Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
I
i
Leaders in Enterprise Mobile StrategiesTug of War Between
Business Value and Risks
Contents
Executive Summary 1
Research Methodology 3
Introduction The Tug of War 4
Chapter 1 ndash Tapping into Value What Mobility Means to Enterprises Today 5
How Mobility Generates Business Value 6 Use Cases Optimizing Customer Interactions and Satisfaction 7 Use Cases Improving Internal Productivity and Minimizing Risks 8 UseCasesIndustry-SpecificUses 10 Use Cases ldquoMiddle Appsrdquo 10 Who is Driving Mobility (and Why) 11 Top Reasons for Adoption of Enterprise Mobility 11 Top Executives Along with Employees Drive Adoption 11 Three Waves of Mobility Adoption 13 Functional Business Areas Adopting Mobility 13 Chapter 2 ndash A Divisive Issue ldquoBring Your Own Devicerdquo Model 15 Impact of BYOD on Employee Satisfaction Productivity and
Engagement 16 Impact of BYOD on Costs 17
Chapter 3 ndash Critical Considerations around Security 19 Current State of Security 19 Small and Midsize Businesses 20 Security Vulnerabilities Unique to Mobile Devices 20 Data Containment Strategy 21 Operational Areas of Concern for Security 21 Case Study Finding the Right Balance between Security Requirements and Users Desired Functionalities 24
ii
Case Study How to Handle Employees Accessing Social Media Networks 25
Case Study Setting Different Security and Control Policies for Corporate vs Personal Mobile Devices 26
Chapter 4 ndash Interoperability and Market Fragmentation Hurdles 27 Changing Landscape of Mobile Devices 27 iPads 28 Are BlackBerries In or Out 29 Problems with Upgrades 29 Disparate Mobile Operating System Platforms 31 Apple and Google Canrsquot Brush Microsoft Aside 32 Other Challenges 32 Mobile Enterprise Application Platform Strategy 33 App Development Strategy HTML5 Native Apps Hybrid Apps 34
Chapter 5 ndash The TCO Tab Total Cost of Ownership 37 Case Study Mobile Environment Investment Strategy 40 Case Study Using a Virtual Desktop Strategy 41
Chapter 6 ndash Roadmap to a Mobile Enterprise 42 Privacy Issues 43 Mobile Device Strategy 43 Mobile Applications Strategy 45 Top 15 Best Practices for Transitioning to a Mobile Environment 46 Considerations for a Mobile Reference Architecture 47 Case Study Mobility Customization for an Industrial Setting 49
Chapter 7 ndash Three-Year Outlook 50
Chapter 8 ndash Implications for Technology Vendors 51 References 52
About the Authors 55
About the Underwriters Sybase 56
About the Underwriters Cognizant 57
Acknowledgments 58
Contents continued
1
Executive SummaryTransitioning to a mobile environment hits enterprises with more change in a shorter time period than transitioning to any other recent technology development Application development nightmares Heavier pull on IT support staff Employee demands Privacy regulation complexities Huge data security risks Technology investments increasing exponentially over the next three years
Mobility turns businesses in all industries on their heads Are the rewards worth all this change
Definitely
Participants in Sand Hill Grouprsquos ldquoLeaders in Enterprise Mobile Strategiesrdquo study unanimously agreed that the rewards are huge and the challenges are surmountable Early adopters blazed the path and achieved dramatic successes Our study revealed a lot of excitement among companies that moved to a mobile environment and leveraged it to create competitive differentiation and developed new go-to-market strategies
Consider a few examples of business value-generation from our study
A pharmaceutical company reported saving millions of dollars by using mobile devices to eliminate hours of paperwork daily in preparation for sales calls to physicians In addition to the millions in cost savings the extra time allowed them to make more sales calls which resulted in more revenue
A company gained an entirely new customer audience for its products by switching to mobility and creating an innovative mobile app for its existingworkflowsystem
An entertainment company equipped some of its front-desk team members with iPads and associated card readers enabling them to go into the lines of waiting customers and check them in faster
A service provider created an innovative app for iPads which has the potential of generating $300 million in revenues
However in pursuing a competitive advantage through mobility enterprises plunge into a decisions tug of war business-value factors pull on one end of the rope while the same factors pull on the other end as risks
ldquoOur goal is to leverage mobile devices to move employees out
of PC dependencies so they can work in a virtualhome
environment This is crucial to our being able to find the right talent wherever they may berdquo
- CIO global financial services company
2
Among the considerations to weigh in the enterprise mobility tug-of-war decisions are the following
Companies must rethink the entire user experience with applications used by employees and external customers Achieving a rich user experience pulls against the costs of developing native applications and continually upgrading the proliferating mobile devices and operating system platforms
Instead of having to protect corporate data only from external threats enterprises must also protect against careless employee data leakage and incoming threats residing on employee-owned mobile devices
Cloud computing technologies are evolving rapidly as are mobile technologiesmdashbut not necessarily together
The mobile technology market is fragmented and much of the software is not interoperable as standards are still evolving
A mobile environment has hidden cost factors such as the telecommunication usage fees older employeesrsquo need for a keypad for use with touch-screen devices and the fact that some devices are obsolete by the time companies develop adequate policies and support programs
Companies must address new legal and HR department issues when switching to a mobile environment Moreover privacy laws differ per country and state
Some of the vendors for enterprise applications such as ERP supply chain HR and CRM do not support mobile In such cases this forces enterprises to custom-build their mobile apps which is expensive and problematic
Asidefromthefindingsaroundfactorsinvalue-generationversusriskourstudyalsorevealedtwosignificantfindingsregardingthestateofenterprisemobilityadoption
There is a difference between enterprise CIOsrsquo knowledge of mobile technologiesrsquo capabilities versus the reality of capabilities actually available in the market today
Microsoftmdashlate entering the marketmdashis a major factor and could change thewholeballgameregardingofficeproductivityapplications
Based on 20 in-depth interviews of enterprise CIOs CISOs principals and vice presidents as well as a quantitative survey of 53 enterprise executives the Sand Hill study details strategies lessons learned challenge workarounds cost analysis pitfalls best practices and a roadmap that enables enterprises to take action now and seize the dynamic opportunities of a mobile environment
ldquoThe whole mobility thing is a real conundrumrdquo
- Chief Information Security Officer
telecommunications company
Currently there is nothing that controls mobile or cloudmdashno standards to which everyone adheres
3
In addition Sand Hill Group conducted in-depth interviews of 20 CIOs CISOs principals and vice presidents to gain more insight The interviewees were from organizations in the following industries Financial Services Energy Government Telecommunications Manufacturing Logistics Healthcare Oil amp Gas Media High-Tech Insurance and Entertainment Participants in the online survey as well astheinterviewswereguaranteedconfidentialitytoprotectthestrategicnatureofthe corporate information provided
Research MethodologyDuring September - October 2011 the Sand Hill Group conducted a research
study to gauge enterprise CIOs CTOs and other IT managers insights into the challenges opportunities best practices and lessons learned regarding their companiesrsquo efforts and policies in transitioning to enterprise mobility For this study wedefinedldquoenterprisemobilityrdquoasapplicationsservices and devices that offer an easy-to-use rich user experience and untethered fast access to corporate data and processes for a truly mobile experience (Laptops were not included inthisdefinitionNewermobiledevicesdifferfrom laptops in providing a rich user experience and ways of interacting with the device such as gestures taps swipes etc )
The study utilized an online survey to gather executivesrsquo information A total of 85 executives responded to the 26-question survey and provided insight into trends strategies challenges and opportunities in enterprise mobility Thirty-two of the executives were from companies that sell enterprise mobility products or services their perspectives are not included in the data in this report
73 of the companies responding to the online survey stated their companies use enterprise mobile applications today or plan to use them in the next 12 months (excludes laptops and excludes use of mobile device to only access corporate email)
24 - CEOs or board members21 - Senior IT executives18 - Consultants16-CIOsorchieftechnicalofficers11 - Other C-level executives 5 - Nonexecutive IT managers 3 - Nonexecutive managers 2 - Other senior executives
Industries representedHigh-tech - 34 Financial Services - 18 Manufacturing - 11 Healthcare - 8 Nonprofit8Construction-7Telecommunications-5PharmaBiotech-2
ArtsEntertainment2Transportation-2Government-3
Annual revenue42 - less than 10 million16 - $10-$249 million11 - $10-$19 billion 8 - $500 million - less than $1 billion 5 - $1 billion - less than $10 billion 5 - $20 billion - $29 billion 3 - $30 billion or more 10 - Dont know
Breakdown of the remaining 53 survey respondents
4
Introduction The Tug of WarOur study of enterprise mobile adoption uncovered a tug of war between business value and inherent risks In this tug of war the choices to balance the business are not clear cut as illustrated below
Study participants unanimously agreed that the rewards for transitioning to mobility are huge
There are challenges but they are not insurmountable Early adopters are paving the way with successes in this tug of war and are models for new adopters to follow
ldquoMobile is becoming more and more important But first we have to figure it outrdquo
- Principal high-tech service provider company
Not being tethered to a desktop increases productivity and agility
Employees owning their own mobile devices achieves cost reduction
Mobile apps can be developed at a lower cost than traditional applications
Mobile capabilities opens up new markets new opportunities
Mobile apps deliver value to customers and increase their satisfaction
Freedom from desktop opens up new security threats that are unique to mobile
Supporting employeesrsquo diverse devices increases cost and burden on IT
Mobile apps development requires more developers who have skills to develop on multiple mobile platforms
Companies that have contracts with government agencies healthcare or financial services firms could lose business if there is a security breach through employee mobile devices
The cost of supporting every mobile platform for apps accessed by customers is exponential But not supporting them creates the risk of losing the customer
Drives Value in Mobile Environment Causes Threats in
Mobile Environment
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
i
Leaders in Enterprise Mobile StrategiesTug of War Between
Business Value and Risks
Contents
Executive Summary 1
Research Methodology 3
Introduction The Tug of War 4
Chapter 1 ndash Tapping into Value What Mobility Means to Enterprises Today 5
How Mobility Generates Business Value 6 Use Cases Optimizing Customer Interactions and Satisfaction 7 Use Cases Improving Internal Productivity and Minimizing Risks 8 UseCasesIndustry-SpecificUses 10 Use Cases ldquoMiddle Appsrdquo 10 Who is Driving Mobility (and Why) 11 Top Reasons for Adoption of Enterprise Mobility 11 Top Executives Along with Employees Drive Adoption 11 Three Waves of Mobility Adoption 13 Functional Business Areas Adopting Mobility 13 Chapter 2 ndash A Divisive Issue ldquoBring Your Own Devicerdquo Model 15 Impact of BYOD on Employee Satisfaction Productivity and
Engagement 16 Impact of BYOD on Costs 17
Chapter 3 ndash Critical Considerations around Security 19 Current State of Security 19 Small and Midsize Businesses 20 Security Vulnerabilities Unique to Mobile Devices 20 Data Containment Strategy 21 Operational Areas of Concern for Security 21 Case Study Finding the Right Balance between Security Requirements and Users Desired Functionalities 24
ii
Case Study How to Handle Employees Accessing Social Media Networks 25
Case Study Setting Different Security and Control Policies for Corporate vs Personal Mobile Devices 26
Chapter 4 ndash Interoperability and Market Fragmentation Hurdles 27 Changing Landscape of Mobile Devices 27 iPads 28 Are BlackBerries In or Out 29 Problems with Upgrades 29 Disparate Mobile Operating System Platforms 31 Apple and Google Canrsquot Brush Microsoft Aside 32 Other Challenges 32 Mobile Enterprise Application Platform Strategy 33 App Development Strategy HTML5 Native Apps Hybrid Apps 34
Chapter 5 ndash The TCO Tab Total Cost of Ownership 37 Case Study Mobile Environment Investment Strategy 40 Case Study Using a Virtual Desktop Strategy 41
Chapter 6 ndash Roadmap to a Mobile Enterprise 42 Privacy Issues 43 Mobile Device Strategy 43 Mobile Applications Strategy 45 Top 15 Best Practices for Transitioning to a Mobile Environment 46 Considerations for a Mobile Reference Architecture 47 Case Study Mobility Customization for an Industrial Setting 49
Chapter 7 ndash Three-Year Outlook 50
Chapter 8 ndash Implications for Technology Vendors 51 References 52
About the Authors 55
About the Underwriters Sybase 56
About the Underwriters Cognizant 57
Acknowledgments 58
Contents continued
1
Executive SummaryTransitioning to a mobile environment hits enterprises with more change in a shorter time period than transitioning to any other recent technology development Application development nightmares Heavier pull on IT support staff Employee demands Privacy regulation complexities Huge data security risks Technology investments increasing exponentially over the next three years
Mobility turns businesses in all industries on their heads Are the rewards worth all this change
Definitely
Participants in Sand Hill Grouprsquos ldquoLeaders in Enterprise Mobile Strategiesrdquo study unanimously agreed that the rewards are huge and the challenges are surmountable Early adopters blazed the path and achieved dramatic successes Our study revealed a lot of excitement among companies that moved to a mobile environment and leveraged it to create competitive differentiation and developed new go-to-market strategies
Consider a few examples of business value-generation from our study
A pharmaceutical company reported saving millions of dollars by using mobile devices to eliminate hours of paperwork daily in preparation for sales calls to physicians In addition to the millions in cost savings the extra time allowed them to make more sales calls which resulted in more revenue
A company gained an entirely new customer audience for its products by switching to mobility and creating an innovative mobile app for its existingworkflowsystem
An entertainment company equipped some of its front-desk team members with iPads and associated card readers enabling them to go into the lines of waiting customers and check them in faster
A service provider created an innovative app for iPads which has the potential of generating $300 million in revenues
However in pursuing a competitive advantage through mobility enterprises plunge into a decisions tug of war business-value factors pull on one end of the rope while the same factors pull on the other end as risks
ldquoOur goal is to leverage mobile devices to move employees out
of PC dependencies so they can work in a virtualhome
environment This is crucial to our being able to find the right talent wherever they may berdquo
- CIO global financial services company
2
Among the considerations to weigh in the enterprise mobility tug-of-war decisions are the following
Companies must rethink the entire user experience with applications used by employees and external customers Achieving a rich user experience pulls against the costs of developing native applications and continually upgrading the proliferating mobile devices and operating system platforms
Instead of having to protect corporate data only from external threats enterprises must also protect against careless employee data leakage and incoming threats residing on employee-owned mobile devices
Cloud computing technologies are evolving rapidly as are mobile technologiesmdashbut not necessarily together
The mobile technology market is fragmented and much of the software is not interoperable as standards are still evolving
A mobile environment has hidden cost factors such as the telecommunication usage fees older employeesrsquo need for a keypad for use with touch-screen devices and the fact that some devices are obsolete by the time companies develop adequate policies and support programs
Companies must address new legal and HR department issues when switching to a mobile environment Moreover privacy laws differ per country and state
Some of the vendors for enterprise applications such as ERP supply chain HR and CRM do not support mobile In such cases this forces enterprises to custom-build their mobile apps which is expensive and problematic
Asidefromthefindingsaroundfactorsinvalue-generationversusriskourstudyalsorevealedtwosignificantfindingsregardingthestateofenterprisemobilityadoption
There is a difference between enterprise CIOsrsquo knowledge of mobile technologiesrsquo capabilities versus the reality of capabilities actually available in the market today
Microsoftmdashlate entering the marketmdashis a major factor and could change thewholeballgameregardingofficeproductivityapplications
Based on 20 in-depth interviews of enterprise CIOs CISOs principals and vice presidents as well as a quantitative survey of 53 enterprise executives the Sand Hill study details strategies lessons learned challenge workarounds cost analysis pitfalls best practices and a roadmap that enables enterprises to take action now and seize the dynamic opportunities of a mobile environment
ldquoThe whole mobility thing is a real conundrumrdquo
- Chief Information Security Officer
telecommunications company
Currently there is nothing that controls mobile or cloudmdashno standards to which everyone adheres
3
In addition Sand Hill Group conducted in-depth interviews of 20 CIOs CISOs principals and vice presidents to gain more insight The interviewees were from organizations in the following industries Financial Services Energy Government Telecommunications Manufacturing Logistics Healthcare Oil amp Gas Media High-Tech Insurance and Entertainment Participants in the online survey as well astheinterviewswereguaranteedconfidentialitytoprotectthestrategicnatureofthe corporate information provided
Research MethodologyDuring September - October 2011 the Sand Hill Group conducted a research
