IT Management Blog: my thoughts about putting the "i" in IT

Bring your own identity (BYOID)

The other day I watched a bit of the movie "Minority Report" on tv. The movie is quite often referred to as visionary with respect a gesture based interface for computers. That made me think whether those sci-fi movies do predict the future accurately or not?

Watching a Star Trek show on tv made me realise that they got the tablets right. You see them walk around with tablet like devices. But what struck me was that they pass on the device in order to pass on information. In Minority Report you see that as well. A glass like plate is passed on to move data from on terminal to another.

We know now that this is not necessary. Information will be available regardless the device. If you want to pass on a report to your manger, you will use a workflow tool. These days unfortunately that is in most cases still email where we create a copy of the original file. But I will have good hopes that somewhere in the future we have progressed beyond that.

So they got it almost right. It is also a  inconsistent since the rest of the movie/tv show relies on the fact that information is available anywhere. Probably it makes a better movie to have actors to move devices around. On the other hand it is good for us humans to remain active, unless we all have sufficient time to participate in sports and other activities on a holodeck :)

Ever since I worked with the Internet and used a mobile phone, I felt that you don't need to bring your own device. Devices that give access to the cloud and therefore any computer system including that of work, will be ubiquitous. You just need to identify yourself. The other day I read an article somewhere and this concept was referred to as Bring Your Own IDentity.

For those who have accessed their work environment via Citrix, this should sound familiar.

But there is more to it and something I did not consider too much in those days and that is that people will have multiple identities in the cloud. We probably want to avoid to login constantly with a different account. It means we login once and present ourselves with the respective persona depending on the role we want to play. For work we represent ourselves in the role we have at work and we will have access to the respective data and systems. At the same time we can play a role in our personal life, say on Facebook. When we leave one company and start working for another, we disconnect from the one environment and connect with the new persona to the new work environment. The war on who controls peoples identity has already started. You see many websites these days that allow you to login using your Facebook account.

It is easy to see that there are many challenges to be addressed to make this reality from a business perspective for employees. But given the speed of how things go these days, I am curious to find out how long it takes when this will become common practice.

When it comes down to the predictions in Minority Report, we see Tom Cruise his eyes are being scanned to identify himself. This scanning happens wherever he goes and his identity follows so he is confronted with targeted advertisement wherever he goes. Star Trek uses voice recognition. When will my fridge know what to present when I look at it? Will it scan my brain pattern and recognise what I want to eat or drink? Probably not, since that would mean too much infringement of privacy because what my fridge knows, the cloud knows. Though you never know... If you see what people publish on the web. Young people don't really consider privacy issues and the impact it may have for the future. And those people will be adults one day.


Will trends in information technology improve decision making in society?

A long time ago, I attended a University economics course. The professor explained to me that politicians use a simplified economical model and therefore they too often make the wrong decisions. He also explained that the educated economists usually stay on a distance from the decision makers since they have trouble dealing with people that have “a different way of thinking”. This view was recently reaffirmed by another economics professor.

What I am trying to say is that society is not run based upon rationale insights and deep understanding of matter. You could bring into the picture personal interests, lack of interest, emotions or incompetence. But it all comes down to the fact that a human (democratic) society is a sub-optimal solution. (Regarding a democracy: there is unfortunately not better alternative.) We need to get the voices heard of all of us and that will include a lot of noise. And people don't respond very well to complex stories brought in a quiet tone but prefer to support those who make a lot of noise and present a simple message. The consequence is that we won’t always make the best decision.

With the growth of the Internet and specifically social networking and mobile computing, we capture these days unimaginable large amounts of data (in the cloud). Where in the past writing text was something that people generally rarely did and was something for an elite few, these days the elite few are the ones who probably create less written data than the masses. The amount of twitter text, email messages, facebook updates, blog posts etc. is so vast and is created in such a high speed that we can hardly comprehend the numbers associated with it. Gartner calls the convergency of the current trends the "nexus of forces".

We capture all this information in large databases and trying to generate information out of this. We call this concept Big Data. Companies and politicians will be interested in what the people think and say and will be making decisions upon the information obtained from Big Data.

The problem with all of this is that this Big Data will contain a vast amount of nonsense information. The duplication of this information is also enormous. The same opinion, remark or thought will be copied many times. But it will still count in the statistics.

