Best Practices for Enterprise Mobility - Bitpipedocs.media.bitpipe.com/io_10x/io_109320/item_675737/IANS_Best... · Best Practices for Enterprise Mobility: ... The primary best practices

Best Practices for Enterprise Mobility: A Lesson Through Case Studies

JUNE 2012

COMMISSIONED BY: MOBILEIRON

2

© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].

Contents

Contents .......................................................................................................................................... 2

Introduction: The Perfect Storm for Enterprise Mobility.................................................................. 3

Case Study 1: KLA-Tencor – Efficiency and Cost Savings Drive Mobile Device Management ..... 4

Case Study 2: Needham Bank – Competitive Differentiation Fuels Mobility .................................. 5

Case Study 3: Lexington County School District One – Expands its Technical Vision with Mobility ......................................................................................................................................................... 7

Case Study 4: A Leading Solar Power Innovator - Using Mobility To Keep Its Competitive Edge . 9

Conclusion and Recommendations ............................................................................................... 10

About IANS .................................................................................................................................... 11

About MobileIron............................................................................................................................ 11

3


Introduction: The Perfect Storm for Enterprise Mobility The term “perfect storm” is used to describe a scenario where several independent forces come

together to create a single, larger force. An IT perfect storm has happened before. About 20

years ago, low cost processors, near ubiquitous network access, cheap PCs, and Windows

converged and gave rise to the Internet computing revolution. Today, the industry stands on the

precipice of yet another perfect storm — this time in enterprise mobile computing using a

combination of iOS, Android, and the more limited BlackBerry devices.

As with the last perfect storm, there is no single driver of enterprise mobility, instead the following

forces are the impetus:

Wireless Evolution: The ratification of 802.11N WiFi and the commercial availability of 4G

cellular services have created a ubiquitous computing environment where a user’s

application experience is the same whether connected over a wired or wireless network.

This ubiquity has made it more possible to securely utilize devices such as tablets and

smart phones for corporate purposes.

Cloud Services: Cloud has been looming on the horizon for the better part of the past

half-decade and has remained more of a vision than reality. However, cloud is ideally

suited for a mobile work environment. A multi-OS, cross platform app and device strategy

is best served out of the cloud.

Mobile Device Development: Mobile devices have evolved more in the past five years

than ever before. Almost any service or application that a worker may want can be

utilized from today’s powerful mobile devices, regardless of the worker’s physical

location. This is one of the reasons tablets are now used by 11% of corporate workers,

which ZK Research estimates will more than double to 25% by the end of 2012 (Exhibit

1).

Exhibit 1: Percentage of workers using specific devices in the workplace

All of these forces have come together to give rise to the mobile computing revolution, making

initiatives like mobile device management a “must have” technology for companies that want to

remain competitive.

0% 10% 20% 30% 40% 50% 60% 70% 80%

Tablet

Smartphone

Laptop

Desktop

2011

2010

2009

4


Due to the relative newness of mobile technology and the wide variety of uses cases, however,

there are few best practices for IT departments to follow. This report contains four case studies

that provide practical examples for IT leaders to use to plan their own enterprise mobile app and

device strategy that doesn’t compromise security and incorporates numerous role and industry-

based requirements.

Case Study 1: KLA-Tencor – Efficiency and Cost Savings Drive Mobile Device Management KLA-Tencor is a Milpitas, CA based process control and yield management company in the

semiconductor industry. The company has approximately 7,000 employees located in 55 different

locations. Prior to 2011 the company had an unofficial and uncontrolled bring-your-own-device

(BYOD) strategy, primarily through ActiveSync for iOS devices and BlackBerry. In total there

were approximately 1,500 BlackBerry devices across the user base; the most common

applications used were e-mail and web access for HTML apps and mobile e-mail.

In 2011 the company achieved a record year. As a thank you the CEO chose to reward most no

employees with an iPad – a total of 5,500 devices. Suddenly, the IT organization went from a

position of having no official mobile device strategy to needing to develop one over night.

Consumerization is Rampant at KLA-Tencor

The sudden influx of iPads put the IT department in a precarious position, to say the least. The

prior unofficial and uncontrolled mobile strategy did not provide the necessary tools to on-board

mobile devices in any scalable way, nor did it provide the visibility into the activities of the users to

ensure tablets were being used for business functions. To combat this challenge, the company

decided to look into mobile device management (MDM) software solutions and chose MobileIron

for its secure support of IOS devices, as MobileIron offered the level of visibility and control

desired.