study to gauge enterprise CIOs CTOs and other IT managers insights into the challenges opportunities best practices and lessons learned regarding their companiesrsquo efforts and policies in transitioning to enterprise mobility For this study wedefinedldquoenterprisemobilityrdquoasapplicationsservices and devices that offer an easy-to-use rich user experience and untethered fast access to corporate data and processes for a truly mobile experience (Laptops were not included inthisdefinitionNewermobiledevicesdifferfrom laptops in providing a rich user experience and ways of interacting with the device such as gestures taps swipes etc )
The study utilized an online survey to gather executivesrsquo information A total of 85 executives responded to the 26-question survey and provided insight into trends strategies challenges and opportunities in enterprise mobility Thirty-two of the executives were from companies that sell enterprise mobility products or services their perspectives are not included in the data in this report
73 of the companies responding to the online survey stated their companies use enterprise mobile applications today or plan to use them in the next 12 months (excludes laptops and excludes use of mobile device to only access corporate email)
24 - CEOs or board members21 - Senior IT executives18 - Consultants16-CIOsorchieftechnicalofficers11 - Other C-level executives 5 - Nonexecutive IT managers 3 - Nonexecutive managers 2 - Other senior executives
Industries representedHigh-tech - 34 Financial Services - 18 Manufacturing - 11 Healthcare - 8 Nonprofit8Construction-7Telecommunications-5PharmaBiotech-2
ArtsEntertainment2Transportation-2Government-3
Annual revenue42 - less than 10 million16 - $10-$249 million11 - $10-$19 billion 8 - $500 million - less than $1 billion 5 - $1 billion - less than $10 billion 5 - $20 billion - $29 billion 3 - $30 billion or more 10 - Dont know
Breakdown of the remaining 53 survey respondents
4
Introduction The Tug of WarOur study of enterprise mobile adoption uncovered a tug of war between business value and inherent risks In this tug of war the choices to balance the business are not clear cut as illustrated below
Study participants unanimously agreed that the rewards for transitioning to mobility are huge
There are challenges but they are not insurmountable Early adopters are paving the way with successes in this tug of war and are models for new adopters to follow
ldquoMobile is becoming more and more important But first we have to figure it outrdquo
- Principal high-tech service provider company
Not being tethered to a desktop increases productivity and agility
Employees owning their own mobile devices achieves cost reduction
Mobile apps can be developed at a lower cost than traditional applications
Mobile capabilities opens up new markets new opportunities
Mobile apps deliver value to customers and increase their satisfaction
Freedom from desktop opens up new security threats that are unique to mobile
Supporting employeesrsquo diverse devices increases cost and burden on IT
Mobile apps development requires more developers who have skills to develop on multiple mobile platforms
Companies that have contracts with government agencies healthcare or financial services firms could lose business if there is a security breach through employee mobile devices
The cost of supporting every mobile platform for apps accessed by customers is exponential But not supporting them creates the risk of losing the customer
Drives Value in Mobile Environment Causes Threats in
Mobile Environment
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
ii
Case Study How to Handle Employees Accessing Social Media Networks 25
Case Study Setting Different Security and Control Policies for Corporate vs Personal Mobile Devices 26
Chapter 4 ndash Interoperability and Market Fragmentation Hurdles 27 Changing Landscape of Mobile Devices 27 iPads 28 Are BlackBerries In or Out 29 Problems with Upgrades 29 Disparate Mobile Operating System Platforms 31 Apple and Google Canrsquot Brush Microsoft Aside 32 Other Challenges 32 Mobile Enterprise Application Platform Strategy 33 App Development Strategy HTML5 Native Apps Hybrid Apps 34
Chapter 5 ndash The TCO Tab Total Cost of Ownership 37 Case Study Mobile Environment Investment Strategy 40 Case Study Using a Virtual Desktop Strategy 41
Chapter 6 ndash Roadmap to a Mobile Enterprise 42 Privacy Issues 43 Mobile Device Strategy 43 Mobile Applications Strategy 45 Top 15 Best Practices for Transitioning to a Mobile Environment 46 Considerations for a Mobile Reference Architecture 47 Case Study Mobility Customization for an Industrial Setting 49
Chapter 7 ndash Three-Year Outlook 50
Chapter 8 ndash Implications for Technology Vendors 51 References 52
About the Authors 55
About the Underwriters Sybase 56
About the Underwriters Cognizant 57
Acknowledgments 58
Contents continued
1
Executive SummaryTransitioning to a mobile environment hits enterprises with more change in a shorter time period than transitioning to any other recent technology development Application development nightmares Heavier pull on IT support staff Employee demands Privacy regulation complexities Huge data security risks Technology investments increasing exponentially over the next three years
Mobility turns businesses in all industries on their heads Are the rewards worth all this change
Definitely
Participants in Sand Hill Grouprsquos ldquoLeaders in Enterprise Mobile Strategiesrdquo study unanimously agreed that the rewards are huge and the challenges are surmountable Early adopters blazed the path and achieved dramatic successes Our study revealed a lot of excitement among companies that moved to a mobile environment and leveraged it to create competitive differentiation and developed new go-to-market strategies
Consider a few examples of business value-generation from our study
A pharmaceutical company reported saving millions of dollars by using mobile devices to eliminate hours of paperwork daily in preparation for sales calls to physicians In addition to the millions in cost savings the extra time allowed them to make more sales calls which resulted in more revenue
A company gained an entirely new customer audience for its products by switching to mobility and creating an innovative mobile app for its existingworkflowsystem
An entertainment company equipped some of its front-desk team members with iPads and associated card readers enabling them to go into the lines of waiting customers and check them in faster
A service provider created an innovative app for iPads which has the potential of generating $300 million in revenues
However in pursuing a competitive advantage through mobility enterprises plunge into a decisions tug of war business-value factors pull on one end of the rope while the same factors pull on the other end as risks
ldquoOur goal is to leverage mobile devices to move employees out
of PC dependencies so they can work in a virtualhome
environment This is crucial to our being able to find the right talent wherever they may berdquo
- CIO global financial services company
2
Among the considerations to weigh in the enterprise mobility tug-of-war decisions are the following
Companies must rethink the entire user experience with applications used by employees and external customers Achieving a rich user experience pulls against the costs of developing native applications and continually upgrading the proliferating mobile devices and operating system platforms
Instead of having to protect corporate data only from external threats enterprises must also protect against careless employee data leakage and incoming threats residing on employee-owned mobile devices
Cloud computing technologies are evolving rapidly as are mobile technologiesmdashbut not necessarily together
The mobile technology market is fragmented and much of the software is not interoperable as standards are still evolving
A mobile environment has hidden cost factors such as the telecommunication usage fees older employeesrsquo need for a keypad for use with touch-screen devices and the fact that some devices are obsolete by the time companies develop adequate policies and support programs
Companies must address new legal and HR department issues when switching to a mobile environment Moreover privacy laws differ per country and state
Some of the vendors for enterprise applications such as ERP supply chain HR and CRM do not support mobile In such cases this forces enterprises to custom-build their mobile apps which is expensive and problematic
Asidefromthefindingsaroundfactorsinvalue-generationversusriskourstudyalsorevealedtwosignificantfindingsregardingthestateofenterprisemobilityadoption
There is a difference between enterprise CIOsrsquo knowledge of mobile technologiesrsquo capabilities versus the reality of capabilities actually available in the market today
Microsoftmdashlate entering the marketmdashis a major factor and could change thewholeballgameregardingofficeproductivityapplications
Based on 20 in-depth interviews of enterprise CIOs CISOs principals and vice presidents as well as a quantitative survey of 53 enterprise executives the Sand Hill study details strategies lessons learned challenge workarounds cost analysis pitfalls best practices and a roadmap that enables enterprises to take action now and seize the dynamic opportunities of a mobile environment
ldquoThe whole mobility thing is a real conundrumrdquo
- Chief Information Security Officer
telecommunications company
Currently there is nothing that controls mobile or cloudmdashno standards to which everyone adheres
3
In addition Sand Hill Group conducted in-depth interviews of 20 CIOs CISOs principals and vice presidents to gain more insight The interviewees were from organizations in the following industries Financial Services Energy Government Telecommunications Manufacturing Logistics Healthcare Oil amp Gas Media High-Tech Insurance and Entertainment Participants in the online survey as well astheinterviewswereguaranteedconfidentialitytoprotectthestrategicnatureofthe corporate information provided
Research MethodologyDuring September - October 2011 the Sand Hill Group conducted a research
study to gauge enterprise CIOs CTOs and other IT managers insights into the challenges opportunities best practices and lessons learned regarding their companiesrsquo efforts and policies in transitioning to enterprise mobility For this study wedefinedldquoenterprisemobilityrdquoasapplicationsservices and devices that offer an easy-to-use rich user experience and untethered fast access to corporate data and processes for a truly mobile experience (Laptops were not included inthisdefinitionNewermobiledevicesdifferfrom laptops in providing a rich user experience and ways of interacting with the device such as gestures taps swipes etc )
The study utilized an online survey to gather executivesrsquo information A total of 85 executives responded to the 26-question survey and provided insight into trends strategies challenges and opportunities in enterprise mobility Thirty-two of the executives were from companies that sell enterprise mobility products or services their perspectives are not included in the data in this report
73 of the companies responding to the online survey stated their companies use enterprise mobile applications today or plan to use them in the next 12 months (excludes laptops and excludes use of mobile device to only access corporate email)
24 - CEOs or board members21 - Senior IT executives18 - Consultants16-CIOsorchieftechnicalofficers11 - Other C-level executives 5 - Nonexecutive IT managers 3 - Nonexecutive managers 2 - Other senior executives
Industries representedHigh-tech - 34 Financial Services - 18 Manufacturing - 11 Healthcare - 8 Nonprofit8Construction-7Telecommunications-5PharmaBiotech-2
ArtsEntertainment2Transportation-2Government-3
Annual revenue42 - less than 10 million16 - $10-$249 million11 - $10-$19 billion 8 - $500 million - less than $1 billion 5 - $1 billion - less than $10 billion 5 - $20 billion - $29 billion 3 - $30 billion or more 10 - Dont know
Breakdown of the remaining 53 survey respondents
4
Introduction The Tug of WarOur study of enterprise mobile adoption uncovered a tug of war between business value and inherent risks In this tug of war the choices to balance the business are not clear cut as illustrated below
Study participants unanimously agreed that the rewards for transitioning to mobility are huge
There are challenges but they are not insurmountable Early adopters are paving the way with successes in this tug of war and are models for new adopters to follow
ldquoMobile is becoming more and more important But first we have to figure it outrdquo
- Principal high-tech service provider company
Not being tethered to a desktop increases productivity and agility
Employees owning their own mobile devices achieves cost reduction
Mobile apps can be developed at a lower cost than traditional applications
Mobile capabilities opens up new markets new opportunities
Mobile apps deliver value to customers and increase their satisfaction
Freedom from desktop opens up new security threats that are unique to mobile
Supporting employeesrsquo diverse devices increases cost and burden on IT
Mobile apps development requires more developers who have skills to develop on multiple mobile platforms
Companies that have contracts with government agencies healthcare or financial services firms could lose business if there is a security breach through employee mobile devices
The cost of supporting every mobile platform for apps accessed by customers is exponential But not supporting them creates the risk of losing the customer
Drives Value in Mobile Environment Causes Threats in
Mobile Environment
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
1
Executive SummaryTransitioning to a mobile environment hits enterprises with more change in a shorter time period than transitioning to any other recent technology development Application development nightmares Heavier pull on IT support staff Employee demands Privacy regulation complexities Huge data security risks Technology investments increasing exponentially over the next three years
Mobility turns businesses in all industries on their heads Are the rewards worth all this change
Definitely
Participants in Sand Hill Grouprsquos ldquoLeaders in Enterprise Mobile Strategiesrdquo study unanimously agreed that the rewards are huge and the challenges are surmountable Early adopters blazed the path and achieved dramatic successes Our study revealed a lot of excitement among companies that moved to a mobile environment and leveraged it to create competitive differentiation and developed new go-to-market strategies
Consider a few examples of business value-generation from our study
A pharmaceutical company reported saving millions of dollars by using mobile devices to eliminate hours of paperwork daily in preparation for sales calls to physicians In addition to the millions in cost savings the extra time allowed them to make more sales calls which resulted in more revenue
A company gained an entirely new customer audience for its products by switching to mobility and creating an innovative mobile app for its existingworkflowsystem
An entertainment company equipped some of its front-desk team members with iPads and associated card readers enabling them to go into the lines of waiting customers and check them in faster
A service provider created an innovative app for iPads which has the potential of generating $300 million in revenues
However in pursuing a competitive advantage through mobility enterprises plunge into a decisions tug of war business-value factors pull on one end of the rope while the same factors pull on the other end as risks
ldquoOur goal is to leverage mobile devices to move employees out
of PC dependencies so they can work in a virtualhome
environment This is crucial to our being able to find the right talent wherever they may berdquo
- CIO global financial services company
2
Among the considerations to weigh in the enterprise mobility tug-of-war decisions are the following
Companies must rethink the entire user experience with applications used by employees and external customers Achieving a rich user experience pulls against the costs of developing native applications and continually upgrading the proliferating mobile devices and operating system platforms
Instead of having to protect corporate data only from external threats enterprises must also protect against careless employee data leakage and incoming threats residing on employee-owned mobile devices
Cloud computing technologies are evolving rapidly as are mobile technologiesmdashbut not necessarily together
The mobile technology market is fragmented and much of the software is not interoperable as standards are still evolving
A mobile environment has hidden cost factors such as the telecommunication usage fees older employeesrsquo need for a keypad for use with touch-screen devices and the fact that some devices are obsolete by the time companies develop adequate policies and support programs
Companies must address new legal and HR department issues when switching to a mobile environment Moreover privacy laws differ per country and state
Some of the vendors for enterprise applications such as ERP supply chain HR and CRM do not support mobile In such cases this forces enterprises to custom-build their mobile apps which is expensive and problematic
Asidefromthefindingsaroundfactorsinvalue-generationversusriskourstudyalsorevealedtwosignificantfindingsregardingthestateofenterprisemobilityadoption
There is a difference between enterprise CIOsrsquo knowledge of mobile technologiesrsquo capabilities versus the reality of capabilities actually available in the market today
Microsoftmdashlate entering the marketmdashis a major factor and could change thewholeballgameregardingofficeproductivityapplications
Based on 20 in-depth interviews of enterprise CIOs CISOs principals and vice presidents as well as a quantitative survey of 53 enterprise executives the Sand Hill study details strategies lessons learned challenge workarounds cost analysis pitfalls best practices and a roadmap that enables enterprises to take action now and seize the dynamic opportunities of a mobile environment
ldquoThe whole mobility thing is a real conundrumrdquo
- Chief Information Security Officer
telecommunications company
Currently there is nothing that controls mobile or cloudmdashno standards to which everyone adheres
3
In addition Sand Hill Group conducted in-depth interviews of 20 CIOs CISOs principals and vice presidents to gain more insight The interviewees were from organizations in the following industries Financial Services Energy Government Telecommunications Manufacturing Logistics Healthcare Oil amp Gas Media High-Tech Insurance and Entertainment Participants in the online survey as well astheinterviewswereguaranteedconfidentialitytoprotectthestrategicnatureofthe corporate information provided
Research MethodologyDuring September - October 2011 the Sand Hill Group conducted a research
study to gauge enterprise CIOs CTOs and other IT managers insights into the challenges opportunities best practices and lessons learned regarding their companiesrsquo efforts and policies in transitioning to enterprise mobility For this study wedefinedldquoenterprisemobilityrdquoasapplicationsservices and devices that offer an easy-to-use rich user experience and untethered fast access to corporate data and processes for a truly mobile experience (Laptops were not included inthisdefinitionNewermobiledevicesdifferfrom laptops in providing a rich user experience and ways of interacting with the device such as gestures taps swipes etc )