So what will happen in the future when we make our decisions in society based upon a large amount low quality information? Will we improve as a society because we have better insight in what people think or will we slide back regarding the quality of our decision making because we will respond to the emotion of the day and of a large group of people who have basically no real knowledge of the subject? Or will the ease of access to more and better information mean that we are better informed and will this compensate for the natural low quality information that drives our daily communication?

I see that the new mass media has many benefits and we are able to address issues in a way that was never possible before. Progress is dependent on education and availability of information. We are better informed than we were ever before. However we see also the flip side of this. Just take cyber bullying as an example.



Some reading regarding the future trends in information technology:

Why SharePoint is so important

It is always difficult to define the business case for a SharePoint implementation. For most organisations it does not have a direct return on investment but an indirect one through improved communication, collaboration and knowledge management. In addition to these core items, SharePoint can be leveraged for application type of functionality such as workflows and integration with other business applications and as such will function as a portal.

One of the key challenges with a tool like SharePoint is that you only achieve the benefits if the tool is correctly implemented AND that in addition behaviour of people in the organisation changes accordingly. So even if you have a good business case, it remains a significant challenge to realise the benefits.

Even though it is difficult to quantity the benefits, it is costly to achieve it and there is a risk that you don’t achieve it, I have a strong belief that SharePoint is in most cases of strategic importance for organisations – specifically in Australia.

Australia seems to have a productivity problem and as I learned from economists, employees in the United States have more capital equipment at their disposal than employees in Australia. This is one of the reasons why for example the US is a major producer of hardware and software and is much more innovative in their production of those types of goods.

The challenge for the business case is then the challenge to make the vision of how SharePoint can contribute and to make this visible to decision makers, who in most cases won’t be a key user of such a s system. The challenge is often already much closer to home. The CIO or IT manager might not have a clear detailed picture of how the tool will work in practical terms of day to day use.

You need to have a clear picture in your mind of how you can configure the tool and how people could or should use it. This goes into the details of how team sites will be setup, how the meta-data will be defined and used, the use of off-line capabilities and integration with MS Office to simplify storing documents in SharePoint and how the social capabilities can be used. Besides understanding how it could be used in ideal circumstances, you also need to understand the limitations of the tool and what will put people off and will make them avoid storing their information in the system. How will you transform the system into a strategic tool to create and manage knowledge that can be leveraged for productivity growth?

Knowledge management starts with gathering and recording knowledge that is obtained by individuals to assure that this knowledge is not lost. Subsequently the knowledge must effectively be used which relies on making this knowledge available in an effective way to the people in the organisation to be applied.

Traditionally the idea of capturing knowledge is for people to write a document. We see that many systems that are implemented to support this are geared towards managing documents and Intranet pages. It requires people to sit down, gather their thoughts write down the draft version, revise the formatting, store the document in a shared environment and inform people that the document is available. But once the initial newness of the document is over, we have the major challenge of using the information stored in the document in the future. How will you find the document in 12 month’s time and specifically how will people who do not even know that it exists find it when they need the relevant information? Will they have access to it?

If the information was considered important and central enough to the company’s operations, it might have been published in a central repository accessible via the Intranet. But if you do not only want to capture knowledge created as part of formalised processes but also want to capture insights of the day or week and if you consider the effort a person needs to go through to create and publish this information with little prospect of future use, you understand it is simply not happening. 

A first SharePoint implementation usually copies the same paradigm of knowledge management from a file system to a web based solution. (see also my blog post) This is not surprising since the paradigm shift is huge and it requires time to adjust, besides the fact that the technology promises a lot but realises only part of the promise. SharePoint is growing along with the ability of people to adopt the change - sometimes faster and sometimes slower. In order to build a business case for a SharePoint implementation it is necessary to understand what you can achieve with a current release and a current implementation project but also have a vision beyond the current release and where technology and user paradigms are growing towards to.

SharePoint originally was ahead of the game. Moving away from folder structures, local or shared drives and introducing meta-data was a huge step for many users. Social networking, mobile and cloud computing have shifted the way people think and work. Slowly a paradigm shift is taking place while SharePoint currently struggles to keep pace. The acquisition of Yammer by Microsoft can be seen as a positive prospect for the future of SharePoint.

Mobile and cloud computing have created situation that information can be created and accessed instantaneously anywhere anytime. The advantage is that you don’t need to sit on your desk for this. You can access the information when on the road, in a meeting with your colleagues or when visiting a client. This significantly improves the speed and quality of decision making. It also has the advantage of creation of information that can be done during short periods of down time.