Prior to the deployment, IT would provision an iPad for users and install four core services: Virtual

Private Networks (VPN), WiFi access, certificates, and ActiveSync. Each service would take

about 15 minutes to install; configuration of all four required about an hour of IT’s time. Senior

engineer, Seng Ing, estimated this process would cost the company approximately $90 per

device. If that time is multiplied by the 5,500 iPads requiring attention, the cost to bring all of the

iPads on the network would equal nearly half a million dollars, not to mention the need for

additional full time employees. Clearly there had to be a better way.

By putting the MobileIron MDM solution in place, provisioning time was reduced from 60 minutes

to less than three minutes, allowing end users to self-provision. Once the device was registered,

MobileIron pushed out the authorized services. Additionally, the MDM solution offered IT the

ability to remote-wipe and locate or retire mobile devices, giving the IT department the necessary

levels of control and visibility to ensure security of the environment.

Since deployment, the improved platform (iPad versus legacy BlackBerry) has increased the

range of mobile applications being used by corporate workers. As stated earlier, pre-iPad, e-mail

and ActiveSync were the primary mobile applications. Today workers are utilizing these plus a

5


wide range of web applications for departmental-specific productivity gains and remote-desktop

through virtualization.

The process implemented to support the iPads opened the floodgates for other devices such as

iPhones, iPod Touches, and Android devices to be simply and securely brought onto the

corporate network. Additionally, since users like to change devices on a yearly basis, the post-

MDM environment allows workers to easily switch devices at their convenience without having to

involve IT or modify their accounts if a device is lost or stolen.

In addition to deploying MDM, the IT department at KLA-Tencor undertook the following steps:

The corporate Wi-Fi network was upgraded to handle the increased number of consumer

devices as well as rich media, such as enterprise video.

A FAQ was created with easy-to-follow policy steps which shifted as much of the

provision process to the worker as possible.

Desktop virtualization was used to give access to non-web enabled applications or

applications where a mobile version is not available yet.

Best Practices Learned from the Deployment

The primary best practices learned from the KLA-Tencor deployment are as follows:

The concept of consumerization is to enable to use personal devices, such as iPads, in

the work environment. IT departments should embrace consumerization instead of

running from it; consumerization is coming but IT might not be the first to know. Be

prepared for it when a line of business leader or corporate executive asks for it.

Automate as much of the on-boarding process as possible. Chewing up hundreds of

hours of IT time is very expensive and shifting the work to the users will cause frustration.

Training is a key to success. Publish the company’s BYOD plan and processes as well as

explain what apps or devices are supported and why. Also, educate users on proper use

policies to minimize organizational risk.

Use MDM to control the environment rather than trying to enable a BYOD strategy

through ad hoc IT processes.

Visibility into user behavior is a must for a BYOD strategy.

“Previously we had an unacknowledged BYOD strategy which was putting our company’s

security and intellectual property at risk. MobileIron’s MDM solution gave us the necessary

visibility and control to allow workers to use the iPads in the workplace without putting the

company at risk.”

– Seng Ing, Senior Network Engineer, KLA-Tencor Corporation

Case Study 2: Needham Bank – Competitive Differentiation Fuels Mobility Needham Bank is a community bank headquartered in Needham, MA. The bank has five

locations in Massachusetts and a total of 130 employees, of which 40-45 are mobile. The

organization is a full service bank and prides itself on giving as good, if not better, service than

6


the larger banks while still providing a personal touch as a differentiator to win customers in a

competitive banking environment.

Mobility Can Improve Efficiency

One of the corporate goals at Needham Bank was to find a way to make bank executives more

efficient; being in the office instead of being on the road closing deals for the bank is not making

the best use of the executives’ time. However, because the bank is highly regulated, security is a

must, so bank executives were allowed very little access to modern mobile devices or bank

applications, forcing them to come into the office.

One of the primary lending areas for Needham Bank is in construction. This is a highly

competitive area so the more executives are out of the office meeting with clients and prospects,

the more likely the chances of Needham winning new business. James Gordon, VP of IT for the

bank, sought a mobile solution that would make the executives more productive and efficient.

Accomplishing this was no easy feat; he knew he would need to provide a simple solution that

would give executives the confidence that they would be continually connected to the bank and

important resources when working remotely. The company had previously tried giving the

president a smartphone but the small screen size made the solution unusable.

