Upload
lamkiet
View
223
Download
0
Embed Size (px)
Citation preview
Best Practices for Enterprise Mobility: A Lesson Through Case Studies
JUNE 2012
COMMISSIONED BY: MOBILEIRON
2
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
Contents
Contents .......................................................................................................................................... 2
Introduction: The Perfect Storm for Enterprise Mobility.................................................................. 3
Case Study 1: KLA-Tencor – Efficiency and Cost Savings Drive Mobile Device Management ..... 4
Case Study 2: Needham Bank – Competitive Differentiation Fuels Mobility .................................. 5
Case Study 3: Lexington County School District One – Expands its Technical Vision with Mobility ......................................................................................................................................................... 7
Case Study 4: A Leading Solar Power Innovator - Using Mobility To Keep Its Competitive Edge . 9
Conclusion and Recommendations ............................................................................................... 10
About IANS .................................................................................................................................... 11
About MobileIron............................................................................................................................ 11
3
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
Introduction: The Perfect Storm for Enterprise Mobility The term “perfect storm” is used to describe a scenario where several independent forces come
together to create a single, larger force. An IT perfect storm has happened before. About 20
years ago, low cost processors, near ubiquitous network access, cheap PCs, and Windows
converged and gave rise to the Internet computing revolution. Today, the industry stands on the
precipice of yet another perfect storm — this time in enterprise mobile computing using a
combination of iOS, Android, and the more limited BlackBerry devices.
As with the last perfect storm, there is no single driver of enterprise mobility, instead the following
forces are the impetus:
Wireless Evolution: The ratification of 802.11N WiFi and the commercial availability of 4G
cellular services have created a ubiquitous computing environment where a user’s
application experience is the same whether connected over a wired or wireless network.
This ubiquity has made it more possible to securely utilize devices such as tablets and
smart phones for corporate purposes.
Cloud Services: Cloud has been looming on the horizon for the better part of the past
half-decade and has remained more of a vision than reality. However, cloud is ideally
suited for a mobile work environment. A multi-OS, cross platform app and device strategy
is best served out of the cloud.
Mobile Device Development: Mobile devices have evolved more in the past five years
than ever before. Almost any service or application that a worker may want can be
utilized from today’s powerful mobile devices, regardless of the worker’s physical
location. This is one of the reasons tablets are now used by 11% of corporate workers,
which ZK Research estimates will more than double to 25% by the end of 2012 (Exhibit
1).
Exhibit 1: Percentage of workers using specific devices in the workplace
All of these forces have come together to give rise to the mobile computing revolution, making
initiatives like mobile device management a “must have” technology for companies that want to
remain competitive.
0% 10% 20% 30% 40% 50% 60% 70% 80%
Tablet
Smartphone
Laptop
Desktop
2011
2010
2009
4
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
Due to the relative newness of mobile technology and the wide variety of uses cases, however,
there are few best practices for IT departments to follow. This report contains four case studies
that provide practical examples for IT leaders to use to plan their own enterprise mobile app and
device strategy that doesn’t compromise security and incorporates numerous role and industry-
based requirements.
Case Study 1: KLA-Tencor – Efficiency and Cost Savings Drive Mobile Device Management KLA-Tencor is a Milpitas, CA based process control and yield management company in the
semiconductor industry. The company has approximately 7,000 employees located in 55 different
locations. Prior to 2011 the company had an unofficial and uncontrolled bring-your-own-device
(BYOD) strategy, primarily through ActiveSync for iOS devices and BlackBerry. In total there
were approximately 1,500 BlackBerry devices across the user base; the most common
applications used were e-mail and web access for HTML apps and mobile e-mail.
In 2011 the company achieved a record year. As a thank you the CEO chose to reward most no
employees with an iPad – a total of 5,500 devices. Suddenly, the IT organization went from a
position of having no official mobile device strategy to needing to develop one over night.
Consumerization is Rampant at KLA-Tencor
The sudden influx of iPads put the IT department in a precarious position, to say the least. The
prior unofficial and uncontrolled mobile strategy did not provide the necessary tools to on-board
mobile devices in any scalable way, nor did it provide the visibility into the activities of the users to
ensure tablets were being used for business functions. To combat this challenge, the company
decided to look into mobile device management (MDM) software solutions and chose MobileIron
for its secure support of IOS devices, as MobileIron offered the level of visibility and control
desired.