With the emergence of social networking, people are more inclined to express their thoughts in written or visual form. Much knowledge, experience and insights comes in short bursts. If you wait for people to sit down and write a coherent story, much of these insights are lost, besides the fact that many people wouldn’t do it.

You could criticise these concepts and point to the risk that with opening up all these social concepts within the business context that only a lot of noise is created. However one should consider that what is noise to one person, is relevant information to another. It is my opinion that the most difficult part of knowledge management is to get the information out of people’s heads and captured on media so that it can be re-used. This does not mean that the other aspects of managing and using this information as knowledge are easy. Transforming all this noise in usable knowledge is the other major challenge.

The memory of an organisation is kept in a wide variety of artifacts such as electronic information and this can be in structure documents purposely written to divulge the knowledge but also in operational documents, systems, processes, status updates or blog posts. One person complaining to another about something going wrong can contain critical information. If this was only verbal, this insight and knowledge is easily lost. We all know that often the knowledge of a problem of opportunity existed but this information was not properly passed on to the relevant people who could take action. What if this little complaint in a status update or personal blog, would be picked up by an automated process and brought to the attention of people who focus on improvement? All this electronic “noise” that is created must be analysed, categorised and filtered and brought into a form that people can digest this to assist with their work.

Another aspect to consider is that knowledge, at least at a global scale, is growing exponentially. So if your competitor or the rest of the economy is accumulating knowledge in a more effective way than you do or you start later than the rest of doing so, the gap over time is only getting bigger (see also my blog post).
In order to be more effective in managing knowledge in an organisation, a paradigm shift needs to take place in the thinking of people while also technology will need to improve further.

So what is this paradigm shift that needs to take place?

There are many aspects to knowledge management within an organisation but there are three core processes from systems perspective: gathering, managing and using.

The paradigm shift that needs to take place will contain the following elements:
  • Less silo thinking and more openness with respect to information
  • Less thinking in terms of location (folders) and more in terms of how information is used when creating and storing information
  • Moderate corporate wide internal communication less and allow people to express themselves more freely
  • Making it a routine for all staff in the organisation to capture insights and make this available to a wider group
  • Understand that active governance and management is required to change noise into valuable knowledge
  • Understand that modern fast paced technology provides opportunities for necessary productivity growth – that they are not just nice to have but are of strategic importance

Reducing the silo thinking is a first step. Much information in SharePoint implementations is locked into team sites to which others don’t have access. I suggest thinking carefully if you really need to protect this information. Why not give read access to everybody in the organisation by default and only restrict this for selected pieces of information?

But why do we need to so many team sites? Consider reducing the number of team sites and use meta-data to group documents and information. It is easy to create multiple libraries or web-pages all within the same site. As soon as you see that people make copies of a document within SharePoint system you have an indication that you can optimise the design. Team sites are in my opinion, from document management perspective, just a super folder. Changing sites and folders into meta-data increases collaboration and improves efficiency.

Take as an example the documents you create during an IT project that is also required later for ongoing support. Not all project documentation has relevance post project closure but some have. A support team wants to have access from system perspective and not project perspective. So what happens in many cases is that relevant project documentation is copied to a data structure required for support. An alternative approach would be to use meta-data in the first instance. During the project team, the initial filter will be via the “project name” while post project, the support team will filter by “system name”.

But you should expand this consideration across the organisation. In a larger organisation you will have different business units or offices and within those offices people covering a variety of professional disciplines. Team sites will be setup according to the natural hierarchy but say an electrical engineer in London might just as well be interested in information created on the subject in Sydney. A search, a filter or an alert on a specific subject across the organisation can bring this Sydney based information to the employee in London.

The above can only be achieved if meta-data is effectively captured. However documents and other information will only be stored in the system if it is easy to do. You need to remove all barriers for people to contribute their information. This will rely on the technology provided such as integration of SharePoint with MS Office, allowing the use of the information through off-line and mobile capabilities and reducing the total number of steps involved. Capturing meta-data requires extra steps. To reduce the amount of meta-data that people need to enter, you can consider automation tools that derive meta-data from the content and the context.

I can strongly recommend you to look into a tools from Recommind to automatically add meta-data to your information through its self learning engine.

If you have made it easy for people to contribute information, you need to remove the non-technical barriers. Many documents are created as part of the normal work process. But much knowledge is lost because it is not captured in writing. People complain usually about inefficiencies or identify options for improvement. Too often many of their suggestions are lost in an email between one or two people. Allowing people to capture this information more freely in a blog post, wiki or list of ideas allows you easily to collect this information when you take an initiative to make improvements. A culture change is required to allow for open communication.