The study utilized an online survey to gather executivesrsquo information A total of 85 executives responded to the 26-question survey and provided insight into trends strategies challenges and opportunities in enterprise mobility Thirty-two of the executives were from companies that sell enterprise mobility products or services their perspectives are not included in the data in this report
73 of the companies responding to the online survey stated their companies use enterprise mobile applications today or plan to use them in the next 12 months (excludes laptops and excludes use of mobile device to only access corporate email)
24 - CEOs or board members21 - Senior IT executives18 - Consultants16-CIOsorchieftechnicalofficers11 - Other C-level executives 5 - Nonexecutive IT managers 3 - Nonexecutive managers 2 - Other senior executives
Industries representedHigh-tech - 34 Financial Services - 18 Manufacturing - 11 Healthcare - 8 Nonprofit8Construction-7Telecommunications-5PharmaBiotech-2
ArtsEntertainment2Transportation-2Government-3
Annual revenue42 - less than 10 million16 - $10-$249 million11 - $10-$19 billion 8 - $500 million - less than $1 billion 5 - $1 billion - less than $10 billion 5 - $20 billion - $29 billion 3 - $30 billion or more 10 - Dont know
Breakdown of the remaining 53 survey respondents
4
Introduction The Tug of WarOur study of enterprise mobile adoption uncovered a tug of war between business value and inherent risks In this tug of war the choices to balance the business are not clear cut as illustrated below
Study participants unanimously agreed that the rewards for transitioning to mobility are huge
There are challenges but they are not insurmountable Early adopters are paving the way with successes in this tug of war and are models for new adopters to follow
ldquoMobile is becoming more and more important But first we have to figure it outrdquo
- Principal high-tech service provider company
Not being tethered to a desktop increases productivity and agility
Employees owning their own mobile devices achieves cost reduction
Mobile apps can be developed at a lower cost than traditional applications
Mobile capabilities opens up new markets new opportunities
Mobile apps deliver value to customers and increase their satisfaction
Freedom from desktop opens up new security threats that are unique to mobile
Supporting employeesrsquo diverse devices increases cost and burden on IT
Mobile apps development requires more developers who have skills to develop on multiple mobile platforms
Companies that have contracts with government agencies healthcare or financial services firms could lose business if there is a security breach through employee mobile devices
The cost of supporting every mobile platform for apps accessed by customers is exponential But not supporting them creates the risk of losing the customer
Drives Value in Mobile Environment Causes Threats in
Mobile Environment
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
2
Among the considerations to weigh in the enterprise mobility tug-of-war decisions are the following
Companies must rethink the entire user experience with applications used by employees and external customers Achieving a rich user experience pulls against the costs of developing native applications and continually upgrading the proliferating mobile devices and operating system platforms
Instead of having to protect corporate data only from external threats enterprises must also protect against careless employee data leakage and incoming threats residing on employee-owned mobile devices
Cloud computing technologies are evolving rapidly as are mobile technologiesmdashbut not necessarily together
The mobile technology market is fragmented and much of the software is not interoperable as standards are still evolving
A mobile environment has hidden cost factors such as the telecommunication usage fees older employeesrsquo need for a keypad for use with touch-screen devices and the fact that some devices are obsolete by the time companies develop adequate policies and support programs
Companies must address new legal and HR department issues when switching to a mobile environment Moreover privacy laws differ per country and state
Some of the vendors for enterprise applications such as ERP supply chain HR and CRM do not support mobile In such cases this forces enterprises to custom-build their mobile apps which is expensive and problematic
Asidefromthefindingsaroundfactorsinvalue-generationversusriskourstudyalsorevealedtwosignificantfindingsregardingthestateofenterprisemobilityadoption
There is a difference between enterprise CIOsrsquo knowledge of mobile technologiesrsquo capabilities versus the reality of capabilities actually available in the market today
Microsoftmdashlate entering the marketmdashis a major factor and could change thewholeballgameregardingofficeproductivityapplications
Based on 20 in-depth interviews of enterprise CIOs CISOs principals and vice presidents as well as a quantitative survey of 53 enterprise executives the Sand Hill study details strategies lessons learned challenge workarounds cost analysis pitfalls best practices and a roadmap that enables enterprises to take action now and seize the dynamic opportunities of a mobile environment
ldquoThe whole mobility thing is a real conundrumrdquo
- Chief Information Security Officer
telecommunications company
Currently there is nothing that controls mobile or cloudmdashno standards to which everyone adheres
3
In addition Sand Hill Group conducted in-depth interviews of 20 CIOs CISOs principals and vice presidents to gain more insight The interviewees were from organizations in the following industries Financial Services Energy Government Telecommunications Manufacturing Logistics Healthcare Oil amp Gas Media High-Tech Insurance and Entertainment Participants in the online survey as well astheinterviewswereguaranteedconfidentialitytoprotectthestrategicnatureofthe corporate information provided
Research MethodologyDuring September - October 2011 the Sand Hill Group conducted a research
study to gauge enterprise CIOs CTOs and other IT managers insights into the challenges opportunities best practices and lessons learned regarding their companiesrsquo efforts and policies in transitioning to enterprise mobility For this study wedefinedldquoenterprisemobilityrdquoasapplicationsservices and devices that offer an easy-to-use rich user experience and untethered fast access to corporate data and processes for a truly mobile experience (Laptops were not included inthisdefinitionNewermobiledevicesdifferfrom laptops in providing a rich user experience and ways of interacting with the device such as gestures taps swipes etc )
The study utilized an online survey to gather executivesrsquo information A total of 85 executives responded to the 26-question survey and provided insight into trends strategies challenges and opportunities in enterprise mobility Thirty-two of the executives were from companies that sell enterprise mobility products or services their perspectives are not included in the data in this report
73 of the companies responding to the online survey stated their companies use enterprise mobile applications today or plan to use them in the next 12 months (excludes laptops and excludes use of mobile device to only access corporate email)
24 - CEOs or board members21 - Senior IT executives18 - Consultants16-CIOsorchieftechnicalofficers11 - Other C-level executives 5 - Nonexecutive IT managers 3 - Nonexecutive managers 2 - Other senior executives
Industries representedHigh-tech - 34 Financial Services - 18 Manufacturing - 11 Healthcare - 8 Nonprofit8Construction-7Telecommunications-5PharmaBiotech-2
ArtsEntertainment2Transportation-2Government-3
Annual revenue42 - less than 10 million16 - $10-$249 million11 - $10-$19 billion 8 - $500 million - less than $1 billion 5 - $1 billion - less than $10 billion 5 - $20 billion - $29 billion 3 - $30 billion or more 10 - Dont know
Breakdown of the remaining 53 survey respondents
4
Introduction The Tug of WarOur study of enterprise mobile adoption uncovered a tug of war between business value and inherent risks In this tug of war the choices to balance the business are not clear cut as illustrated below
Study participants unanimously agreed that the rewards for transitioning to mobility are huge
There are challenges but they are not insurmountable Early adopters are paving the way with successes in this tug of war and are models for new adopters to follow
ldquoMobile is becoming more and more important But first we have to figure it outrdquo
- Principal high-tech service provider company
Not being tethered to a desktop increases productivity and agility
Employees owning their own mobile devices achieves cost reduction
Mobile apps can be developed at a lower cost than traditional applications
Mobile capabilities opens up new markets new opportunities
Mobile apps deliver value to customers and increase their satisfaction
Freedom from desktop opens up new security threats that are unique to mobile
Supporting employeesrsquo diverse devices increases cost and burden on IT
Mobile apps development requires more developers who have skills to develop on multiple mobile platforms
Companies that have contracts with government agencies healthcare or financial services firms could lose business if there is a security breach through employee mobile devices
The cost of supporting every mobile platform for apps accessed by customers is exponential But not supporting them creates the risk of losing the customer
Drives Value in Mobile Environment Causes Threats in
Mobile Environment
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
3
In addition Sand Hill Group conducted in-depth interviews of 20 CIOs CISOs principals and vice presidents to gain more insight The interviewees were from organizations in the following industries Financial Services Energy Government Telecommunications Manufacturing Logistics Healthcare Oil amp Gas Media High-Tech Insurance and Entertainment Participants in the online survey as well astheinterviewswereguaranteedconfidentialitytoprotectthestrategicnatureofthe corporate information provided
Research MethodologyDuring September - October 2011 the Sand Hill Group conducted a research
study to gauge enterprise CIOs CTOs and other IT managers insights into the challenges opportunities best practices and lessons learned regarding their companiesrsquo efforts and policies in transitioning to enterprise mobility For this study wedefinedldquoenterprisemobilityrdquoasapplicationsservices and devices that offer an easy-to-use rich user experience and untethered fast access to corporate data and processes for a truly mobile experience (Laptops were not included inthisdefinitionNewermobiledevicesdifferfrom laptops in providing a rich user experience and ways of interacting with the device such as gestures taps swipes etc )
The study utilized an online survey to gather executivesrsquo information A total of 85 executives responded to the 26-question survey and provided insight into trends strategies challenges and opportunities in enterprise mobility Thirty-two of the executives were from companies that sell enterprise mobility products or services their perspectives are not included in the data in this report
73 of the companies responding to the online survey stated their companies use enterprise mobile applications today or plan to use them in the next 12 months (excludes laptops and excludes use of mobile device to only access corporate email)
24 - CEOs or board members21 - Senior IT executives18 - Consultants16-CIOsorchieftechnicalofficers11 - Other C-level executives 5 - Nonexecutive IT managers 3 - Nonexecutive managers 2 - Other senior executives
Industries representedHigh-tech - 34 Financial Services - 18 Manufacturing - 11 Healthcare - 8 Nonprofit8Construction-7Telecommunications-5PharmaBiotech-2
ArtsEntertainment2Transportation-2Government-3
Annual revenue42 - less than 10 million16 - $10-$249 million11 - $10-$19 billion 8 - $500 million - less than $1 billion 5 - $1 billion - less than $10 billion 5 - $20 billion - $29 billion 3 - $30 billion or more 10 - Dont know
Breakdown of the remaining 53 survey respondents
4
Introduction The Tug of WarOur study of enterprise mobile adoption uncovered a tug of war between business value and inherent risks In this tug of war the choices to balance the business are not clear cut as illustrated below
Study participants unanimously agreed that the rewards for transitioning to mobility are huge
There are challenges but they are not insurmountable Early adopters are paving the way with successes in this tug of war and are models for new adopters to follow
ldquoMobile is becoming more and more important But first we have to figure it outrdquo
- Principal high-tech service provider company
Not being tethered to a desktop increases productivity and agility
Employees owning their own mobile devices achieves cost reduction
Mobile apps can be developed at a lower cost than traditional applications
Mobile capabilities opens up new markets new opportunities
Mobile apps deliver value to customers and increase their satisfaction
Freedom from desktop opens up new security threats that are unique to mobile
Supporting employeesrsquo diverse devices increases cost and burden on IT
Mobile apps development requires more developers who have skills to develop on multiple mobile platforms
Companies that have contracts with government agencies healthcare or financial services firms could lose business if there is a security breach through employee mobile devices
The cost of supporting every mobile platform for apps accessed by customers is exponential But not supporting them creates the risk of losing the customer
Drives Value in Mobile Environment Causes Threats in
Mobile Environment
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
4
Introduction The Tug of WarOur study of enterprise mobile adoption uncovered a tug of war between business value and inherent risks In this tug of war the choices to balance the business are not clear cut as illustrated below
Study participants unanimously agreed that the rewards for transitioning to mobility are huge
There are challenges but they are not insurmountable Early adopters are paving the way with successes in this tug of war and are models for new adopters to follow
ldquoMobile is becoming more and more important But first we have to figure it outrdquo
- Principal high-tech service provider company
Not being tethered to a desktop increases productivity and agility
Employees owning their own mobile devices achieves cost reduction
Mobile apps can be developed at a lower cost than traditional applications
Mobile capabilities opens up new markets new opportunities
Mobile apps deliver value to customers and increase their satisfaction
Freedom from desktop opens up new security threats that are unique to mobile
Supporting employeesrsquo diverse devices increases cost and burden on IT
Mobile apps development requires more developers who have skills to develop on multiple mobile platforms
Companies that have contracts with government agencies healthcare or financial services firms could lose business if there is a security breach through employee mobile devices
The cost of supporting every mobile platform for apps accessed by customers is exponential But not supporting them creates the risk of losing the customer
Drives Value in Mobile Environment Causes Threats in
Mobile Environment
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
5
Chapter 1 - Tapping into Value What Mobility Means to Enterprises TodayMobile workers now comprise more than 70 percent of the total workforce in the United States and 60 percent in Brazil Germany India and Japan according to a January 2011 InfoTrends report Mobile devices and apps are turning businesses on their heads in every industry through both internal business value and external value with customer interactions as highlighted in the table below
Internal Business Value Creation through Mobility
c Reduce process or cycle time increasing productivity
c Capture real-time data and access
c Communicate faster and more effectively with mobile employees
c Make it easier for people to participate in the innovation process
c Transform cumbersome applications for tasks to user-friendly rich-experience mobile apps
c Make employees more productive and engaged reduce churn
c Reduce costs
External Business Value Creation through Mobility
c Create a differentiator in products andorservicesinahighlycompetitive industry or market
c Keep pace with competitors using mobile strategies
c Address external customersrsquo demands for mobile applications
c Communicate in real time with customers especially in businesses where a communication delay can lead to loss of a customer
c Increase customer satisfaction and loyalty
c Create new revenue streams
c Enter new markets
Simply put enterprise mobility generates business value
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
6
Use Cases How Mobility Generates Business Value
MobileCheck-inCheck-outCapabilities
Mobility is high on the agenda among companies in highly competitive businesseswherecustomerchurnissignificantAdaptingmobiledevicesfororderingandcheck-inouttasksenablescompaniestogainnewcustomersandincrease existing customersrsquo loyalty This powerful strategy also increases productivity and reduces costs in internal tasks
Afewexamplesincludecheckinginatadoctorrsquosofficeahotelorairportchecking inventory items in and out of warehouses and ordering and paying for food at a restaurant The interviewees in our study described the following cases of business value generation
Shorten customersrsquo time waiting in line A CIO at a large entertainment company explained that his company is bumping upthecheck-inoutfunctionalityevenfurthertoimprovecustomer satisfaction as well as productivity The company is equipping some of its front-desk team members with iPads and associated card readers that enable them to go into the lines of customers waiting to check in and start processing them before they reach the front of the line
Special offers for travelers Afinancialservicescompanyisusinggeo-location awareness technologies once travelers arrive at their destinationcitytoprovidespecificsuggestionsandcouponsforshopping restaurants etc based on the companyrsquos knowledge of a travelerrsquos preferences The coupon or discount is automatically applied when the traveler swipes his card in payment and a text messagearrivesonthemobiledeviceconfirmingtheamountsaved on the purchase
ChangeanairlineflightreservationandcheckinseamlesslyA CEO described his experience of being in a taxi on the way to anairportandneedingtochangehisflightHeused his mobile devicetochangetheflightthenscannedthesubsequentbarcodesent to his mobile phone to check in at the TSA gate and at the boarding gate No paper no errors fast and easy
Use Cases Optimizing Customer Interactions and Satisfaction
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
7
Logistics Company ndash Accelerate Process for Customers