Prior to the deployment, IT would provision an iPad for users and install four core services: Virtual
Private Networks (VPN), WiFi access, certificates, and ActiveSync. Each service would take
about 15 minutes to install; configuration of all four required about an hour of IT’s time. Senior
engineer, Seng Ing, estimated this process would cost the company approximately $90 per
device. If that time is multiplied by the 5,500 iPads requiring attention, the cost to bring all of the
iPads on the network would equal nearly half a million dollars, not to mention the need for
additional full time employees. Clearly there had to be a better way.
By putting the MobileIron MDM solution in place, provisioning time was reduced from 60 minutes
to less than three minutes, allowing end users to self-provision. Once the device was registered,
MobileIron pushed out the authorized services. Additionally, the MDM solution offered IT the
ability to remote-wipe and locate or retire mobile devices, giving the IT department the necessary
levels of control and visibility to ensure security of the environment.
Since deployment, the improved platform (iPad versus legacy BlackBerry) has increased the
range of mobile applications being used by corporate workers. As stated earlier, pre-iPad, e-mail
and ActiveSync were the primary mobile applications. Today workers are utilizing these plus a
5
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
wide range of web applications for departmental-specific productivity gains and remote-desktop
through virtualization.
The process implemented to support the iPads opened the floodgates for other devices such as
iPhones, iPod Touches, and Android devices to be simply and securely brought onto the
corporate network. Additionally, since users like to change devices on a yearly basis, the post-
MDM environment allows workers to easily switch devices at their convenience without having to
involve IT or modify their accounts if a device is lost or stolen.
In addition to deploying MDM, the IT department at KLA-Tencor undertook the following steps:
The corporate Wi-Fi network was upgraded to handle the increased number of consumer
devices as well as rich media, such as enterprise video.
A FAQ was created with easy-to-follow policy steps which shifted as much of the
provision process to the worker as possible.
Desktop virtualization was used to give access to non-web enabled applications or
applications where a mobile version is not available yet.
Best Practices Learned from the Deployment
The primary best practices learned from the KLA-Tencor deployment are as follows:
The concept of consumerization is to enable to use personal devices, such as iPads, in
the work environment. IT departments should embrace consumerization instead of
running from it; consumerization is coming but IT might not be the first to know. Be
prepared for it when a line of business leader or corporate executive asks for it.
Automate as much of the on-boarding process as possible. Chewing up hundreds of
hours of IT time is very expensive and shifting the work to the users will cause frustration.
Training is a key to success. Publish the company’s BYOD plan and processes as well as
explain what apps or devices are supported and why. Also, educate users on proper use
policies to minimize organizational risk.
Use MDM to control the environment rather than trying to enable a BYOD strategy
through ad hoc IT processes.
Visibility into user behavior is a must for a BYOD strategy.
“Previously we had an unacknowledged BYOD strategy which was putting our company’s
security and intellectual property at risk. MobileIron’s MDM solution gave us the necessary
visibility and control to allow workers to use the iPads in the workplace without putting the
company at risk.”
– Seng Ing, Senior Network Engineer, KLA-Tencor Corporation
Case Study 2: Needham Bank – Competitive Differentiation Fuels Mobility Needham Bank is a community bank headquartered in Needham, MA. The bank has five
locations in Massachusetts and a total of 130 employees, of which 40-45 are mobile. The
organization is a full service bank and prides itself on giving as good, if not better, service than
6
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
the larger banks while still providing a personal touch as a differentiator to win customers in a
competitive banking environment.
Mobility Can Improve Efficiency
One of the corporate goals at Needham Bank was to find a way to make bank executives more
efficient; being in the office instead of being on the road closing deals for the bank is not making
the best use of the executives’ time. However, because the bank is highly regulated, security is a
must, so bank executives were allowed very little access to modern mobile devices or bank
applications, forcing them to come into the office.
One of the primary lending areas for Needham Bank is in construction. This is a highly
competitive area so the more executives are out of the office meeting with clients and prospects,
the more likely the chances of Needham winning new business. James Gordon, VP of IT for the
bank, sought a mobile solution that would make the executives more productive and efficient.
Accomplishing this was no easy feat; he knew he would need to provide a simple solution that
would give executives the confidence that they would be continually connected to the bank and
important resources when working remotely. The company had previously tried giving the
president a smartphone but the small screen size made the solution unusable.