If this has been achieved, you will find that you can make it a routine for people to capture their insights and knowledge on a weekly or even daily basis. Once you have achieved that, you will see that your knowledge base will grow exponentially and from pure document management perspective, you will see that people will store their documents in the system by default. No more storing on the desktop, shared drive or “My Documents” - and a significant reduction of Email as the document repository.

There is however another critical factor that is required before people will actively contribute knowledge to the system and that is that it needs to be used. People will need to see the benefit. The information needs to be easily accessible and there needs to be a value for the audience.

If much more information is available to people and people create much more information, you will need to start managing the noise. A simple search returns so many results that you might not find the information you were looking for. The meta-data in combination with free and canned search features becomes critical. Canned searches are in first instance the views that will replace site and folder structures to provide a browse capability (to certain extend similar as the folders). In second instance they can function as subscriptions and alerts.

In order to achieve optimal use of meta-data you will need to design this on a system wide level to make sure your London based engineer will be alerted to a new piece of information made available in a team site in Sydney. You might find that SharePoint in its current form has its limitations and you would want to use added technology such as those form Recommind (http://www.recommind.com/) for automatic generation of meta-data and the provision or powerful contextual search and browse capabilities.

The governance of the whole system should not be underestimated. It requires active management to manage the sites, meta-data and the quality of information which needs be done in close relationship with the technical support team to constantly improve and adjust to the needs in an agile fashion. In addition, you would want to setup knowledge centres where people actively follow information created to combine, structure and transform it so knowledge is generated that is directly applicable. For example, you can have collected many pieces of information about a certain subject and you need someone to combine this into a single coherent piece of text. The internal scientific writer and process improver.

So how do you explain the benefits of a SharePoint implementation?

On the one hand you aim at efficiency improvement. But it will remain difficult to translate a 2 to 5 minutes time saving per person per day for finding information into a dollar value. You won’t actually save this money but it will go into productivity improvement.

Or what is the value of actually finding the right information that you before would not be able to find? It could lead to a million dollar deal, but how do you know that you would otherwise not be able to win this? Or if you would have avoided a major manufacturing disaster? If you have statisticians in your organisation you might want to ask them for advice to quantify these benefits.

Another benefit is that you give your people better tools to do their work. This makes people happier and therefore more productive. It also assists with reducing dissatisfaction and reduces the chance that qualified people leave for greener pastures. If you give people second grade tools, you will end up with second grade people and a second grade organisation.

In the end, you create an asset and you need to deal with this similarly as you deal with many other assets in your organisation.

The future of IT

The IT work landscape will change radically in the near future due advancements in cloud solutions, consumerisation of IT, standardisation of business processes and networking. As predicted years ago, we IT people are the cause of our own demise and we to need become more adpative and more business and information focused - something we said years ago we should do. After the current peak, IT outsourcing providers will face a period of decline in demand.

When you take into account:
  • Bring Your Own Device and consumerisation of technology
  • Continuation of standardisation of business processes and increased use of off-the-shelf-solutions
  • The trend to build applications web-based or as rugged downloadable apps
  • Cloud computing, Software as a Service including office applications such as provided by Google Apps or Office365
  • Outsourcing and offshoring and commoditisation of IT support and IT infrastructure
  • Improvements in network capabilities, ubiquity of Wi-Fi access and roll-out of 4G wireless networks
Devices and associated operating systems are becoming significantly robust. The IOS devices are a typical example of this. The device just works. If it there is a problem, it can be only one of two things: a user problem or a device problem. The resolution of the first will be to show the user what the problem is and this must be done in very simple terms for someone with two left hands (the extreme cases) and probably cannot easily be done by IT support staff over the phone. If it is something with the device – we know what Apple’s approach is. Throw it away and replace it with a new one. In a previous article I explained how you can virtualise your SOE so it can run on any OS. When the BYOD movement continues to take up, the primary responsibility for the hardware and the native OS will not be with the IT department anymore.
  
If applications are further brought to the web or are even provided as a cloud application such as with Office365, the requirements on the OS on the device are getting less and less. With increased mobility requirements and advancements in networking wired or wireless, people expect the same data to be available on any device they have and use. This can only be achieved when thin client solutions are provided where all data is stored centrally on a server.
  