To combat this challenge, Needham Bank gave the executives iPads and use of an SSL VPN

solution from Array Networks to provide remote connectivity. MobileIron was used for an

enterprise app storefront and MDM software.

Since the banking industry is so heavily regulated and many breaches make headline news,

MDM was a critical aspect of allowing bank executives to be mobile. The MDM solution provides:

Application inventory of what apps and devices are currently being used for corporate

access.

Jailbreak protection.

Geolocation capabilities to locate lost devices.

Security and encryption for the whole device.

Remote lock, unlock, and wiping of devices.

BYOD capabilities for Blackberry, Android, and iOS devices

Additionally, Needham Bank extended its application strategy for internal and 3rd party apps to

mobile devices. Because of the sensitive nature of banking information, the bank chose to build

its own applications rather than use packaged applications. Web-based applications were

deployed to the iPads, providing the best real-time capabilities. Often banks need up-to-the-

minute data such as bank balances, so data stored on the device would not be sufficient. A web

application secured through MDM and accessed via SSL VPN was the right combination for

Needham Bank to extend their application strategy securely.

Mobility Creates Competitive Advantage by Improving Customer Responsiveness

In addition to making Needham Bank executives more efficient, the mobile strategy led to some

competitive differentiation by speeding responsiveness to customers.

7


The mobile devices allow customer-facing employees to respond in real time, even when not in

the office. For example, a high net worth client was looking to purchase a home but needed down

payment approval in a very short period of time. One of the bank executives was on vacation in

the area of the home and was able to take pictures of it using his iPad and then sent it to the

credit committee to speed up the approval process. Historically, the process of applying, taking

pictures, and approving could have taken a week or two. The mobile app and device strategy

using MDM software allowed for a decision to be made in two days. This is a significant

improvement in responsiveness and customer service.

Mobility is now an integral part of the process at Needham Bank. The Security Committee has

been given iPads as well and can visit properties in real time and take pictures and videos for

immediate approval; this could never have happened before the availability of iPhones and iPads.

This process has been refined to include mapping and other efficiencies that can save up to 20-

30 minutes per trip. Many improvements were made by having IT “shadow” the field individuals to

think about how mobility could be inserted into the process to improve it.

In the highly competitive banking industry, a mobility strategy has allowed Needham Bank to be

more responsive, efficient, and compete better with larger, national banks.


The best practices learned from the Needham Bank deployment are:

Users and IT should partner to improve processes that save time and/or money.

Mobility should be inserted into processes with high amounts of human latency for short-

term wins.

Rebuild processes with mobility in mind for competitive differentiation.

Think about the mobile process within a mobile context. That is, consider how location,

presence, etc. can improve a process.

“These iOS devices have become like a security blanket to our executives. The IT department

went from zero to hero in the deployment of mobility. Prior to the iPads we had pencils, pads, and

paper, and the mobility solution allowed us to go full-bore in 2011.”

– James Gordon, VP of IT, Needham Bank

Case Study 3: Lexington County School District One – Expands its Technical Vision with Mobility Lexington County School District One is the largest school district in Lexington County, SC, and

one of the largest in the state. The school has approximately 23,000 students in more than 30

locations including administrative facilities and K-12 schools. In addition to the students, there are

more than 3,200 employees in the school district.

The superintendent of the district has long had a vision to make Lexington a technologically

advanced school system. The school currently has a robust network, smart boards, sound

distribution systems for classrooms, a consistent technology replacement cycle, increased access

to online resources, network infrastructure, storage and filtering, and other technology to enable

better education.

8


Tablets Go Mainstream at Lexington County School District One

In 2008 the school system passed a bond referendum which included $15 million to expand and

upgrade existing technology for the school district. The initial goal was to create a “Personal

Mobile Computing” initiative, consisting of 1:1 ratio of devices per student in high school, 1:3 in

middle school, and 1:5 in elementary school. The 1:1 ratio would consist of four high schools and

6,500 students plus 500 teachers, totaling 7,000 iPads. Later this year due to the initiative’s

success at the high school level, the district will implement a 1:1 ratio for middle schools with

additional devices at the elementary level bringing their total deployment total to more than

16,000 devices.