To combat this challenge, Needham Bank gave the executives iPads and use of an SSL VPN
solution from Array Networks to provide remote connectivity. MobileIron was used for an
enterprise app storefront and MDM software.
Since the banking industry is so heavily regulated and many breaches make headline news,
MDM was a critical aspect of allowing bank executives to be mobile. The MDM solution provides:
Application inventory of what apps and devices are currently being used for corporate
access.
Jailbreak protection.
Geolocation capabilities to locate lost devices.
Security and encryption for the whole device.
Remote lock, unlock, and wiping of devices.
BYOD capabilities for Blackberry, Android, and iOS devices
Additionally, Needham Bank extended its application strategy for internal and 3rd party apps to
mobile devices. Because of the sensitive nature of banking information, the bank chose to build
its own applications rather than use packaged applications. Web-based applications were
deployed to the iPads, providing the best real-time capabilities. Often banks need up-to-the-
minute data such as bank balances, so data stored on the device would not be sufficient. A web
application secured through MDM and accessed via SSL VPN was the right combination for
Needham Bank to extend their application strategy securely.
Mobility Creates Competitive Advantage by Improving Customer Responsiveness
In addition to making Needham Bank executives more efficient, the mobile strategy led to some
competitive differentiation by speeding responsiveness to customers.
7
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
The mobile devices allow customer-facing employees to respond in real time, even when not in
the office. For example, a high net worth client was looking to purchase a home but needed down
payment approval in a very short period of time. One of the bank executives was on vacation in
the area of the home and was able to take pictures of it using his iPad and then sent it to the
credit committee to speed up the approval process. Historically, the process of applying, taking
pictures, and approving could have taken a week or two. The mobile app and device strategy
using MDM software allowed for a decision to be made in two days. This is a significant
improvement in responsiveness and customer service.
Mobility is now an integral part of the process at Needham Bank. The Security Committee has
been given iPads as well and can visit properties in real time and take pictures and videos for
immediate approval; this could never have happened before the availability of iPhones and iPads.
This process has been refined to include mapping and other efficiencies that can save up to 20-
30 minutes per trip. Many improvements were made by having IT “shadow” the field individuals to
think about how mobility could be inserted into the process to improve it.
In the highly competitive banking industry, a mobility strategy has allowed Needham Bank to be
more responsive, efficient, and compete better with larger, national banks.
Best Practices Learned from the Deployment
The best practices learned from the Needham Bank deployment are:
Users and IT should partner to improve processes that save time and/or money.
Mobility should be inserted into processes with high amounts of human latency for short-
term wins.
Rebuild processes with mobility in mind for competitive differentiation.
Think about the mobile process within a mobile context. That is, consider how location,
presence, etc. can improve a process.
“These iOS devices have become like a security blanket to our executives. The IT department
went from zero to hero in the deployment of mobility. Prior to the iPads we had pencils, pads, and
paper, and the mobility solution allowed us to go full-bore in 2011.”
– James Gordon, VP of IT, Needham Bank
Case Study 3: Lexington County School District One – Expands its Technical Vision with Mobility Lexington County School District One is the largest school district in Lexington County, SC, and
one of the largest in the state. The school has approximately 23,000 students in more than 30
locations including administrative facilities and K-12 schools. In addition to the students, there are
more than 3,200 employees in the school district.
The superintendent of the district has long had a vision to make Lexington a technologically
advanced school system. The school currently has a robust network, smart boards, sound
distribution systems for classrooms, a consistent technology replacement cycle, increased access
to online resources, network infrastructure, storage and filtering, and other technology to enable
better education.
8
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
Tablets Go Mainstream at Lexington County School District One
In 2008 the school system passed a bond referendum which included $15 million to expand and
upgrade existing technology for the school district. The initial goal was to create a “Personal
Mobile Computing” initiative, consisting of 1:1 ratio of devices per student in high school, 1:3 in
middle school, and 1:5 in elementary school. The 1:1 ratio would consist of four high schools and
6,500 students plus 500 teachers, totaling 7,000 iPads. Later this year due to the initiative’s
success at the high school level, the district will implement a 1:1 ratio for middle schools with
additional devices at the elementary level bringing their total deployment total to more than
16,000 devices.