Customers simply go to the mobile version of the companyrsquos website enter the information and the company transmits the shipping label to the customerrsquos mobile device The customer then takes the package to the company and the label is scanned from the mobile device It eliminates paper accelerates the process and increasesaccuracyThecompanyalsocreatedspecificwebsitesforAndroidiPhoneand BlackBerry devices so that customers donrsquot have to navigate a clumsy website designed for the desktop environment The process is all digital for the customer down to the last mile
They are currently in the process of building native apps for tracking shipping findingoutofficelocationsdrop-offandpick-uplocationsandredirectingpackages
Insurance Company ndash Reduce Information Complexity for Customers
An insurance company sends information to its 11000 agents on their mobile devices The information previously was available only on paper or on desktop computers
Telecommunications Company ndash Convey Real-Time Information
Access to real-time network and data center health information is crucial to telecommunications companies and can prevent them from losing customers Telecoms have stringent service level agreements (SLAs) with their large corporate customersmdashwhich cannot afford to lose phone service or Internet connectivity The contracted SLAs include penalties the telecom must pay the customer in instances of service disruption
A participant in the study uses mobile devices to deliver data center health information weather alerts and other crucial information to service operatorsmdashwherever they are at the time Alerted to a problem an operator can then immediately contact his customer to warn the customer of the issue
This real-time communication capability enables the operator to deliver a message such as ldquoThere was a weather issue in the network 10 minutes ago that can potentially disrupt your connectivity We already have crews working to resolve the issue rdquo This improved customer service and interaction results in a tremendous improvement of customer satisfaction and loyalty
Financial Services Company ndash Virtual Currency Offerings
The company interfaced with Amazonrsquos API allowing the company to create ldquovirtual currencyrdquo offers for its customers which extend in real time to mobile devices This points-system type of currency and technology worked so well that the company implemented a program where customers could pay for products on Amazon through acombinationofpointsanddollarsgivingthemflexibility
Use Cases Optimizing Customer Interactions and Satisfaction
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
8
New Revenue Streams
A global tier-one service provider is creating a book-reader app for iPads The app is security stamped with the providerrsquos name The cost to customers is a mere $25 per month If they sell 10000 copies to their vast customer pool itrsquos a brand new $300 million business
Anintervieweeinourstudysaidhisrestaurantisfiguringouthowtocreate mobile apps that allow customers to take advantage of offers in the restaurants provided by the companyrsquos retail partners
A media company CIO said his company is repackaging existing products for a mobile audience Information publishers gather process and digest information from various sources and markets and sell it to large companies in different industries This relevant real-time data is worth billions of dollars A U S media company is now increasing revenues by packaging the information so it is suitable for delivering to customers using mobile devices
Chemicals Company ndash Reduce Safety Risks
Capturingreal-timefielddataaboutfacilitiesenhancesoperationalsafetyandsaves huge costs for a chemicals company As the CIO explained his company must ldquoisolaterdquo a facility before anyone can work there Permits risk assessment variouslevelsoftestingandcertificationtoensurethefacilityiscarbonfreemusttake place
In addition the company uses applications to track the isolations and inspectorsrsquo sign-offs on such items as whether a valve is closed and locked down All of the information that inspectors need to track is on a mobile device which then sendsallthefieldinformationbacktothecontrolroomwherepeoplecanseetheprogress in real time as each isolation triggers the next task
Logistics Company ndash Supply Chain Productivity
Aglobalfinancialservicescompanyhashundredsofthousandsofdevicesusedinternally in its logistics and supply chain operations which were engineered over a long period of time Because many of its customers now use mobile devices and platforms the company saw an opportunity to optimize its end-to-end operations and thereby become more real time in logistics operations
AkeybenefitofthemobilesolutionisthatitfindserrorsquicklyThemobilecapabilities aid in early detection of anomalies which is important in recovery of inventory and improving cycle time The CIO stated ldquoIf we use wired technology orfixed-pointtechnologytherearetoomanypointsinthesupplychainthathaveto bear the cost rdquo
Use Cases Improving Internal Productivity and Minimizing Risks
Use Cases Optimizing Customer Interactions and Satisfaction
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
9
Square Payment System for E-commerce TransactionsMerchants and service providers can use their mobile phones as a credit card reader with the ldquoSquarerdquo accessory They pay 2 75 percent per card swipe and get the payout direct deposited to their bank account the next day Now businesses of all sizes can accept portable purchase payments at any location while on the move while customers are waiting in line at entertainment events at restaurants in taxis etc
Disaster Recovery Mobility allows employees to stay connected to corporate data and applications
while working from home or another temporary facility in times of natural disaster
AfacilitiesmanagerisusinganiPadappdesignedspecificallyforinspectinghis companyrsquos facilities It is particularly helpful after hurricanes or other disasters
Pharmaceutical Company ndash Reduced Costs and Increased RevenueThesalesteamsinpharmaceuticalandbiotechcompaniesoftenhaveonlyfiveminuteswithverybusyphysiciansGettingabusydoctorrsquosattentionforthosefiveminutes is a challenge Each morning a salesperson must access and print all of the product technical details and differentiation information for a particular physicianrsquos specialty practice area along with the number of samples previously given to the doctor and other information They also make notes on the paperwork This preparatory work takes approximately two hours in the mornings
A large pharmaceutical company we interviewed has 7000 members on its sales team which makes sales calls 240 days per year By loading all of the preparatory information into smartphones and tablets they reduced prep time from hours to minutes and shaved off millions of dollars from the customer-acquisition costs In addition to the cost savings the 7000 sales reps were able to make additional visits to doctors per year which enabled them to sell more products and increase the companyrsquos revenues
Miscellaneous Productivity Enhancements Enabling Employee Collaboration A logistics and shipping company has a
large force of mobile workers such as package handlers airplane pilots and truck drivers in its supply chain Each has needs for collaborating with the others in order to complete tasks The company shifted to mobile devices for these communications and at the same time enabled a social community type of collaboration They also implemented a Bring Your Own Device model to motivate employees to use the mobile device capabilities
Catalog of Services A company is building a mobile cloud where its catalog of services will be available to employees on their mobile devices This is a store-like environment in a private cloud Once the public cloud is proven in a year or two they plan to move to the public cloud
Use Cases Improving Internal Productivity and Minimizing Risks
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
10
Healthcare
ProviderspayersandpatientsallbenefitfromamobileenvironmentPhysicians and nurses currently chart notes on tablet devices as they meet with patients Tablet devices are also great communication tools to display Xrays MRIs etc to a patient and explain treatment
Pharmacies are sending text messages to patientsrsquo mobile devices to alert them that they need to take a medicine or that their prescriptions are ready to pick up or are about to expire
Retail
The retail industry is another area ripe for mobility as it allows companies to more rapidly interact with customers This is an area where disruption of market leaders will likely occur as new technologies develop For instance shoppers can use their smartphones to scan product bar codes and labels and get a quick comparison of competitorsrsquo prices for the same item Mobile wallets are gaining rapid adoption they allow shoppers to complete a secure transaction through a mobile device Using mobile technologies with shoppers in a store retailers can quicklyqualifycustomersfindoutwhattheyneedandcloseasalefaster
Our study found that there is a huge gap in availability of mobile apps for ad hoc processes that occur in between major business processes for which there are majorapplications(suchasaccountingorCRM)Thisrepresentsasignificantopportunityforcompaniesdevelopingtheselightweightworkflow-drivenindustry-specificldquomiddlerdquoappsthatcanrunonmobiledevicesTheseappscreatesignificantvalueforenterprises
As an example of a middle app a pool-cleaning companyrsquos employees go from pool to pool cleaning They handwrite time place and other information on clipboards andthengobacktotheofficeandinputthatinformationintotheirdesktopcomputers This time-consuming process prevents them from having the time to clean more pools or increase customer satisfaction either of which would create value for the company
As an interviewee in the study explained it is not easy to get the attention of most software companies to build such a unique app for a small niche task However there are a few companies that provide a platform for enterprise users to build situational apps for the middle space for some industries The level of security necessary for apps in this in-between space is lower than for core transactional applications with sensitive data still the security must be at a higher level than for email contacts and calendars Even with the lower security requirements and using a service providerrsquos platform building middle apps intimidates many enterprises Many lack in-house resources for building Web applicationsanditisevenmoredifficulttofindtheskillstodevelopmobileapps
Use Cases Middle Apps
UseCasesIndustry-SpecificCases
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
11
Who is Driving Mobility (and Why)
Top Reasons for Adoption of Enterprise Mobility
When asked What was your companys most important reason for moving to enterprise mobility solutions (Select all that apply) the majority of the online survey respondents said it was faster access to company data followed by improved collaboration among employees
Faster and ubiquitous access to company data services and applications
Improve customer interaction and service
Richer user experience
Improve sales and sales support
Consolidate multiple devices into mobile one
Provide analytics data to executives
Improve collaboration among employees
77
40
40
53
10
57
30
Most enterprises now operate in a 247globalenvironmentanddependon mobility as key to timely effective communications in such areas as
Salesandmarketingfieldactivities Customer support through real-time
information Supply chain management Executives on the road
A lot of work is not tied to a desk or a desktop computer Work also takes place in meetings HR training sessions collaborative team sessions and lunch with customers
A vice president at a service provider company predicted that ldquoPCs will go away as communication end points in the next few years and will probably end up being personal servers rdquo Study participants agreed that the majority of computing will happen on mobile devices because of the user-friendly paradigm
Top Executives Along with Employees Drive Adoption
Unlike other enterprise technologies driven by the IT group employees are driving the pace of mobile adoption wanting the same user-friendly computing at work that they enjoy outside of work
Importantly our interviewees stated that a sizeable number of these employees are actuallytopexecutivesTheywereimmediatelyattractedtothecompetitivebenefitsofiPadswhentheywerefirstlaunchedintothemarket
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
12
Our online survey respondents also indicated that senior executive rolesmdashheads of business units and executive managementmdashare driving the use of mobile solutions in their companies
Study interviewees shared these examples
Whenafinancialservices companyrsquos competitor showed up with an iPad at a mutual clientrsquos officethefinancialexecutiversquos reaction was that he had to have an iPad in order to compete
WhenanairlinepilotheardthatanotherairlinereplacedpaperflightplanswithiPadsinordertocutdownonpaperandincreaseefficiencyhe
looked into how to do the same thing at his company
At the U S Open a bank used mobile devices to demonstrate the bankrsquos new deposit system to people waiting in line
A software products company had a Web-based workflowmanagementapplicationforitsnicheaudience of Hollywood studios and television show producers It recently developed a mobile app version of the system to meet the demands from a different segment of executives in the client database The
executives had been exposed to iPads and quickly demanded a system that would be easy like the iPad where I justhavetopointmyfingerrdquo
ldquoA laptop takes a good three minutes to be ready to get to data whereas an iPad can be up and running in less than three secondsrdquo -CIO financial services company
The iPad is a new device creating a new
audience which results in new needs expectations
and opportunities
48
36 48
45
16 7
Heads of business units Sales and marketing IT department Executive management A committee of senior executives No one in particular
Which of the following roles are driving the use of mobile solutions in your company
(Select the top three choices)
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
13
Three Waves of Mobility Adoption
Adoption of enterprise mobile solutions and strategies came in three waves Notably with each new wave enterprises achieved greater value despite the accompanying challenges
Apple and Google were responsible for much of theincreasingbenefitswith each wave The iPhone preceded Wave 1 Android and the iPad are present now in Wave 3 At their entry into the marketplace all three devices revolutionized the industry and the types of value that enterprises can achieve in a mobile environment
In Waves 1 and 2 of the enterprise mobility spectrum enterprises made their existing applications available in a mobile context and also experimented to see what value would come out of mobility
They found that mobility increases their ability to innovate
As the use cases in the Sand Hill survey point out the greatest value of mobility is in enabling companies to be more competitive in their
markets so they can gain new customers and improve existing customersrsquo satisfaction
Wave 1Improve internal
productivity
Common enterprise productivity applications for mobile users
Applicationsforspecificcustomizedprocesses in different industries
Enterprise embraces mobililty as key to competitive differentiation
Wave 2Improve customer
satisfaction
Wave 3Reach
new markets
Functional Business Areas Adopting Mobility
SurveyrespondentsidentifiedfunctionalareasintheircompanythatcurrentlyusemobiledevicesthemostAlmosthalfidentifiedsalessalessupportandinformationtechnology as the top areas By far corporate email contacts and calendar are the mostavailableenterpriseapplicationsservicesusedinthesurveyparticipantsrsquocompanies
copy Copyright 2011 Sand Hill Group All rights reserved
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
14
In which of the following functional areas of the company are mobile devices used the most today (Select the most used areas)
Sales and sales support 48 Information Technology 48 Customer support 19 ManufacturingOperations 19 Marketing 13Human Resource 13 Finance and Accounting 13 Point of sale 10 EngineeringRampD 10
Which of the following mobile enterprise applicationsservices are available to employees today (Select the most used areas)
Corporate email contacts and calendar 77Support tools and content 39Sales force automation 36Travel and expenses forms and approvals 29Marketing tools and collateral 26Call center 26HR approvals and forms 23
Executivesidentifiedthreeareasamongtheldquootherrdquoareaswheremobiledevicesare most used in respondentsrsquo companies inpatient care service delivery and management personnel for approvals and across disciplines
More than half (55 percent) of the online survey respondents reported that the enterprise
mobile applications most used at their company are internal productivity applications for
employee use
B2B applications for use with partners suppliers contractors
etc are the most used at 32 percent of the companies
B2C (customer-facing) mobile applications are the most used at
13 percent of the surveyed companies
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
15
Chapter 2 - A Devisive Issue ldquoBring Your Own Devicerdquo ModelEnterprises are still blazing the path on the Bring Your Own Device model The decisionbringstradeoffsinemployeesatisfactionandcostsandinfluencesdatasecurity policies
Whether or not to allow a Bring Your Own Device model is a hot topic at most of the companies we surveyed A few had already implemented a BYOD model (ldquoit just sort of happenedrdquo one CIO stated) and were backtracking to establish BYOD policies Others were facing a lot of employee demand and consequently were considering the issues surrounding switching to BYOD
However BYOD is not a black-or-white decision Some companies are supplying corporate devices to employees who need them as well as other non-mobile employees personal devices while also allowing limited network access to corporate resources such as email This is not really at a policy level yet It is more a case of ldquoWe will give access to corporate email on your device if you ask for it rdquo
Among the online survey respondents employees own more than 75 percent of the total mobile devices at almost one-fourth of the companies
Fifty-seven percent of the companies reported that they allow BYOD for accessing enterprise applications and data Among the survey respondents not currently allowing a BYOD environment 53 percent reported their company is planning to offer BYOD to employees within the next two to three years
What percent of the total mobile devices are employee owned
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
16
Impact of BYOD on Employee Satisfaction Productivity and Engagement
A BYOD model contributes to employee satisfaction productivity and engagement as they want the same simple user-friendly computing experience at work as they enjoy in their personal lives
However employees have some reservations around BYOD They want compensation for buying the devices and they want to choose the devices In addition they want to protect their privacy rights Privacy issues include