The district’s IT department made the decision to standardize devices and chose iPad 2 tablets

and iPhone smartphones. Teachers use the devices to augment the curriculum. Students take

notes on the tablets, use it for labs to watch dissections, complete and turn in assignments,

research electronically, improve reading fluency, build skills, create study cards, as well as other

tasks. Because this was the first year mobile devices were in use the school decided not to

provide any meaningful restrictions to the students and teachers. Rather, they waited to see how

the devices would be used in practice.

As these devices were being used in a school system, securing devices and protecting students

was an absolute must. Network engineer Thomas Burgess consulted Apple as to what to use for

a mobile device management solution and Apple recommended MobileIron and Cisco

AnyConnect VPN for access.

Utilizing these software solutions, the school has put in the following controls:

802.1x is automatically pushed to the device for authentication.

Students cannot download any applications with a 12+ rating or higher. These are

applications with objectionable content that can be offensive to school age individuals.

No explicit music can be downloaded to the tablets.

School e-mail is kept as a closed system and protected in case of jailbreak or device

loss.

No content that is over PG13 or TVMA may be viewed.

No remote desktop applications may be installed or used.

All of the above policies are enabled and enforced automatically through the MDM solution.

Additionally, the MobileIron software helps locate lost or stolen devices, but, as of today, this has

not been a major issue.

Looking to the future, the school system is investigating more process change to the education

department to ensure rapid access to curriculum content. There is a strong desire to use the

Apple TV and AirPlay video mirroring capabilities Apple has provided.

Additionally, the district is very interested in retiring textbooks and moving to iPad based e-

textbooks. The district is working with the SC State textbook office and Apple to finalize a

distribution model.


9


Start by determining the desired end-state then figure out the role mobility will play in

achieving that goal.

Educate the users of the device about its capabilities. A user guide and all-hands

provisioning exercise allows iPad users to maximize the benefits.

Implement content filtering to protect the organization.

Choose a solution with an easy-to-use interface for better scalability.

“MobileIron’s MDM solution does everything we need it to so we can protect the school and the

students in real time regardless of their device or app. Additionally, the tool has a naturally, easy-

to-use interface making it simple to manage.”

– Thomas Burgess, Network Engineer, Lexington County School District One

Case Study 4: A Leading Solar Power Innovator - Using Mobility To Keep Its Competitive Edge This leading solar power innovator is one the largest residential and commercial solar company in

the industry today. It’s a full service organization that boasts having many global tier-one

customers.

Mobile Evolution Drives the Need for MDM

Although this organization prides itself on being creative with the tools it gives its workers, its prior

mobile strategy was very much like other companies. The company had about 800 BlackBerry

devices that ran through a BlackBerry Enterprise Server (BES), allowing workers to access e-mail

and the company address book.

The world of mobility had rapidly moved past e-mail and address books, and in order to keep their

competitive edge, the company decided to move off of BlackBerry and BES servers. Eventually

the company will build its own mobile applications and will need a more robust platform on which

to accomplish this. As it turns out, the company’s wireless operator of choice offered a significant

data usage discount to switch devices. The company took advantage of this and it became the

catalyst to shift off of the BlackBerry.

The company conducted a careful analysis of the mobile industry and determined that Android

was at the forefront of innovation and would be the best platform moving forward. However, the

company wanted to give their workers a choice and decided they would also support iPhones if

employees wanted to use their own personally-procured devices at work.

The company currently supports more than 400 company-supplied Android phones and a number

of personally-owned iOS devices. As part of the overall mobile strategy, it implemented an MDM

solution based on MobileIron’s software technology.

Thanks to the MobileIron MDM solution, the company overcame their biggest challenge and gave

both the Android and iOS devices the same level of security that BlackBerry had provided in the

past. The MDM solution gives the desktop support manager the ability to lock down applications,

remotely wipe a lost device, provide location information, and deploy applications in a secure

way.

10


The company is currently in the early stages of shifting to Android so the primary applications

being used are e-mail and address books. The company has the following in mind for expanding

its mobility strategy:

Secure file transfer to the phone. The organization has more than 100 field sales

representatives and would like to push updated Excel or Word documents to the devices

on a weekly basis. This will ensure that the sales force has the latest information at their

fingertips.

Custom mobile applications. For example, the organization has a line of applications that

both commercial and residential users leverage to monitor solar panels and determine

how much energy is being used and produced. This would be an ideal application for field

service workers to be able to access when mobile.