The district’s IT department made the decision to standardize devices and chose iPad 2 tablets
and iPhone smartphones. Teachers use the devices to augment the curriculum. Students take
notes on the tablets, use it for labs to watch dissections, complete and turn in assignments,
research electronically, improve reading fluency, build skills, create study cards, as well as other
tasks. Because this was the first year mobile devices were in use the school decided not to
provide any meaningful restrictions to the students and teachers. Rather, they waited to see how
the devices would be used in practice.
As these devices were being used in a school system, securing devices and protecting students
was an absolute must. Network engineer Thomas Burgess consulted Apple as to what to use for
a mobile device management solution and Apple recommended MobileIron and Cisco
AnyConnect VPN for access.
Utilizing these software solutions, the school has put in the following controls:
802.1x is automatically pushed to the device for authentication.
Students cannot download any applications with a 12+ rating or higher. These are
applications with objectionable content that can be offensive to school age individuals.
No explicit music can be downloaded to the tablets.
School e-mail is kept as a closed system and protected in case of jailbreak or device
loss.
No content that is over PG13 or TVMA may be viewed.
No remote desktop applications may be installed or used.
All of the above policies are enabled and enforced automatically through the MDM solution.
Additionally, the MobileIron software helps locate lost or stolen devices, but, as of today, this has
not been a major issue.
Looking to the future, the school system is investigating more process change to the education
department to ensure rapid access to curriculum content. There is a strong desire to use the
Apple TV and AirPlay video mirroring capabilities Apple has provided.
Additionally, the district is very interested in retiring textbooks and moving to iPad based e-
textbooks. The district is working with the SC State textbook office and Apple to finalize a
distribution model.
Best Practices Learned from the Deployment
9
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
Start by determining the desired end-state then figure out the role mobility will play in
achieving that goal.
Educate the users of the device about its capabilities. A user guide and all-hands
provisioning exercise allows iPad users to maximize the benefits.
Implement content filtering to protect the organization.
Choose a solution with an easy-to-use interface for better scalability.
“MobileIron’s MDM solution does everything we need it to so we can protect the school and the
students in real time regardless of their device or app. Additionally, the tool has a naturally, easy-
to-use interface making it simple to manage.”
– Thomas Burgess, Network Engineer, Lexington County School District One
Case Study 4: A Leading Solar Power Innovator - Using Mobility To Keep Its Competitive Edge This leading solar power innovator is one the largest residential and commercial solar company in
the industry today. It’s a full service organization that boasts having many global tier-one
customers.
Mobile Evolution Drives the Need for MDM
Although this organization prides itself on being creative with the tools it gives its workers, its prior
mobile strategy was very much like other companies. The company had about 800 BlackBerry
devices that ran through a BlackBerry Enterprise Server (BES), allowing workers to access e-mail
and the company address book.
The world of mobility had rapidly moved past e-mail and address books, and in order to keep their
competitive edge, the company decided to move off of BlackBerry and BES servers. Eventually
the company will build its own mobile applications and will need a more robust platform on which
to accomplish this. As it turns out, the company’s wireless operator of choice offered a significant
data usage discount to switch devices. The company took advantage of this and it became the
catalyst to shift off of the BlackBerry.
The company conducted a careful analysis of the mobile industry and determined that Android
was at the forefront of innovation and would be the best platform moving forward. However, the
company wanted to give their workers a choice and decided they would also support iPhones if
employees wanted to use their own personally-procured devices at work.
The company currently supports more than 400 company-supplied Android phones and a number
of personally-owned iOS devices. As part of the overall mobile strategy, it implemented an MDM
solution based on MobileIron’s software technology.
Thanks to the MobileIron MDM solution, the company overcame their biggest challenge and gave
both the Android and iOS devices the same level of security that BlackBerry had provided in the
past. The MDM solution gives the desktop support manager the ability to lock down applications,
remotely wipe a lost device, provide location information, and deploy applications in a secure
way.
10
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
The company is currently in the early stages of shifting to Android so the primary applications
being used are e-mail and address books. The company has the following in mind for expanding
its mobility strategy:
Secure file transfer to the phone. The organization has more than 100 field sales
representatives and would like to push updated Excel or Word documents to the devices
on a weekly basis. This will ensure that the sales force has the latest information at their
fingertips.
Custom mobile applications. For example, the organization has a line of applications that
both commercial and residential users leverage to monitor solar panels and determine
how much energy is being used and produced. This would be an ideal application for field
service workers to be able to access when mobile.