The consequence is that there will be minimal support required for the desktop which has traditionally been one of the major headaches of IT departments and is now a primary revenue stream for offshore IT service providers.
  
Where at first advancements in technology caused the commoditisation of technology which led to offshoring of the desktop support, further advancements will take this almost completely away.
  
ERP vendors have progressed in the capability of their systems and standardisation of business processes have led to less custom development and more application integration. With the commoditisation of infrastructure and applications, we started a trend of offshoring application integration and application support - specifically now that applications are web based or run in a JVE. It also allows for Software as a Service. When selecting Oracle, SAP or Microsoft for your primary applications, you already lock yourself in with that vendor. In that case there is no problem to use their cloud offering. The choice for the original vendor as the cloud provider is therefore the most obvious one. You are interested in the application and the underlying infrastructure should not be of concern. The problem of moving away from SAP and start using Oracle is with respect to data migration, configuration work and the associated business change is the same. The thing you don’t want is the change of the re-installation, purchase and management of the associated infrastructure including the application foundation such as performance tuning and scalability issues. Leave that to the one who is specialised in it. Of course you still need someone to maintain the configuration of the application.
  
Taking applications to the cloud means again less IT effort required maintaining and running the applications and this specifically applies to those tasks that we have been able to outsource in the first place.
  
So what remains is the direct partnership with the business, understanding business strategy and business needs and participating in developing those strategies and finally implementing the required solutions. The implementation of those solutions can be a commoditised solution. It can also be a solution that uses commoditised components such as Software as a Service but where there is intense business consultancy required to design and configure the solution. And finally it can mean a solution that needs to be developed completely from scratch and this will be the case when standard components or applications are not available - when you want to do something unique.

The implementation approach must be adaptive to the situation and therefore agile. Agile does not per se mean that you don’t have a clear picture (requirements or even design) of the final outcome, but that parts are created in close cooperation with the business and pieces are delivered as much as possible in increments. Speed of delivery becomes even more a prominent requirement for success. Don’t forget that all the other IT can be delivered lightning fast: users buy their own devices, a virtual server is just 1 click away and another SharePoint farm will be available in days if not hours.

The final consequence is that one of the jokes made years ago when I was still attending Uni is becoming reality – we IT people are making ourselves obsolete. We’ve proliferated over the years and are now feel that offshoring is taking our jobs away. But trend will continue and will also impact the outsourcing providers offshore. Larry Ellison might finally fulfil his dream and become the sole all-encompassing provider for his business applications.

As in economic forecasting, the forecast is probably reasonable accurate but the timing is probably off. The only thing I can say about that, is that changes are coming increasingly in shorter cycles.

Cumulative value of an IT project

Organisations constantly face the question whether they should execute a project now or defer it to later. One of the aspects that should be considered is the cumulative value of the solution over time.

Certain systems grow in value over time such as an effectively implemented SharePoint system for communication, collaboration and document management. The combined value can be an effective knowledge management solution. Effectively used knowledge stimulates the creation of more knowledge and this facilitates growth of the organisation.

Other systems and technologies have more or less a constant value over time. Take for example a communication system. Say you have a variety of solutions for voice communication and have the option to implement a Voice over IP (VOIP) solution. Though you can achieve cost savings with the VOIP solution and potentially make certain tasks easier for the user, the value today of this will be the same tomorrow. Without VOIP you still can make phone calls. Say, if the value of the solution is today 10, then tomorrow it will still be 10 and again the day after it will still be 10.


However, with a knowledge management solution the value of the system grows with the amount of knowledge accumulated in the system.The more knowledge you collect in the system, the more people will consult the solution to make decisions. The more it is used, the more effort people will put in it to record their knowledge. So if the value is today 10, tomorrow it will be 15 and the day after 22.5.

As you can see, the decision to defer the implementation, upgrade or improvement of your knowledge management solution has over time a significantly bigger impact than the VOIP example given earlier.

Knowledge not recorded today might be knowledge lost forever. That is why I think SharePoint implementations or improvements have an urgency factor to be considered. The longer you wait, the bigger the knowledge gap.

Of course the decision to execute a certain project needs to consider multiple factors such as total cost, ease of execution, risk, alignment with strategies and many more. However, I found that it is often difficult to explain why a SharePoint implementation, upgrade or improvement project is necessary and this is one of the arguments that can help with building the business case.

Knowledge is a business critical asset that requires nurturing to achieve competitive advantage. Knowledge creation facilitates economic growth.