Administrative applications. The company would like to implement mobile timesheets and

other functions which would prevent people from having to come to the office. It would

also allow the organization to retire many laptops.

Self provisioning of devices. This is a key step for the company in implementing a BYOD

policy.

As part of the MDM rollout, the company provided its workers with a significant amount of training

on the devices. The IT department has handled inbound requests to the helpdesk by phone, e-

mail, walk-up, or other methods for training with which the workers felt comfortable.


Mobile is a key part of any organization’s current competitive strategy.

Be willing to swap out an incumbent vendor for a solution that can deliver the functionality

needed today and in the future – at a lower TCO in a quicker amount of time.

Think of the mobile operating system as a platform for future application deployment.

User training is a significant key in maximizing the value of the mobile solution.

“Training was a huge initiative for us. The effort we put into training today will pay us back ten-

fold as we roll out more advanced mobile capabilities”

– The organization’s Desktop Support Manager.

Conclusion and Recommendations The mobile computing era is here. This is the most significant IT transformation since the birth of

computing; it will enable more devices than ever to be connected to the corporate network than

with traditional computing. Users will have more functionality in more places making them more

productive.

To take advantage of the mobile computing revolution, IT leaders must embrace smartphones

and tablets in this post-PC era. However, this shift does require a significantly more challenging

IT management environment than old-school legacy laptops. To help meet this challenge, IANS

recommends the following:

Fully embrace consumerization. ZK Research shows that fewer than 25% of

companies fully embrace consumer devices in the workplace today. Another 52% though,

11


acknowledge that consumer devices are in the workplace and are trying to support it

through ad hoc methods. The opinion of IANS is that IT teams need to be “all in” when it

comes to consumerization and fully embrace and support the technology to take full

advantage of what it can bring. KLA-Tencor resisted the wave before an executive

decision forced consumerization into the workplace. Supporting consumerization with an

MDM solution reduced the IT time required to provision the device from an hour to just a

few minutes.

Think about mobility in the context of business process change. IT leadership and

business leaders must work together to understand how to insert mobility into processes

in which it can remove human latency.

Needham Bank’s ability to reduce loan approval time from weeks to days is a great

example.

Provide a significant amount of user training to ensure users are comfortable with the new systems. Some IT projects fail not because of the technology but because the

users are not aware of what’s possible with the new technology. Maximizing ROI is often

dependent on users getting comfortable with the new way of working. For this reason the

organization implemented a robust user training program with the rollout of the Android

devices.

Start with a vision of where you want your organization to be. Setting a future vision

helps the entire organization with its mobile (or any IT) strategy. Strategy gives the

company a single focal point with regards to IT initiatives. For example, the vision of

being the most technically advanced school system has been the biggest driver of

change at Lexington Schools over the past half decade.

About IANS

IANS is the leading provider of in-depth security insights delivered through its research,

community, and consulting offerings. Fueled by interactions among IANS Faculty and end users,

IANS provides actionable advice to information security, risk management, and compliance

executives. IANS powers better and faster technical and managerial decisions through

experience-driven advice.

IANS was founded in June 2001 as the Institute for Applied Network Security. Inspired by the

Harvard Business School experience of interactive discussions driving collective insights, IANS

adapted that format to fit the needs of information security professionals.

About MobileIron

MobileIron is a Mountain View, California-based Mobile IT innovator delivering software to help

businesses manage both mobile apps and mobile devices. The company solves the complex

requirements of enterprise mobility for CIOs forming Mobile IT teams, and Mobile IT vendors and

services companies. MobileIron has thousands of customers in 30 countries and most recently

posted 400% year over year growth for bookings and 600% growth for number of customers.

Within its customer base, more than 60 percent leverage the Android operating system and

related apps.

12


More than 200 of the Fortune 1000 and the Forbes Global 2000 are MobileIron customers.

These customers are sold MobileIron software by our value added reseller, carrier and system

integrator partners who now have more than 5,000 partner reps globally now trained to sell

MobileIron, and 1,000 field engineers now trained to deploy it. MobileIron software is available

as both on premise and Connected Cloud implementation. For Connected Cloud, our delegated

administration SaaS service provides unique integration with existing enterprise security

infrastructure.

Documents

Best Practices for Enterprise Mobility - Bitpipedocs.media.bitpipe.com/io_10x/io_109320/item_675737/IANS_Best... · Best Practices for Enterprise Mobility: ... The primary best practices