobile endpoint. The information held within a managed container is protected through the use of authentication (the user is forced to authenticate to the container prior to accessing information held within it) and usually, but not always, encryption. The MDM centrally manages the container so that configurations can be set by the enterprise. Information held within a managed container can be removed without affecting other information or applications on the mobile endpoint device.
Enterprises often struggle with tablet and smartphone management. The variety of smartphone operating-system features, rapid evolution of smartphone devices and the inability of MDM solutions to support every feature and device make the evaluation of MDM systems an enormous challenge (see Figure 6). Exacerbating this challenge is a fragmented MDM market that makes it difficult to establish a baseline definition as to what MDM functionality is necessary and sufficient for most enterprises. Products vary considerably in their product features, methods of device control, application management controls and ability to segregate personal and professional information. Enterprises should select an MDM system as a short-term, tactical investment. Refer to "Mobile Device Management Evaluation Criteria" for additional information.
Source: Gartner (April 2012)
Enterprises are struggling to adapt to new employment norms — norms that have been in place for generations but are changing because of wireless networks, handheld devices, social media and cloud-based solutions. In the past, employees were expected to work "9 to 5" at "the office." They used company-owned computers, servers and networks to perform their duties. Management discouraged employees from engaging in personal activities while at work, and most employees collaborated only while in face-to-face meetings.
New norms have rapidly replaced the old ones. Employees now work at any time and from any location. They often use personally owned mobile devices and communicate over home Wi-Fi networks. Employees regularly integrate personal and professional activities and use their mobile phones to help them unify those activities. They store enterprise data on public cloud servers and synchronize the data between employer and employee-owned devices. Collaboration can now occur anywhere using social platforms such as Apple FaceTime, Google Chat and Microsoft Lync. Traditional protocols about "how to use the phone" are giving way to protocols such as "IM before calling, call before visiting."
Mobility has changed the way employees interact with their tools. Rather than using the desktop PC to do everything, workers now have the option of doing portions of their work on different devices, using the best device for the current task. A worker can get an email notification on a smartphone, dash off a quick reply on a tablet, gather more facts via some phone calls from the car, and then author a detailed document — with supporting spreadsheets — once back at the office via a desktop PC.
Doing work on a desktop PC often means opening up multiple applications (for example, email, a collaborative workspace and a content management system) and then copying and pasting information between them. Smartphones and tablets come with that integration built in. For example, a real estate agent taking pictures (content) via a smartphone can use several button clicks to email it (communications) it to coworkers for their help in estimating an appropriate sale price (collaboration) as well as post it to Facebook and Twitter (social) for viewing by prospects. It isn't that the same thing couldn't be done using other devices (for example, PC, camera and GPS) — it's just quicker, easier and can be done from more locations.
The explosive growth in mobility, social media and cloud computing presents the enterprise with enormous opportunities and challenges. Mobility requires that enterprises make decisions among many interdependent tradeoffs. Gartner recommends that enterprises create mobile solutions using an enterprisewide architectural methodology. An architectural methodology helps IT by providing a framework to consider all of the major issues, highlight the interdependencies and facilitate decision making between conflicting tradeoffs.
Some documents may not be available as part of your current Gartner subscription.
"Field Research: Mobility and Security"
|3CS||communication, collaboration, content and social|
|BYOD||bring your own device|
|DAS||distributed antenna systems|
|DLP||data loss prevention|
|EPP||endpoint protection platforms|
|MDM||mobile device management|
|SHVD||server-hosted virtual desktop|
|TCO||total cost of ownership|
|Resource Id: 1985016|