Administrative applications. The company would like to implement mobile timesheets and
other functions which would prevent people from having to come to the office. It would
also allow the organization to retire many laptops.
Self provisioning of devices. This is a key step for the company in implementing a BYOD
policy.
As part of the MDM rollout, the company provided its workers with a significant amount of training
on the devices. The IT department has handled inbound requests to the helpdesk by phone, e-
mail, walk-up, or other methods for training with which the workers felt comfortable.
Best Practices Learned from the Deployment
Mobile is a key part of any organization’s current competitive strategy.
Be willing to swap out an incumbent vendor for a solution that can deliver the functionality
needed today and in the future – at a lower TCO in a quicker amount of time.
Think of the mobile operating system as a platform for future application deployment.
User training is a significant key in maximizing the value of the mobile solution.
“Training was a huge initiative for us. The effort we put into training today will pay us back ten-
fold as we roll out more advanced mobile capabilities”
– The organization’s Desktop Support Manager.
Conclusion and Recommendations The mobile computing era is here. This is the most significant IT transformation since the birth of
computing; it will enable more devices than ever to be connected to the corporate network than
with traditional computing. Users will have more functionality in more places making them more
productive.
To take advantage of the mobile computing revolution, IT leaders must embrace smartphones
and tablets in this post-PC era. However, this shift does require a significantly more challenging
IT management environment than old-school legacy laptops. To help meet this challenge, IANS
recommends the following:
Fully embrace consumerization. ZK Research shows that fewer than 25% of
companies fully embrace consumer devices in the workplace today. Another 52% though,
11
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
acknowledge that consumer devices are in the workplace and are trying to support it
through ad hoc methods. The opinion of IANS is that IT teams need to be “all in” when it
comes to consumerization and fully embrace and support the technology to take full
advantage of what it can bring. KLA-Tencor resisted the wave before an executive
decision forced consumerization into the workplace. Supporting consumerization with an
MDM solution reduced the IT time required to provision the device from an hour to just a
few minutes.
Think about mobility in the context of business process change. IT leadership and
business leaders must work together to understand how to insert mobility into processes
in which it can remove human latency.
Needham Bank’s ability to reduce loan approval time from weeks to days is a great
example.
Provide a significant amount of user training to ensure users are comfortable with the new systems. Some IT projects fail not because of the technology but because the
users are not aware of what’s possible with the new technology. Maximizing ROI is often
dependent on users getting comfortable with the new way of working. For this reason the
organization implemented a robust user training program with the rollout of the Android
devices.
Start with a vision of where you want your organization to be. Setting a future vision
helps the entire organization with its mobile (or any IT) strategy. Strategy gives the
company a single focal point with regards to IT initiatives. For example, the vision of
being the most technically advanced school system has been the biggest driver of
change at Lexington Schools over the past half decade.
About IANS
IANS is the leading provider of in-depth security insights delivered through its research,
community, and consulting offerings. Fueled by interactions among IANS Faculty and end users,
IANS provides actionable advice to information security, risk management, and compliance
executives. IANS powers better and faster technical and managerial decisions through
experience-driven advice.
IANS was founded in June 2001 as the Institute for Applied Network Security. Inspired by the
Harvard Business School experience of interactive discussions driving collective insights, IANS
adapted that format to fit the needs of information security professionals.
About MobileIron
MobileIron is a Mountain View, California-based Mobile IT innovator delivering software to help
businesses manage both mobile apps and mobile devices. The company solves the complex
requirements of enterprise mobility for CIOs forming Mobile IT teams, and Mobile IT vendors and
services companies. MobileIron has thousands of customers in 30 countries and most recently
posted 400% year over year growth for bookings and 600% growth for number of customers.
Within its customer base, more than 60 percent leverage the Android operating system and
related apps.
12
© 2012 IANS. All rights reserved. Commissioned by MobileIron. For more information, write to [email protected].
More than 200 of the Fortune 1000 and the Forbes Global 2000 are MobileIron customers.
These customers are sold MobileIron software by our value added reseller, carrier and system
integrator partners who now have more than 5,000 partner reps globally now trained to sell
MobileIron, and 1,000 field engineers now trained to deploy it. MobileIron software is available
as both on premise and Connected Cloud implementation. For Connected Cloud, our delegated
administration SaaS service provides unique integration with existing enterprise security
infrastructure.