Besides that knowledge can be stored as content in a system, for example in a document stored in a SharePoint site, knowledge can be incorporated in the business logic of a business application. In this case the incorporated knowledge does stimulate further growth of knowledge but it assures consistent execution of tasks and has the benefit that processes and procedures are enforced. When staff change, the system will still be there to assist with correct execution of the tasks. You have moved some of the smarts from the people into the systems. See also this blog post about my view on making information flow.







A great team

The other day I caught up with some of my old team and some old colleagues. I was pleasantly surprised how many times I was told that they missed me. Not just to be nice, but they genuinely seemed to indicate that they felt that things ran better when I was there. Not only operationally but also with respect to the team atmosphere.

Yes, I am proud what I was able to achieve with the team over the years. Of course this was not just my own doing and I must say that the CTO that I worked with for a long period of that time was crucial to this as well. We both worked well as a team which had its reflection in the whole IT team.

There are many theories of how to create highly effective teams and without really aiming at it or even being aware of all the theories, we executed accordingly. But one of the key elements of the success was to look at the strengths and interests of the individual and adjust the processes and procedures to this.

By nature I like formal rules and procedures, but as being a real Dutch person, I also easily move away from them when it suits me better. When I started in my previous job, there was much of the traditional chaos and lack of formal procedures. Over the years we implemented the formal procedures according to the best practices and though some team members changed over the years, we can say we went through a cycle of storming, norming, forming and performing. A process that took years. The norming phase is for example the period that you implement ITIL. You start enthusiastically and implement the rules. But it takes a while before you have found the right modifications and adjustments to suits your situation.

When you perform as a team, you need less rules because people are attuned and have made certain processes second nature and have filled in the gaps and figured out how to work with specific individuals that will lead to the best results. You have learned not to push the square peg through the round hole but first to mould it so it fits better. Procedures and methodologies sometimes just seem to do that: pushing the square peg through the round hole.

If you then bring more formalities into the team, this can actually be counter productive. Besides the fact that a team always consists of a variety of personalities, I think I was able to find the right way to assure to keep those personalities in balance. Not strange of course, considering that I was able to pick most of the people in the team and that over the years natural selection took place of people that were able to work together.

In the end it is not you as manager who deserves the credits, but the whole team. So I thank you all for a great time and great achievements.



Bring Your Own Device (BYOD) - mutual benefits requires mutual trust and responsibilities

BYOD is all about the mutual benefits (WIIFM) for the organisation on the one hand and the employee on the other hand.We change from personal computing to personalised computing.

Companies have started implementations of a BYOD strategy. There are a variety of reasons why you would want to do this:

  • Young people have grown up with personal computing at school and at home. They expect their new employer to be flexible in that respect and meet their individual demands. A corporate provided device might not be as powerful and up to date as what employees have at home and expect to be available at work. In order to attract skilled Gen-Y employees, you just need to meet their demands. For example, I was explained that one organisation setup a new office in Asia and BYOD was the basis for the provisioning of PC's for that office. Specifically if you start fresh, you have the option to create the corporate culture and define the type of employees you want to attract.
  • On the other hand, employees like to use the extra capabilities that mobile devices bring while this is not strictly a requirement of the employer. For example, I like to have my work and private calendar integrated on my smart phone so I always have a complete overview of my appointments when away from my desk. I also like to check in the morning what the day has in store for me before I go to work. Linking my personal phone to the corporate network allows me to do this without carrying multiple devices around. It is the reversal of the coprorate issued device that also can be used for private use.
  • Strongly related to this is that employees and business managers feel more and more that they should decide what technology (including type, brand, make and model) is best suited to perform a certain task and that this should not be driven by the IT department.
  • The ability to reduce the number of devices that people use and carry around as a response to the increased number of devices that are available such as smart phone, tablet, notebook or PC while providing a single point for private and business use.
  • Another reason is that there are more and more devices and all in different variations. Besides that people have preferences for the make, model and type, the different devices also have there strengths for different business purposes. Managing all those different types of devices makes it expensive for the IT department to support. 
  • BYOD inherently increases the mobility of the work force and also has the side effect that the IT department will be able to provide coprorate issued mobile devices easier because much of the technical procedures and infrastructure will be in place.
  • BYOD is sometimes also seen as a business opportunity to reduce costs. However I am not really clear whether this can or should be a driver of the strategy. BYOD is all about "what's in it for me" (WIIFM). If the company tells employees to use their own device for business purposes, employees will be quickly to respond with the question for the company to sponsor the device. WIIFM in this case goes both ways. As an organisation you look into the benefits why you would support BYOD and employees will chase their own benefits.
Photo and skin design by Claire Sambrook
IT departments have long resisted employees to bring their own technology. One of the reasons is that they can expect in the end that they will need to support technology with which they have limited skills and knowledge and have no arrangements in place with suppliers with respect to support and spare parts. Another reason has been the security of corporate data and the risk that virusses and other malware could infect the corporate network via the device that is not under control of the IT department. And finally the business risk that information is leaked or compromised.