Most companies require that a device be wiped if there is an issue such as termination of employment or other security issues Employees want only corporate data to be wiped and not the employeersquos personal data They do not want the company to factory reset the device There are some MAM and MDM solution providers that now have the capability to wipe a device remotely without touching personal data
By default the backup system for iOS5 is iCloud All corporate and personal data is automatically backed up in the cloud when using this platform There are ways around this situation but companies must look for them as they are not readily apparent Similarly to the iCloud situation companies may want to determine the backup default for sensitive corporate and personal information on any public cloud
Because of location-awareness technologies used in mobile devices at any given moment the carrier and many applications know with pretty good accuracy where a user is Some companies also use technology tools (device agents) that monitor user behavior in order to detect when someone other than the employee uses the device Employees do not want their companies to control and monitor everything they do on their personal devices
On the iOS5 platform the default
back-up is iCloud which automatically stores personal and
corporate data
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
17
Despite the business value gained with employee satisfaction some companies are not yet ready to adopt BYOD A CIO we interviewed related the issue he encountered when he encouraged BYOD at his company
Impact of BYOD on Costs
A BYOD model has both negative and positive impacts in the Total Cost of Ownership picture Shifting device ownership to employees results in a cost savings
But mobile devices evolve so quickly that enterprises can expect to undertake a major refresh every few months which becomes expensive Some enterprises may choose not to upgrade the OS or the model for a couple of years
With a BYOD model the upgrade costmdashand even the choice of upgradingmdashare up to the device owner
A survey participant pointed out that implementing a BYOD model in his company caused ldquoa short-term blip increase in support costs but also resulted in a long-term decline in support costs because we donrsquot support those devices rdquo Most interviewees reported that support costs go down in a BYOD model because employees are responsible for device support the enterprise is responsible only for supporting the applications
ldquoUsers have their own likes and dislikes and the devices are fully capable in either case As long as we can secure the devices why do we care who owns them But the proposal I brought forward was not accepted The concern was that it would put a higher support burden on the IT staffrdquo
- Global CIO entertainment company
Offer employees company-approved mobile devices and allow them to select the device they prefer This is an effective way to balance the needs between user satisfaction and enterprise control
Provide support for a reasonable number of devices (as opposed to all devices)
Establish a means for employees to request support for a given device that may not be supported and then put the device through acceptance criteria before the device is allowed for support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Bring Your Own Device Policies
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
18
Dictate and control the devices that are allowed on the network There are too many devices to allow employees to bring whatever they want into the company and give them access
Use MDM tools for provisioning and security monitoring These tools are evolving so be sure to conduct a thorough vendor evaluation before selecting the right tool
Get an understanding of how you need to comply with regulations and laws regarding maintaining an employeersquos personal privacy in a mobile environment
Set expectations with employees as to what they areare not allowed to do
Ensure that personal apps and corporate apps are ldquocontainerizedrdquo without losing the flexibility and user experience in using both
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Establishing Management Policies for a BYOD Model
If employees own the devices it eliminates enterprise cost of replacing devices as they evolve with a major upgrade every few months
Allowing BYOD but not supporting the devices lowers support costs
Higher support costs and higher support burden on IT staff
Devices change rapidly and are obsolete in 6-12 months
If employees buy low-end devices (more affordable) it causes a decrease in productivity
Need to compensate employees for buying devices
If the enterprise already has a significant investment in mobile devices itrsquos less expensive to continue to supply devices to employees rather than implement BYOD
BYOD Economics
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
19
Chapter 3 - Critical Considerations around SecurityCurrent State of Security
Security for a mobile environment is much like the early days of laptops Enterprises aretryingtofigureoutwhichproductstouseAswelearnedovertheyearswithlaptops and desktops a good mobile security strategy should be comprised of multiple solutions to provide in-depth security for the mobile device This might be whattheenterpriseconsidersabest-in-classfirewallfromonevendorencryptionfrom another mobile device management (MDM) from another access control from another and so on
According to a report from Juniper Research (Hampshire England) security-related products for mobile devices will reach almost $3 7 billion by 2016 Juniper predicts that by 2016 business sales will account for 69 percent of the market Despite the known vulnerabilities of mobile devices the report found that today only one in 20 devices use some form of third-party security software
A Symantec report revealed that attacks on mobile devices in 2010 increased as morepeopleusedthemformobilecomputingandWebsurfingManyuserslacksecurity savvy about malware on mobile devices Most malware attacks targeting mobile devices were Trojans posing as legitimate apps in various app stores In many casesthesecurityflawswereexploitedonAndroidsmartphonestoinstallharmfulsoftware Criminals view mobile phone hacking as a potentially lucrative activity
Many companies already on the mobility path lack formal mobile security policies This was borne out by respondents in our online survey Only 51 percent have a formal security policy on mobile devices and technologies
One executive commented that his companyrsquos lack of policies is due to the selection of mobile devices still being ldquoa work in progress rdquo Another commented that they felt secure while the company was 99 percent BlackBerry oriented but now that they are moving toward consumerization and a BYOD model they recognize they will need to establish policies
49Surveyed companies
lack a formal mobility security policy
115 known vulnerabilities in mobile systems in 2009
163 known vulnerabilities
in 2009
Security vulnerabilities on mobile devices are increasing
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
20
Small and Midsize Businesses
Another interviewee observed that individual users and small or midsize enterprises often do not fully consider or are not aware of how to deal with security issues on mobile devices
Security Vulnerabilities Unique to Mobile Devices
As illustrated below mobile devices have unique security vulnerabilities that do not exist in other enterprise communication end points such as desktops or laptops
Mobile operating system vendors lack knowledge of the carrier infrastructure and how this works in regards to GSM and tracking thedeviceuserAnothervulnerability is the lack of knowledge about how the various radios (cellular wireless and Bluetooth) within the mobile devices are used
The intersection and complexity of mobile devices (hardware and software) chip-level attacks and cellular network exploitations are areas of real concern for mobile device security As an example a mobile user could use a cellular device to purchase something from a vending machine This represents an opportunity for
criminalstointerceptdatafromusersandorthecarrierenterpriseoperatorprovidingservices
Another key threat is that security patch and update management is immature in the mobile space Users do not update security patches regularly and mobile operators or manufacturers lackthesameautomatedsecurityupdatepatchmanagement as Microsoft or Apple have on PCs and Macs
Use cloud-based mobile services It makes a lot of sense if you lack IT staff with the necessary training to implement and support a complex mobile strategy The amount of data and access to the data is not as complex of an issue as it is for large enterprises With lower complexities using a cloud services provider will provide ample mobile security
Achieve a huge cost savings by using a cloud services provider for mobile solutions
Key
Actionable Insight
Small amp Midsize Business Implementation of Mobile Security Strategy
copy Copyright 2011 Sand Hill Group All rights reserved
ldquoMost people who use smartphones and tablets are
not tech savvy and good management support has not been built into these devices This is where the industry is
strugglingrdquo- Mobile Security Architect
telecommunications company
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
21
Finally a lot of the current security models in applications and operating systems are based on an assumption that the chipsets and the over-the-air information are secure This is a fallacy in thinking and represents a way in for attacks
Data Containment Strategy
A huge area of concern about security of mobile devices is around the decision on whether to allow employees to use their own mobile devices for work and personal applications Most of the CIOs we interviewed said their companies are looking at ways to separate corporate and personal data in ldquocontainerrdquo structures on the devices
Operational Areas of Concern for Security
Study participants identifiedothersecurity concerns when implementing mobile solutions including the following
Poor mobile app development guidelines Vendors often write mobile apps without keeping security in mind An interviewee observed that this could be due in part to a lack of user understanding and their not placing the demand on the providers Or it could be due to providers not rushing to do something unless there is a largedemandorthereisawayforthemtomakesufficientmoneyAlthoughApple provides some rigor around app development Google took a more open approach with Android which often leads to the lack of consideration for security when apps are being developed
Mobile spyware can
launch attacks based on user
location
App stores are source of malware proliferation Open
source nature of
operating system such as Android
Use of WiFi hotspots
opens device to black hat man-in-
the-middle attacks Mobile
spyware more difficult to detect
than desktop spyware
Cellular network
exploitation weak GSM encryptionSocial
networking aspects of
engineering
Security Risks and Threats Unique to Mobile Devices
copy Copyright 2011 Sand Hill Group All rights reserved
Note The open source nature of mobile device operating systems is not necessarily a security threat For example Linux systems (which are open source) have proved to be pretty secure However device manufacturers could make insecure extensions to an operating system which can open up new security vulnerabilities
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
22
Device agents Enterprise executives understand that they need to centrally manage the end point This often involves installing an agent on the mobile device to push policy down to these devices in order to control the user activity This touches on privacy regulations because these agents can also monitor and report what a mobile user is doing or the userrsquos location
Keeping up to date Patches application and operating system updates and security updates must be kept up to date Other actions enterprises should take include
Control where downloaded applications come from Use whitelist or blacklist software to control which applications
are allowed Enforce strong passwords Manage access controls Runsecuritysoftwareonthedevices(firewallencryption
antivirus)
All of this represents a layered security architecture that provides in-depth security
Take a containment approach to corporate data isolating company data from employee mobile devices One method of containment is virtualization
bull This helps isolate the potential for attack by using virtualization of sessions and information to avoid local storage of content This strategy allows multiple personas per employee and thereby separating personal personas from the corporate personas
bull It also allows employees to have virtual access to apps that pertain to their personal life which are separate from virtual access to apps for their work life
Consider solutions that allow you to manage the access-point infrastructure Many devices allow users to switch between the carrier infrastructure and a WiFi infrastructure Users should be forced to switch to WiFi infrastructure when on enterprise premises In addition to connectivity control this will save money
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Containment Approach as Strategy for Mobile Security
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
23
Data storage If a mobile apprsquos content lives in the cloud there are minimal to no problems The problems arise when a device is off line and content is stored local to the device Apple has made good advances in this regard in areassuchasencryptionandcertificatesTherearestillconcernsaroundwhat Apple considers as appropriate security and what enterprises feel is the right approach ISVs such as SAP provide complete data protection for data at rest in spite of the platform
The human factor A CIO observed that there is ldquono national security background requirement for an individual to work within a critical telecom environment This would make it very easy for organized criminals to infiltratetheorganizationandstealdatardquo
Extend your approach to mobile security to the following layers
bull Devicebull Operating systembull Browserbull Cloudbull Extended cyber-enterprisebull App store
Include the cloud and extended cyber-enterprise layers in your management of secure access to mobile services such as Salesforce com
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Mobile Security Should Be Considered as Several Layers
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
24
Business situation
The enterprise in this case study is a semi-autonomous government agency with stringent security requirements It is building a suite of tools referred to as the ldquoenterprise collaboration suite rdquo It must address the governmentrsquos onerous security requirements which are at odds with expectations of employees
The enterprise collaboration suite sits in the enterprisersquos private cloud and is a collection of different tools and technologies that empower employees to be mobile and collaborate how when and where they want from any device
Theapplicationsallowuserstoinputdatafromdifferentfieldsiteswithouthavingtofirstenterthedataonpaperandthentranslateitintoanelectronicmeansofdistribution
Applications whitelist Because of the governmentrsquos onerous security requirements the enterprise developed an applications whitelist as a mechanism for deploying applications securely to particular employees Deployment is based on what an employee needs as opposed to allowing employees to freely go to the app store and purchase applications
Capital constraints Rich mobile applications experiences are what the agencyrsquos users want just as they experience in their personal lives But that requires writing apps for multiple platformsmdashiOS Android and Windows mobile so far and more to come This is a very expensive value proposition for the agency They decided instead to build a mobile Web application instead of rich native apps and leverage HTML5 as it matures
Finding the Right Balance Between Security Requirements and
Users Desired Functionalities
Case Study
Develop an applications whitelist as a mechanism for deploying applications securelytospecificemployees
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
25
Business situation
Aglobalfinancialservicesfirmisencouragingitscustomerstotweetandsendmessages to them on Facebook But it does not want to allow the same kind of user experience for its employees
Although the company sees great value in encouraging its customers to use social media websites it decided not to allow employees to access those sites from the companyrsquos network because of security vulnerabilities on social networking sites
Thechallengewhenemployeesgofromanenterpriseenvironmentnetworktoanother Internet site is that the companyrsquos policies must go from the lowest common denominator to the best denominator for employee behavior
The companyrsquos employees are required to sign a code of conduct when hired The HR department is now extending the code of conduct to include policies social media access through the enterprise mobile environment and network
How to Handle Employees Accessing Social Media Networks
Case Study
Make sure your companyrsquos code of conduct for employee behavior covers policies regarding accessing social media networks and websites through the enterprise mobileenvironmentnetwork
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
26
Business situation
A large insurance company with thousands of employees needed to establish securityandcontrolmanagementpoliciesforthemobiledevicesinitsenvironmentThe devices were a mix of corporate phones and iPads as well as personal phones and iPads
The company decided not to standardize on mobile devices as different users have different needs Employees receive a monthly stipend for their personal devices
Policies established If a corporate-owned device is lost the company will remotely delete all data
The company is not responsible for any personal data that an employee puts on a corporate-owned device
Corporate-owned devices are to be used only for accessing and storing a certain kindofdatainformation
Confidentialinformationdownloadedontoacorporate-owneddeviceismonitored A limited amount of business data is allowed for downloading onto a personal
device but it is kept isolated (as if in a container) and the company has remote control over it
Allfilesareencryptedasistheapplicationdatacontainer The company decided not to use locational capabilities in monitoring devices due
to privacy concerns raised by employees Instead they use monitoring tools for ldquotypical usage rdquo The tools collect data such as use of a mouse typing speed and other characteristics When someone other than the employee does something different from those characteristics the company knows immediately that it is not the same person
Setting Different Security and Control Policies for Corporate versus
Personal Mobile Devices
Case Study
The way the enterprise manages the devices makes a difference in the total cost of ownership picture
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
27
Chapter 4 - Interoperability and Market Fragmentation HurdlesTrailblazing enterprises encountered hurdles on their way to generating business value through mobility These include
Changing landscape of mobile devices Disparate mobile operating system platforms Whether to use HTML5 or native apps Gaps in mobile technologies
These four hurdles result in a lack of interoperability in application development efforts
Theseissuesnotonlycausedifficultiesforenterpriseswhiletransitioningtoamobile environment but also are barriers to adoption When asked to identify their companyrsquos top three barriers to adopting enterprise mobility survey respondents
What if any are your companyrsquos top three barriers for adopting enterprise mobility (Select up to three choices)
Governance (eg policies for control security monitoring and services) 49
High costs of procurement and support 37
Immaturity of mobile vendors 32
Lack of good mobile enterprise platforms 29
Lack of availability of mobile expertise and resources 24
Dynamic nature of the mobile device market 22
in our study indicated that platforms the mobile device market and technology immaturity were major barriers
A CIO interviewed for this study commented ldquoIf we were to architect our services carefully the integration challenges between different mobile device and platform vendors would become a lot easier rdquo In most cases that is not happening Vendors however are stepping in to build integration plug-and-play connectors to data stores in the enterprise
Changing Landscape of Mobile Devices
The growing number of disparate devices is a security control and policy challenge Enterprises have to weigh those issues against the demands of customers and employees who want to use particular mobile devices
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
28
We can segment the enterprise market into three categories
Those that cling to BlackBerries because of their security features Those that are waiting on Microsoft for a seamless solution for transitioning
fromdesktoplaptoptosmartphonestabletstocontinuetheirworkinofficeproductivity applications
Those where consumerization is now the driving force in selection of mobile devices in an enterprise
But the proliferation of mobile devices impacts all three segments This is because all three segments use mobile technologies to generate business value from their customers and the customers are using a wide variety of mobile devices Moreover
the popularity of specificdeviceskeepschanging Consider the following trends around tablet devices for example iPads iPads took off in enterprises likewildfireassoon as they hit the marketplace A participant in our study reported that a bank rolled out 17000 iPads to employees An
interviewee related a sales call situation where the sale of a companyrsquos products had such a greater certainty if demonstrated on an iPad that the sales team gave away iPads to potential customers so they could try the product on it
Yet the iPadrsquos dominance in the tablet market took a dive recently according to a studybyresearchfirmStrategyAnalytics Its Q3 2010 market share was 95 5 percent it dropped to 66 6 percent by Q3 2011 as Android tablets began taking some of its market share
iPads are clearly a favorite among executives as described earlier in this report HowevertabletdevicescurrentlyhaveconstraintsItisdifficulttoenterandmanipulate information on any tablet device Older users and people such as
Include in your business case the cost of some employees still needing to carry laptops along with iPads and other tablet devices
Tablet devices are not yet great for inputting large amounts of data
In addition tablets are not designed to leverage native file systems
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Tablet and Smartphone Capabilities
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
29
physicians have not adjusted to the swiping and touch interfaces on smartphones and tablets and want a physical keyboard but that necessitates extra cost and carrying an extra component
Patent Wars A trend likely to impact mobile device choices down the road is the current patent wars amongfiercerivalsinthelucrativemobiledevicemarkets Apple for instance filedsuit against HTC claiming infringement on 20 patents around user interface hardware and architecture
Laptop Price Wars In the future competition among mobile vendors will drive down the cost of smartphones and tablets to a price point corresponding with laptops and desktops which will change the competitive landscape
Problems with Upgrades Mobile devices and operating system versions evolve and need upgrades every few months This changing landscape causes interoperability challenges
All three parties involved with updating a device (the manufacturer OEM and carrier) have their own update procedures But all three updates must integrate A larger update program could cause a device to become inoperable due to OEMorcarriermodificationstothedeviceIfaproblem occurs who owns it Customers usually contact the carrier but all three parties must work together to solve the issue
Are BlackBerries In or Out Despite the consumerization trend piling up preferences for Apple and Android devices the fact is BlackBerry devices still dominate enterprises In fact 57 percent of the companies responding to the online survey use BlackBerry devices
Our survey found big differences of opinion around the future of the BlackBerry Some believe it will ldquogo the way of Palm in the next year and a halfrdquo or ldquoshrink down to a niche market as pagers have rdquo Others believe it has staying
ldquoThe mobile industry is nascent and it will be a long time before the vendors are ready to play togetherrdquo- Principal high-tech service provider
92Fortune 500 companies that
tested or deployed iPads during its first 18 months
on the market
Which mobile platforms does your company offer to the employees
(Select all that apply)
Apple iOS 66
BlackBerry 57
Microsoft Windows 46
Google Android 43
6 None of the Above
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
30
power in the enterprise because of its great security encrypted delivery and outstanding synchronization
To the survey question ldquoIs your company moving away from BlackBerry devices to newer platformsrdquo 60 percent of the executives responded ldquoyes rdquo Giving employees a choice in devices (43 percent) and enabling richer applications (43 percent) tied as the top reason for shifting away from BlackBerries in the enterprise
In another interview in the study a vice presidentatahigh-techfirmthatfocuseson business intelligence mobile apps said his companyrsquos strategy is to develop for multiple platforms in order to appeal to a broader market They have a version
of their software for high-end BlackBerries but have investedsignificantlyinthe Apple iOS platform because ldquoit gives the best possible user experience and performance rdquo The company has held back on developing for the Android ldquowaiting until there is critical mass and demand rdquo
AnexecutiveatafinancialservicesfirmsaidhiscompanyhasbeenusingBlackBerries ldquoforeverrdquo for personal information systems but that they are now expanding those systems to be smartphone agnostic They used BlackBerries ldquofor obvious security and control reasons rdquo But he says the use of BlackBerries rather than iPhones and Androids creates a negative impression when they try to recruit new talent
Similarly a 2011 Cisco Systems study found that ldquoemployees under the age of 30 prioritizesocialmediafreedomdeviceflexibilityand work mobility over salary in accepting a job offer rdquo
ldquoIf you need security you deploy with BlackBerry iOS and Android are wonderful but iOS as implemented seems to exhibit a policy of lsquoinsecure as implementedrsquo while Android seems to be glitchyrdquo
Anonymous online survey participant responding to question ldquoIs your company moving away from BlackBerry devices to newer platfomsrdquo
Why is your company moving away from BlackBerry devices (Select the MOST IMPORTANT areas)
Enable employee choice of mobile devices 43
Enable richer applications 43None of the above 14
Reduce costs 0
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
31
Disparate Mobile Operating System Platforms
The current market fragmentation is a hindrance in achieving some mobility objectives Complexities abound when companies take a cross-platform approach to mobile devicesmdashIT then has to support all of the allowed platforms And there are differing security aspects with each platform
In addition to higher support costs because of market fragmentation enterprises face higher development costs While more and more companies are being formed that have mobile app development capability the number of developers with adequate Android or iPhone skills is relatively small
Building an internal mobile app development team necessitates findingdeveloperswithcross-platform skills or hiring two developers instead of one Most enterprises that attempt to build an internal team face the risk of not being able to retain the talent in a highly competitive exciting market Plus the revenues generated through mobile solutions may not justify a full-time in-house mobile development team
Android devices are responsible for a large chunk of the mobile market fragmentation In fact some of the surveyed executives believe the market cannot fully address fragmentation because Android will always be fragmented Any mobile device manufacturer can use it as they wish and introduce various screen sizes and shapes different buttons and keyboard components etc for the Android version they deploy
An interviewed executive pointed out ldquoThe only way to eliminate the problem is for Google either to cease licensing the platform and build its own devices like AppleorfortheAndroidmakertobeveryspecificinterms of hardware requirements like Microsoft I donrsquot expect either of those things to happen At least the fragmentation issue is not as bad as it was 18 months ago rdquo
An executive participating in the studyrsquos in-depth interviews expressed dissatisfaction with his companyrsquos current situation due to market fragmentation They need to deliver native apps for a rich user experience so they have invested in both Apple iOS and Android development efforts
He explained ldquoWe have to straddle between them to keep them in sync Right now our iOS app is a step and a half ahead of the Android app rdquo He suggested that a way to solve this problem is to have a ldquonative shellrdquo that runs the same application between devices (See discussion on MEAPs later in this report )
Currently in the market are five mobile devices running on iOS and more than 170 running on the Android system
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
32
Apple and Google Canrsquot Brush Microsoft Aside
Microsoft entered the market late Even so it has an undisputed grip on the enterprise space with companies tied tightly to Word PowerPoint Excel and other Microsoft desktop applications
Also the titan works with all of the Fortune 2000 companies and has an in-depth understanding of the enterprise space that both Apple and Google lack
The market fragmentation is not simply a matter of disparate devices and operating systems Part of the problem is that there is no seamless way for a user to bring work from a desktop or laptop onto a mobile device
and continue the work Several executives interviewed in our study commented that a vendor that brings such a seamless solution to the market would win the enterprise mobility space And several commented that they are waiting on a Microsoft solution
Some executives think the Windows 8 platform could be the transformative element A Windows tablet running the new touch-friendly Windows operating system could take over a large share of the market
Additionally Microsoft is trying to jump into the space with a cloud solutionmdashdo work on a tablet no synching required to get it back on the laptop or desktop (or vice versa) because itrsquos all stored in the cloud This is a hugely powerful solution that is likely to change the vendor landscape dramatically in the enterprise mobile environment
Other Challenges
Our study revealed several other challenges due to interoperability and platform fragmentation as follows
Scalability at high volumes Some vendors are unable to scale to meet therequiredenterpriseresponsetimeathighvolumesAfinancialservicesexecutive cited an incident where its customers were unable to link to their credit cards because of this problem
Data privacy The market fragmentation and interoperability issues result in challenges in protecting enterprise customersrsquo data privacy This is an
Fragmentation is decreasing due to Google slowing the pace of its Android updates Still itrsquos a developerrsquos nightmare
RealityUntil enterprises get ridof desktop applications Microsoft has control of
the mobile market
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
33
especiallycrucialfactorforfinancialservicesfirmsPrivacybreachescanquickly ruin enterprise brand and reputation
Customization Many operating systems that come from top OEMs are
highly customized and then further customized by the carrier That customization of the base code and the associated applications typically adds additional issues when it comes to the patching process
Porting Further interoperability occurs with porting A BlackBerry advocate interviewed in our study commented that the beauty of RIMrsquos Java platform was that it enabled porting to any Java-enabled operating system But the Android doesnrsquot allow porting to the iPhone iPad or the new Windows 8 platform The workaround for his company is to use
off-the-shelf solutions as most are port-ready for both the Android and iOS platforms
Mobile Enterprise Application Platform Strategy
An effective way of dealing with the market fragmentation and interoperability due to the proliferating devices and operating system platforms is to use a Mobile Enterprise Application Platform (MEAP) A MEAP enables developers to build cross-platform applications
When asked how their company procures an enterprise mobility solution today more than half (61 percent) of the survey respondents in the Sand Hill study indicated they buy a mobile app off the shelf from a vendor Other solutions
25 - develop apps in house using a MEAP
23 - outsource development to a provider using a MEAP
13 - outsource custom code development
10 - develop custom code in house
Our study revealed that the current knowledge of enterprise CIOs regarding mobile technologiessometimesvariessignificantlyfromthemarketrealitiesForinstance
ldquoWe donrsquot want to outsource or use a third-party hosting model until we know what the performance standards and SLAs will berdquo
- Senior Vice President global financial services company
Nokiarsquos October 2011 launch of two
smartphones using the Microsoft Windows
Mobile OS addresses the increasing demand
for mobile access to Microsoft enterprise
applications
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
34
the survey responses indicating that a majority buy mobile apps off the shelf indicates a relative lack of customer education about the MEAP space
Further many of the executives interviewed in our surveymdashwhich includes CIOs at four large Fortune 100 companiesmdashstated that MEAPs are currently still an immaturetechnologywithsignificantgapsandsomereportedtheyareusingcontent-adaptationtechnologiesThisisasignificantfindingregardingthecurrentstate of adoption of enterprise mobile technologies In a quickly evolving market customers often donrsquot know what they donrsquot know
MEAPS are quickly evolving and are replacing the use of content-adaptation technologies which were designed to adapt Web-browser applications to fitthesmallerscreensofmobile devices
App Development Strategy (HTML5 Native Apps and Hybrid Apps)
Today the end goalmdashthe best user experiencemdashis possible only through native apps Browser apps are slow when pulling data when the user taps on a button They also have the constraint of being limited to wireless connectivity when the user is on the move if carrier coverage is spotty in some areas
But weigh that against dealing with the device form factor and having to write an app for the desktop laptop Mac iOS Windows and 20 versions of Android Itrsquos a very expensive value proposition
Android Apple and Microsoft platforms are too different for a developer to be able to build one app that provides a good user experience on all three so the desired outcome requires building native apps for each platform or using a MEAP platform to reduce the overhead of writing for each platform
An MCAP is a Mobile Consumer Application Platform
A MEAP differs from an MCAP in that the MEAP needs back-end enterprise integration It also differs in requirements for security deployment of the app internally and authentication (features not needed in consumer-facing apps) In addition the MEAP differs in providing the necessary corporate UI look and feel
A sign of increasing adoption of mobility in enterprises is the fact that MCAP vendors are moving toward MEAP in order to cater to the enterprise market
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
MCAP versus MEAP
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
35
The debate over HTML5 versus native apps has proponents on both sides The consensus opinion of our study participants was that HTML5 is not yet ready for prime time and could be many years away from providing the same rich user experience as native apps Still itrsquos the goal as it eliminates the expense of writing for multiple platforms
Adobe Systems recent decision regarding mobile apps is an example of the complexityofissuesintheHTML5native apps dilemma facing developers Adobe announced in November 2011 that it is discontinuing Flash Player in browsers for mobile devices and is moving to HTML5 instead The decision ignited concerns among mobile app developers many of whom are working with Android apps
The smaller smartphone and tablet screen size compared to a laptop or desktop is a challenge A developer cannot simply shrink an existing desktop applicationtofitamobilescreenasitbecomes nearly impossible for people to
use it Squeezing a lot of information onto a small screen in a business intelligence application for instance just doesnrsquot work for the user
In addition it slows down the performance and responsivenessmdashthus impacting not only productivity but also the user experience that is a very important featurein mobile apps and devices Resolving the issue requires ldquoan incredible amount of innovationrdquo (especially for more complex applications)
How should enterprises deal with the application development challenges while the industry evolves to HTML5 The
ldquoThe jury is still out on how deep we want to customize on those
three platforms The experience is tied closely to the capabilities of
the device If we genericize that to a common denominator across the platforms will users tolerate if itrsquos
not similar to their experience in their personal lives The standards
havenrsquot emerged yet to where we can bet on this Back in the old days enterprises used to drive standards Now itrsquos the consumerization of the
enterprise and wersquore trying to mimic whatrsquos going in the industryrdquo
- CIO logistics company
How do employees access corporate data resources and services today from their mobile devices
(Select the most used choices)
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
36