However, these days BYOD is more opportune, considering that:
  • people are getting more savvy with respect to the management of these devices (young people have been responsible for their laptop since high school);
  • the stability of the operating systems has increased signficantly over time;
  • devices have a shortened lifespan;
  • the recplacement cost is relatively low compared to maintenance costs which means if there are hardware issues, very quickly a full replacement is the most cost effective strategy (have you ever had a hardware issue with your iPhone? - Apple will not try to fix it and simply gives you a new one);
  • advancements in mobile device management technologies allows the IT department to excert sufficient control over the device to protect corporate data and distribute required business applications (the app store concept is a popular for this);
  • advancements in remote access technologies, virtualisation technologies and security technologies make access to business data and business systems possible via any device anywhere and in a controllable and secure way,
Taking the above points into consideration, it means that in certain circumstances it makes sense to use personal devices for business use.

Mutual benefits brings also mutual responsibilities. The company can expect the employee to ascertain that the device will work according to predefined requirements and that this will become an integral part of the employees responsibility to perform his job. The company will be responsible for assuring that the technical environment facilitates this and that for example the employee's privacy and control over the device is warranted. Though there is much to do around the technology for BYOD, it is foremost about policies and procedures.

The employee is expected to assure that the company's data, operation and reputation is not at risk, but the company must basically assure the same with respect to the employee's private data. If I allow my employer to install mobile device management software on my device, how will the company give confidence it will not access my private emails and that it will not erase my data on the device without my permission?

The key to all this is a mutual agreement between employee and employer about the use. Policies in combination with signed agreements will control the implementation of BYOD. The agreement supported by policies between employee and employer will cover:
  • for whom and when BYOD will apply (you will have different rules to allow people to connect their smart phone to access email and calender compared to the use of a personal laptop instead of a coporate provided PC);
  • the employee will be responsible to assure that he has a device available according to certain specifications that operates correctly so he will be able to perform his job - the specification should not say exactly what brand, make or model but more about its capability (e.g. ability to run MS Office 2010, memory capacity, speed, etc.);
  • how the original device is funded (you consider that the employer pays for the original device such as a laptop but that ownership is with the employee - if the employee leaves the origanisation within say 3 years, the employee will pay the employer a pro rata fee - the employer funds to a maximum value but the employee can of course contribute as well to buy something more advanced or powerful than strictly would be required for the job);
  • how hardware issues are resolved (e.g. employee needs to take the device to the original store) and how a replacement device is funded (e.g. employer could contribute a first time within a certain time period such as 3 years and in all subsequent cases the employee is fully responsible);
  • the employee agrees that specified software is installed on the device and that the employer can control at least that corporate software, data and connectivity with the network;
  • the employer agrees that the personal data remains private and won't be accessed by the employer.
The above is more specifically written towards a device that is required to perform the duties of the job. In other cases, the own device is just an "extra" device such as in the example I gave earlier. Though I can do my job very well without a smart phone where I have personal and company calender integrated, I personally feel it makes my life easier and therefore feel that I function better with this solution.

If you expect employees to use their own device for business purposes, you can expect you will need to pay for this. And since there are also new technology controls that you need to put in place, cost savings might not always directly be achieved. On the one hand, you avoid buying a personal and corporate device so between employee and employer, money is saved. On the other hand you will introduce additional devices. While in the past you provided the employee only with a PC, now you will provide a smart phone, a tablet and whatever the future has in store for us.

There are a few items you need to look into specifically such as software licenses.The device will come with its own operating system, but other software such as MS Office software require a bit more thought. Does your license agreement allow you to install your licensed software on a device not owned by your company?

Another item to consider is the support process. For what issues can the employee call the IT support desk and what issues would they need to resolve themselves? What if the device is not working? Will you provide the employee with a temporary replacement device?