companies we surveyed advised ldquoDo both native apps and HTML5 for now rdquo Both strategieswillco-existaseachhasadvantagesdisadvantagesandspecificusecases where they make sense In addition a third option now exists hybrid apps
A Venture Beat article describes the option ldquoHybrid app development employs native capabilities while also serving as a strategic stepping stone towards adoption of HTML5 A hybrid app is a native downloadable app that runs all or some of its user interface in an embedded browser component To the user a hybrid app is almost indistinguishable from a native one But to developers there is a huge difference because instead of rewriting the app from scratch for each mobile OS they write at least some of their application code in HTML CSS and JavaScript and reuse it across devices rdquo
The decision over whether to develop native apps or use HTML5 is another area where our study revealed that many companies lack knowledge of the mobile technology capabilities that are available today Only two executives we interviewed mentioned hybrid apps as an option
One executive described his companyrsquos hybrid mobile apps ldquoWe loaded some code in HTML5 that is common to iOS and Android We canrsquot yet go all the way to HTML5 because of the performance hit when accessing content from the Web We plan to deliver more and more content via HTML5 over time while retaining some core elements of the devices in a lsquonative shellrsquo even though the app is HTML5 rdquo
Use a hybrid app to facilitate code reusability for pure native or pure HTML5 versions
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Hybrid Apps
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
37
Chapter 5 - The TCO Tab Total Cost of Ownership Althoughsomeaspectsofmobilitymaybringcostsavingsmdashanimportantbenefitespecially in the current down economymdashother aspects of mobility will increase costs The three areas of investment are infrastructure security and managed servicesOuronlinesurveyfoundasignificantdifferenceintheannualamountthatrespondents spend in procuring mobile apps services and devices today compared to what they anticipate spending in the next three years In addition the survey found that the amount of mobile investment directly correlates to the size of the company (based on revenues)
Movingtoamobileenvironmentrequiresasignificantcapitalinvestmentnotonlyup front but also on a continuing basis As examples of the increase in investments over the next three years some CIOs interviewed in the study predicted the following
Current investment offivepercentoftotal IT budget will double next year and ldquogo up exponentially because there is a lot of demand rdquo
Current investment of less than one percent of total IT spend will ldquoclimb pretty rapidly as a percentage increase rdquo
Current spend of less than fivepercentofIT budget will increaseasmuchas30-40percentinfiveyears
Investments of global enterprises will increase as they expand into India and China
What is your organizationrsquos spending on enterprise mobility as a percentage of its total IT budget today Whatrsquos your best estimate of what it will be in 1 - 3 years from now
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
38
How much is your annual investment in procuring mobile applications services
devices and support today
Total Cost of Ownership
It is important to take a Total Cost of Ownership (TCO) perspective in decisions around moving to a mobile environment and in justifying the business case for return on investment (ROI) Keeping up with the pace of changing mobile technology is a major cost factor as illustrated below
Our survey uncovered several cost factors that companies should not overlook at the outset of their journey to mobility as follows
Although it is debatable one of the attractions of mobile apps according to one of the executives we interviewed is that they can be developed at lower cost than traditional applications However the absolute dollar volume is misleading because users get more bang for the buck from mobile apps
A CIO we interviewed whose companys biggest cost item is headcount did not believe they would save money by switching to a BYOD model despite eliminating the cost of purchasing devices As he explained ldquoIf I give $1000 or $2000 to my 120-member staff and tell them to go buy the device of their preference then Irsquom not able to cut a head in my IT department rdquo
Challenge Keeping up with scope and pace of evolving mobile technologies
New operating system releases new phones new services hitting the market very rapidly
+Services on mobile devices usually expire every two years
+Devices are sold with additional functionalities built in by
several hundred providers around the world+
The above scenario spread across Apple Google Microsoft and other vendors=
HighsupportmaintenancecostsandanITnightmarecopy Copyright 2011 Sand Hill Group All rights reserved
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
39
Companies often overlook telecommunications usage fees As the data usage in the mobile device get larger usage fees become more expensive With users racking up thousands of dollars in phone charges the purchase cost of mobile devices becomes irrelevant
By the time a company develops an adequate program to procure image deploy and support devices they are obsolete
Employees tend to abuse and neglect company-owned devices The cost of replacement or repair can be significant
The price points of touch-screen devices will reduce over time
Many older employees want to use a keyboard with their tablets A midrange laptop can be less expensive than a tablet with dual keyboard and touch-screen capabilities
In many cases employees want to keep their laptops because tablets are not effective for all tasks especially those that need intensive data input handling such as spreadsheets PowerPoint presentations graphic design etcInbuildingthebusinesscaseitisdifficulttojustifythecostofaniPadorother tablet device if the employee still will retain a laptop
In some instances employees can share tablet devices Example HR open enrollment or HR training
There may be an application that is valuable to the enterprise but the vendor does not provide a mobile app version
The cost of supporting multiple mobile devices used by a companyrsquos customers can be exponential (See also the discussion on ldquoBYOD Economics rdquo The Bring Your Own Device model has both positive and negative impacts on total cost of ownership )
ldquoThere are all kinds of things available in the market and itrsquos a very painful situation I donrsquot have a choice in investing in them To deliver content to our customers I have to support every platform there is out there I am spending money implementing and testing all our apps on various platforms and picking up the support calls from customers who canrsquot access something We will lose a customer completely if they are carrying a version of Android that our app doesnrsquot work on or where I donrsquot have that version in my test padrdquo
- CIO US media company
ldquoA big cost in managing mobile
devices is the usage costs ndash and nobody is talking about how to manage or control that
effectivelyrdquo - CIO entertainment
company
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
40
Mobile Environment Investment Strategy
Business situation
AglobalfinancialservicesfirmcurrentlyprovidesBlackBerrydevicestoemployeesbutiscurrentlypilotingiPhonesTheyaredefinitelyheadedtowardaBringYourOwnDevice(BYOD) model and expect to discontinue providing mobile devices to employees within two years
Access to applications The security and management strategy around supporting the upcoming BYOD policy includes an access-only approach to applications and will prevent employees from downloading and storing any information on their mobile devices
Beyond security measures they expect this strategy to help drive the move toward HTML5 and reduce the use of native apps
Supportmaintenance nightmare Thisfinancialservicesenterprisehasalotofdifferent customer-oriented applications The challengemdashand bottom-line impactmdashis thattheywillneedtosupportfivedifferentmobiledevicecustomersarelocatedinmanycountries around the world and speak many different languages They would likely need three different app versions at any point in time which is a lot of overhead ldquoHaving all these apps on the device is a maintenance management exposure and customer experience nightmarerdquo said the CIO
The current website supports 3000 different functions and users scroll through 900 featuresmdashnot a good user experience on a mobile device They are investing in streamlining and simplifying all the features on the website for a better mobile experience This involves getting customer feedback on what functionaliities are most important to them in a mobile experience
Case Study
Develop a three-pronged investment strategy for an enterprise mobile environment It must include device ownership policies policies regarding access to applications and decisions on how many mobile device and platforms to support
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
41
Using a Virtual Desktop Strategy
Business Insight
The company is an entertainment company using mobile devices primarily to enable greater productivity by untethering people from their desks The company deployed a BYOD model but switched back to company-owned devices to eliminate issues involved with international travel However they want to reduce the cost of supporting the devicesmdashincluding laptops for those who do part of their work from home Now that Citrix VMware and others are making the virtual desktop more secure and robust the company plans to do some pilots
Virtual desktop advantages Using this strategy a desktop in a home becomes the means of mobility The employee accesses corporate applications virtually and the company maintains control over the applicationsrsquo security When the desktop shuts down the connection to the applications is discontinued and no corporate data persists on the desktop
ldquoSmartphones and tablets are not yet powerful enough to handle this like desktops but they will get thererdquo stated the CIO we interviewed in the study ldquoI believe the adoption of the virtual desktop strategy will rapidly increase as this technology and wireless technologies mature rdquo
A virtual desktop strategy has drawbacks even if mobile devices become powerful enough to handle it It assumes continuous online availability which is not assured in many locations even in major metropolitan cities like New York City
Case Study
Reduce device support costs and maintain security and control over corporate applications and data by using a virtual desktop strategy instead of a BYOD model
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
42
Chapter 6 - Roadmap to a Mobile Enterprise
Four primary focus areas comprise the strategy for transitioning to a mobile environment
Security policies and implementation (See the detailed discussion in the chapter on Security considerations )
Privacy issues Mobile device strategy Mobile applications strategy Considerations for a mobile reference architecture
Privacy Issues
Enterprises should involve their attorneys in drawing up the mobile policy as there are privacy regulations to take into account At the same time it is important not to become too legalistic It will take a while for the legal system to catch up to the realities of the quickly evolving mobile environment The best approach at this time is to seek a good understanding of the parameters of what could happen in various situations and determine which risks are unacceptable
Enterprises must ensure they comply with privacy regulations around mobile devices The growth of adoption of mobility in businesses is raising privacy concerns and debates Even privacy advocates realize that privacy itself is not necessarily something that can be driven just by laws however enterprises must protect the use of collected data and information
The laws around privacy are very confusing to users Often they simply click through disclosure agreements without understanding what they are doing and thus inadvertently allow their personal data to be used in ways that they may not want
An executive in our study observed that Google could make a big improvement in Android by ensuring that installed applications are ldquomuch more verbose on what information is being collected and how that information is being used by that mobile device The privacy and security information should be much more in depth for the end user of the device rdquo
Another privacy issue arises because of location-awareness technologies used in mobile devices At any given moment the carrier and many applications know with pretty good accuracy where a user is On the enterprise mobile device this could result in inadvertent disclosure of personal or corporate information to public sources
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
43
U S Healthcare Regulations
The healthcare industry is another area of concern regarding mobile devices Physicians like the tablet devices But U S healthcare regulations around patient privacy mandate that patient data cannot be downloaded to the devices
European Privacy Regulations
Privacy laws vary from country to country global enterprises must keep this issue in mind when managing data in a mobile environment In European countries for example the laws prohibit comingling employeesrsquo private data (including contacts lists) Enterprises also need to understand how these regulations impact back-up storage by third-party providers and by default in some device operating systems
Mobile Device Strategy
Developing mobile device policies starts with determining whether the employee or the enterprise owns the device Management policies and strategies are completely different streams according to device ownership it is not wise to try to mix them (See the discussion in the Security section regarding keeping employeesrsquo personal data contained separately from corporate data )
The good news is more mobile device management (MDM) offerings are entering the market This is a fast-growing market that is showing signs of maturity Still they are challenged with the fast pace of the mobile landscape and market fragmentation Some MDM vendors take a dynamic approach by providing email contacts and calendar security as well as providing management for enterprise-based applications and then bridge the communication back to the enterprise over a secure channel This is not yet mainstream and is used mostly in industry verticals suchasfinancialservicesandhealthcare
An area of concern is the fact that all of the mobile management manufacturers often modify the carriersrsquo device operating systems to embed more enterprise management functionality Security patch management is another challenge that MDM vendors need to grapple with
Our online survey asked respondents to identify the mobile device management companies they use today or plan to use in the next 12 months Symantec is clearly dominant
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
44
The responses to this survey question again indicate enterprisesrsquo lack of knowledgemdashin this instance lack of understanding the MDM space While their responses place Symantec at the top Symantec McAfee and Good Technology ranked at the bottom of the MDM players list in a Gartner report (ldquoCritical Capabilities for Mobile Device Managementrdquo July 29 2011 ID Number G00213877) Gartner segmented the vendors into three positions based on their product capabilities Zenprise Mobile Active Defense and MobileIron topped the list
Our studyrsquos in-depth interviews revealed that enterprises sometimes make the mistakeofthinkingthatmobilemanagementsolutionsareaone-size-fits-allproductTherewasasignificantamountofdisagreementamongstudyparticipantsas to the value of these solutions as evidenced in the list of characteristics below Respondents believe these solutions are effective in ensuring companies are in compliance with regulatory mandatesmdashalong the lines of the BlackBerry But they also pointed out the following negative characteristics
Tend to inhibit the innovation occurring in the marketplace
Lack support for some devices
Respond too slowly to enterprise demands (in service enhancements as well as support issues)
Lack the ability to support encryption on some devices
Lack tight isolation between corporate and personal containers
Lack effective network service management
A CIO suggested that a better way to handle device management might be to have security software that sits between the hardware and the operating system or that is tied directly into the operating system He pointed out that a lot of government agenciesandVC-backedfirmsarelookingintothisasitwouldallowasecuritymanagementsystemtolookdirectlyintothetrafficthatadevicegeneratesHowever companies would need to work through privacy issues and battery drainage since this approach would enable seeing all the private information associated with a userrsquos social media usage
Which of the following mobile device management companies do you use today or plan to use in the next 12 months
(Select most commonly used companies)
Symantec
None of the above
McAfee
Good Technology
Sybase
MobileIron
Zenprise
Mobile Active Defense
Airwatch
41
27
21
21
18
15
12
6
6
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
45
Mobile Applications Strategy
Managing multiple platforms is the major issue in the applications area Enterprises need cross-platform management systems development environments and tools for various operating systems that will minimize (though probably not eliminate) the need to rewrite code for each platform (See the discussion on MEAPs in this report )
Keep in mind the differences between the consumer and enterprise arenas A lot of companies claim they support a cross-platform environment and support iOS and Android in consumer online banking However this content does not live on the device it is Web-based content and the communication layer is SSL
Managing the application distribution channel is another necessary aspect of control or governance Several app stores now allow companies to use their stores to distribute company apps Less than half of the survey respondents said their companies use app stores as their means of distribution The majority use on-premise servers as their most common way to distribute applications to their users
MDMofferingsdiffersignificantlyonthedeploymentmodels(cloudservicesversuson-premises versus host) While most mature products (such as those from Good Technology Sybase and MobileIron) are on premises a growing range of cloud services offerings (such as those from AirWatch Fiberlink and Tangoe) are starting to appeal to users because they are more economical
Plan for Change Definingamobilestrategymustincludepreparingforchangeas the industry evolves Standards will be established new management tools will be developed the shift to HTML5 will occur the vendor landscape will shift and device operating systems will change The changing relationship between IT and the business side of the enterprise should be included in the overall plan for becoming a mobile enterprise Today the CIO and the IT team view the mobile devices platforms and mobile apps as nightmares of complexity and security challengesmdashat the opposite pole from employees and C-level executives who view them as value-generating technology
$