There are different levels and ways to implement a BYOD:
  • as a replacement strategy for the necessary corporate device such as the PC or laptop where the employee will own the device instead of the company;
  • as an additional device that assists with mobility where this is not strictly required (e.g. a smart phone or tablet);
  • the employee picks the brand, make and model but the company still owns the device (not strictly BYOD);

Technically, you can implement the BYOD in a variety of ways and they will also depend on the type of device and what it is used for. In reality you will find that you will need to provide a mix of the various solutions.

For example for a laptop, you can use an installed virtual environment that comprises the full business environment. The advantage is that the virutalisation technology hides the acutal hardware from the corporate SOE and therefore you can still provide the SOE to the employee. In addition to the virtualisation technology such as from Citrix, you might need additional software to remotely manage this installed virtual environment on that device. The benefit of this whole solution is that the virtual installed environment is a blob on the device and is fully secured and isolated from the normal private use. Since you can always set the virtual environment to always go to sleep, starting this environment can go extremely fast and therefore not impact the user experience. Within the virtual environment, a VPN connection can be made to the corporate network. To certain extend, this solution is more secure than an employer provided laptop that is also used for private use.

The benefit of an installed virtual environment compared to remotely accessing Citrix with installed desktops and installed applications, is that you can also use it when you don't have an Internet connection and you avoid potential problems due to slow Internet speeds. But depending on the intensity and the requirements, standard remote access to a Citrix environment can be the or be part of the solution. The benefit in that case is that not data is stored on the device.

For other devices such as smart phones and tablets, other mobile device management solutions are required. In many cases the use of business data is limited to email, calendar and contact data and then the issue is limited to assuring that this happens in a secure way, enforce pass code to use the device and to assure the company has the option to wipe out the corporate data in case the device is lost. In a large number of scenarios we talk about the "additional device". However the technology and solution would in essence be the same when the device is a coprorate provided device. In the latter case the question is than if the device can also be used for private use. In order to control the corporate interest, mobile device management software can be used.

Similarly to the laptop with the virutalisation solution as described before, you would like to segment the private and corporate use on the mobile device and assure that unauthorised access to this is blocked and that corporate data does not leave the corporate segment. It will depend on the device and the mobile device management solution that you use and how this will be done. Technically you can consider (this won't be an exhaustive list):
  • Controlling the network connections (e.g. to which Wifi and Bluetooth networks you can connect and how)
  • Use of separate (Wifi) networks for private and corporate devices
  • Encrypting data transmission
  • Encryption of corporate stored data on the device
  • Enforcement of pass codes and controlling the complexity of those
  • Virus protection
  • Considering if you allow the native email client to be used for private and corporate use or enforce the use of separate email clients
  • Similarly for other applications: use different applications for corporaate and private use
  • Segmentation of data stores for corporate and private files/data
  • Controlling which apps can be installed, how, when and by whom
  • Block untrused devices such as jailbroken devices from the network
  • Remote wiping of the whole device versus wiping the corporate data only
  • Remote backup of the device or treating the device as a consumption device only (does not contain newly created data in any significant way)
  • Enforce user authentication for applications that connect to the business systems each time that these are activated
  • For iPads and iPhones: on which computer iTunes runs (corporate or home)

The IT department ideally replicates what they can do with the Blackberry and its BES server where IT has full control over the mobile device. In that sense, the Blackberry is the ideal corporate issued mobile device. However for BYOD you need to give up some of the control in order not to negate the benefits of BYOD and accept a certain level of responsibility of the employee. Technically it also will become more and more difficult to control everything. The IT department is in that sense not much different than governments trying to control the Internet. Due to the fast technical changes and use of the technologies, technical control is always running behind. The solution must primarily sought in rules and regulations.

Another typical issue is that Apple made consumer devices and made them purposely simple. It means that there much you cannot do with respect to configuration. This is core to the success of Apple's products. But this is exactly why IT departments found it difficult to control security for the devices. Andoids are again the opposite and very open technically. This allows for more options to create technical solutions to control the device, but on the flip side the nature of the device is much less secure. While IT vendors are resolving the issue for Apple's products, other technologies will emerge for which you won't have an answer.

The new technology for mobile device management is all brand new and companies only now start using it and building up experience while vendors still need to address teething problems. With the speed of the developments and the fact that many companies have started to look into BYOD, I think that vendors will soon have resolved these teething problems and that organisations will have developed mature strategies and managemet models.

The consequence is that IT for organisations will have radically changed and that we have shifted from personal computing to personalised computing.