amp
(
)
+
$ amp (
Internal distribution using
on-premise servers
Apple App Store
Hosted by
third-party
cloud provider
Android Marketplace
61
32
19
36
61
32
How do employees access corporate data resources and services today
from their mobile devices (Select the most used choices)
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
46
Top 15 Best Practices for Transitioningto Enterprise Mobility
Strategy Mindset
BYOD Model
Security
1 Analyze how mobile technology can generate business value for your organization
2 View decisions from the perspective of how users (customers and employees) will interact with mobile devices
3 Start small use pilots experiment 4 Donrsquot try to move old applications to mobile devices without redesigning
them to leverage user-friendly features of mobile devices and systems 5 Base decisions on version upgrades from the perspective of customer
satisfaction Although there is a cost to upgrading devices and operating systems every few months not upgrading to a version that external customers are using can result in losing a customer
6 Determine up front as part of the governance framework who has decision rights as to what apps are allowed on devices
7 Consider a content adaptation strategy 8 Understand company telecom usage patterns before signing up with a
carrier Not knowing the usage patterns can result in spending more than expected
13 Understand what your external threats may be including how mobile devices come into your organization and what they are doing
14 Develop mobile apps that have security in mind from inception 15 Donrsquot overlook the privacy considerations Carriers and apps at any
given moment have location awareness of users that inadvertently can result in disclosure of information to public sources
9 Implement control at the outset 10 Create in-depth policies and manage devices as you would any
traditional endpoint within your infrastructure 11 Prevent entry of low-end devices purchased by employees for use in
the enterprise as they reduce productivity 12 Donrsquot overlook the HR and legal aspects around employee devices
with corporate data or around employeesrsquo personal data on corporate-owned devices
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
47
Considerations for a Mobile Reference Architecture
Although native mobile applications may seem inherently different from browser-based applications from a presentation-tier perspective the underlying communication interfaces and data processing are likely to be quite similar across multiple platforms This means that major components used on the infrastructure side as well as the other layers of the application stack can be used for mobile solutions as well
EnterprisesneedtodefinereferencearchitecturetoprovideguidancearoundthedevelopmentandpurchaseofmobilesolutionsSpecificallyamobilereferencearchitecture should help answer the following questions
What are the implications of building mobile web apps versus other native application types
Wheredoesmobilewebfitintotheoverallenterpriseandapplicationarchitecture
How can companies extend the existing security architecture to include mobile solutions
What are the common components and interfaces mobile applications can use to ensure consistency
Because of the proliferation and fragmentation issues described earlier enterprises should focus on developing mobile solutions with open standards wherever possible andsolutionsthatareagonistictospecificend-pointdevicesandplatformsMobileEnterprise Application Platforms are a way forward as they mature
Hybrid Presentation Model
This model predominantly delivers content via HTML5 and Javascript CSS and UI extensions mimic the native look and feel There could still be a ldquonative shellrdquo that retains the core elements native to the device and is able to access device-specificfeaturesnotaccessibleviaHTML5Further the app should run inside an app container hosted on the device to ensure isolations and security particularly in BYOD scenarios Presentation optimization is critical here to ensure rich user experience Because calls to the back-end services introduce latencies optimizing end-to-end performance including aspects in the ldquoKey Actionable Insightrdquo is essential
Optimize performance of Javascript running on the device
Reducecompressthe amount of information transferred
Avoid synchronous calls (to reduce perceived response delays)
Ensure that the server is as close to the user as possible
Key
Actionable Insight
copy Copyright 2011 Sand Hill Group All rights reserved
Optimize End-to-End Performance for Rich
User Experience
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
48
Real-Time InteractionsAnother area the mobile reference architecture must address is the ability to provide mobile users with real-time information The architecture needs an information-push model that pushes dynamic real-time information to a broad audience of mobile users
A second related aspect is the ability to retrieve real-time data from various data sources The use of modern data formats RESTful interfaces HTML5 Websockets or the Comet communication model allows the architecture to enable mobile real-time interactions
Industrial SettingsIndustrial businesses have unique mobile situations as they must comply with industry safety regulations as well as company operational mandates These factors must be included in such companiesrsquo mobile architecture (See the case study of an oil and gas companyrsquos situation at the end of this chapter )
bull DeployahybridpresentationmodelasdescribedhereforbuildingmobileappsWithsomespecificexceptionssuchashard-coregraphicsgamesdeveloperscanbuildmost apps using the hybrid model Use the right approach for the application at hand rather than a blanket approach
bull Facilitatereal-timeinteractionswithCometorWebSocketsbull Ensureclient-serverinteractionsuseJSONmessagesandRESTfulinterfacesbull DetecttheuserdevicescreensizeandbrowsertypeanduseCSS3toimproveUIpresentationforspecificdevices
bull Encryptallcorporatedataonthedeviceandmakeitaccessibleonlyviadouble-factor authentication
bull Encryptallcommunications(HTTPSSSL)betweenthedeviceandtheback-endcorporate systems or cloud servers
bull Ensurestrongencryptionalgorithmsandadequatekeylengthsbull PiggybackonyourexistingWebsecuritymechanismstoprovidemobile
authorization and authentication security bull Provideanadditionallayerofinteractiontoaccessback-endenterpriseserversThis
tier serves two purposes o Improves security by preventing direct access of sensitive corporate systems to
insecure mobile deviceso Facilitates SOAP interaction with legacy systems
bull UseaJavascriptframeworktoabstractthedifferencesbetweenmobilebrowsersbull TestyourapplicationsusingthedesktopWebkitequivalentMostmobilebrowsers
(except Windows) are based on the Webkit layout engine bull Integrateyourreferencearchitecturewithmobiledevicesecurityandpolicy
enforcement mechanisms whether they are internal or provided by an MDM vendor bull Amobilearchitecturewillensureasmootherimplementationofyourmobile
solutions by providing architectural principals rules and guidelines while enabling communication education and information sharing
Key Recommendations and Guidelines for a Mobile Reference Architecture
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
49
Mobility Customization for an Industrial Setting
Business situation
The enterprise in this case study is an oil and gas company The company must comply with industry safety regulations and company operational mandates As a result users cannot be allowed to have continual connection to a mobile environment
ldquoOccasionally connectedrdquo model To comply with safety regulations and other company operationalguidelinesthecompanyenablesofflineandnear-real-timeaccesstoremoteinformation via a wireless connectionmdashbut only one or the other at a given location and time For example in company plants they can only use certain types of devices that donrsquot interfere electrically (via radio waves) with other wireless bands and radio-sensitive equipment in the plant This eliminates harmonic distortion in the equipment
Thus ldquomobilityrdquo in this industrial enterprise context can best be described as ldquooccasionally connectedrdquo in that the company does not allow connectivity all the time This necessitates designing applications differently to handle this kind of situation
All of the companyrsquos industrial apps are hosted internally on a third-party platform specificallydesignedtohandletheldquooccasionallyconnectedrdquoenvironmentandensuredata integrity The platform is also designed such that communications can be triggered from the client or the server so that when communication is lost they have a way to resync back
Mobile device choice for industrial setting Neither Apple nor Android devices meet the rigorous requirements in such a situation The company uses an older Microsoft mobile platform and older Symbian devices They are currently working on a prototype to get the Windows 7 platform on a tablet-like device They anticipate it may take a year to develop it to work in an industrial environment Costs are huge and units must be ruggedizedandtestedforrigorouselectromagneticinterferenceandcertification
Case Study
Avoid using Apple or Android devices in an industrial setting as they do not meet the rigorous requirements Consider using a hosted platform if using an ldquooccasionally connectedrdquo model in order to ensure data integrity
Key
Actionable Insight copy Copyright 2011 Sand Hill Group All rights reserved
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
50
Chapter 7 - Three-Year OutlookCIOs interviewed in our study had strong opinions on the future direction of enterprise mobility Unanimously they agreed that mobility and its user-friendly paradigm will be the enterprise requirement within two years PCs are likely to become personal servers rather than end-point devices They also believe that most organizations will switch to a BYOD model within two years and all agree that economics will drive that decision Other predictions include
Platforms and Devices Platform wars will continue for another two or three years before companies
consolidate Tablet-style devices will become more prevalent Touch-screen functionality will migrate to other desktop and laptop platforms Price points of touch-screen devices will go down but a $500 laptop will still be
less expensive than a tablet with dual keyboard and touch-screen capabilities Last-mile technologies will mature ending the need to carry three or four
devices People with high content production needs will be the last to move from
laptops
ApplicationsMobileappswillgrowsignificantlyaroundtheworldinthenexttwoyears
as companies expand into the new growth economies which are already predominantly mobile
Users will have the means to create and customize apps that are very personal to them tailoring apps to their job and preferences
Mobile Device and Services Companies The market will look very different in three years because of integration
between hardware and software vendors in mobile provisioning and management technologies Google-Motorola Microsoft-Nokia and Verizon-VMware are early examples
Microsoft is likely to be the vendor that comes up with a cross-platform operating system solution and also establish protocols
Cloud services providersrsquo revenues will increase substantially from providing hosted mobility solutions for small and midsized businesses
As the enterprise mobile environment evolves what will be the concept that will control everything Opinions are divided Time will tell whether it will be the operating system mobile device database programming language or the cloud that actually will control everything else in the mobile environment
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
51
Chapter 8 - Implications for Technology Vendors Mobile security is the top priority for enterprises today This should be at the top
of technology vendorsrsquo agendas
Standardization on one or a few devices is key to enterprise management and security If a vendor comes out with a mobile device that is secure and manageable it will help businesses standardize on one device making mobility more manageable
Software-as-a-Service (SaaS) vendors have a real advantage because they can support mobile access to an app in a very sophisticated manner and distribute the cost across their entire customer base The cost factor would enable building snazzy mobile apps to replace on-premise applications
A huge opportunity exists for vendors to build lightweight in-between situational apps that enable users to perform tasks If these apps must be built from
scratchthecostisnotjustifiableforenterprisesandtheylackin-housemobileapp development skills
Vendors are still primarily focused on consumer-oriented mobile security and are not doing a good job of pushing down to the devices the necessary levels of encryption and data asset protection for enterprises
ldquoSaaS vendors have a real advantage in
mobilityrdquo
- CIO a media enterprise
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
52
References ldquo98 billion mobile applications will be downloaded in 2015rdquo ndash October 7 2011 BERG InsighthttpwwwberginsightcomNewsaspxs_m=1ampm_m=6 ldquoAdobe Explains Ditching Flash for Mobilerdquo ndash November 9 2011 Computerworldhttpwwwcomputerworldcomsarticle9221674Adobe_explains_ditching_Flash_for_mobilesource=CTWNLE_nlt_pm_2011-11-09
ldquoAndroid Market Hits 500000 Successful Published Apps Has 37 Removal Raterdquohttpwwwreadwritewebcommobile201110android-market-hits-500000-sucphp
ldquoApple 92 of Fortune 500 Are Testing or Deploying iPadrdquo ndash October 4 2011 New York Timeshttpwwwnytimescomexternalreadwriteweb2011100404readwriteweb-apple-92-of-fortune-500-are-testing-or-depl-31044htmlpartner=rssampemc=rss ldquoAre Android Tablets Selling as Well as Claimedrdquo ndash October 21 2011 Bloomberghttpwwwbusinessweekcomtechnologyare-android-tablets-selling-as-well-as-claimed-10212011 html
ldquoFacebookrsquos Mobile Chief Within 1-2 Years Wersquore Going to be a Mobile Companyrdquo - September 27 2011 TechCrunchhttpmtechcrunchcom20110927facebooks-mobile-chief-within-1-2-years-were-going-to-be-a-mobile-company ldquoGlobal Enterprise Mobility Market to Exceed US$173 9 Billion by 2017 According to a New Report by Global Industry Analysts Inc rdquo ndash October 12 2011 PRWeb press releasehttpwwwsfgatecomcgi-binarticlecgif=ga20111012prweb8857243DTL
ldquoHow Androidrsquos Fragmentation Issue is Slowly Recedingrdquo ndash September 7 2011 Mobilizehttpgigaomcommobilehow-androids-fragmentation-issue-is-slowly-recedingutm_source=socialamputm_medium=twitteramputm_campaign=gigaom
ldquoHybrid Mobile Apps Take Off as HTML5 vs Native Debate Continuesrdquo ndash July 8 2011 Venture Beathttpventurebeatcom20110708hybrid-mobile-apps-take-off-as-html5-vs-native-debate-continues
ldquoInternet of things will have 24 billion devices by 2020rdquo ndash October 13 2011 GigaOMhttpgigaomcomcloudinternet-of-things-will-have-24-billion-devices-by-2020utm_source=socialamputm_medium=twitteramputm_campaign=gigaom
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
53
ldquoItrsquos an Android future with or without Googlerdquo ndash September 4 2011 The Next Webhttpthenextwebcomgoogle20110904its-an-android-future-with-or-without-googleutm_source=feedburneramputm_medium=feedamputm_campaign=Feed3A+TheNextWeb+28The+Next+Web+All+Stories29
ldquoMarket Research Firm Ups Tablet Forecastrdquo ndash September 14 2011 PhysOrg comhttpwwwphysorgcomnews2011-09-firm-ups-tablethtml
ldquoMorsquoEmployeePersonalTechnology=MorsquoEmployerProblemsrdquondashOctober182011httpsmallbiztechnologycomarchive201110mo-employee-personal-technology-mo-employer-problemshtml
ldquoMobile App Downloads to Reach 98 Billion by 2015rdquo ndash October 7 2011 TechCrunchhttpmtechcrunchcom20111007mobile-app-downloads-to-reach-98-billion-by-2015
ldquoMobile Data Explosion 75 Exabytes by 2015rdquo ndash February 1 201 ReadWriteWeb comhttpwwwreadwritewebcomarchivesmobile_data_explosion_75_exabytes_by_2015php
ldquoMobile Generating Equivalent of $2 5bn a Year Says Google Chiefrdquo ndash October 14 2011 Guardian News and Media Limitedhttpwwwguardiancouktechnology2011oct14android-google-ad-revenue ldquoMobileKnowledgeWorkerstheFastest-GrowingSegmentoftheOfficeWorkforcerdquohttpwwwinfotrendscompublicContentPress201101202011ahtml
ldquoNearly7PercentofUSDigitalTrafficConsumedAwayfromComputersrdquondashOctober 10 2011 comScore Data Minehttpwwwcomscoredataminecom201110nearly-7-percent-of-u-s-digital-traffic-consumed-away-from-computers ldquoNokia Prove Mobility Across the Enterprise is Here is Stayrdquo ndash October 26 2011 Fresh Business Thinking comhttpwwwfreshbusinessthinkingcomnewsphpNID=10721ampTitle=Nokia+prove+mobility+across+the+enterprise+is+here+to+stay
ldquoOne Stock You Must Buy Before the iPhone 5 Hits the Shelvesrdquo ndash The Motley Fool httpwwwfoolcomfoolfree-report15ultimatewirelessaudio-sale-90718aspxsource=irbspoeml0001692
ldquoReality vs Pipe Dreamrdquo ndash October 17 2011 ZDNethttpwwwzdnetcomdebategreat-debate-bring-your-own-device6313019tag=contentsiu-container
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
54
ldquoReport Android Tablet Computer Market Share Increasingrdquo ndash October 23 2011 redOrbithttpwwwredorbitcomnewstechnology1112406600report-android-tablet-computer-market-share-increasing
ldquoReport Mobile Security Software Revenues to Reach $3 7 Billion by 2016rdquo ndash August 9 2011 TelecomENGINEhttpwwwtelecomenginecomarticlereport-mobile-security-software-revenues-reach-37-billion-2016
ldquoRIM Courts Silicon Valley App Developers With lsquoEvangelistsrsquo rdquo ndash October 20 2011 Bloomberghttpwwwbusinessweekcomnews2011-10-20rim-courts-silicon-valley-app-developers-with-evangelists- html
ldquoSocial Mobility at Work Important to Younger Genrdquo ndash November 4 2011 ZDNet httpwwwzdnetasiacomsocial-mobility-at-work-important-to-younger-gen-62302761 htm
ldquoSteve Jobs lsquoIm Going to Destroy Androidrsquo rdquo ndash October 22 2011 Technoratihttpfeeds09technoraticom~rtrarticles~321dil-KRKww ldquoSymantec Reports Targeted Threats Mobile Attacks Increased in 2010rdquo ndash April 5 2011 eWeekcomhttpwwweweekcomcaSecuritySymantec-Reports-Targeted-Threats-Mobile-Attacks-Increased-in-2010-191684
ldquoThe Enterprise Mobility Policy Guidebook October 2010 Editionrdquo ndash October 5 2010 The Enterprise Mobility Foundation httptheemforg20101005the-enterprise-mobility-policy-guidebook-october-2010-edition ldquoWhat I Hate about Developing for Android (and some workarounds that help)rdquo ndash October 1 2011 TechRepublichttpwwwtechrepubliccomblogapp-builderwhat-i-hate-about-developing-for-android-and-some-workarounds-that-help517
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
55
About the Authors Kamesh Pemmaraju With more than 20 years of experience in the tech industry Kamesh specializes in bringing cutting-edge technology products to market security and quality consulting and operations He has held global VP and Director of Engineering and Quality positions at Apani Networks Solidworks and Pegasystems He has brought to market several leading technology products in Enterprise Security 3D-CAD high-transaction websites and Enterprise BPM Kamesh has consulted on technology security and quality strategies at Fortune 1000 companies including GE GM Motorola HP Microsoft NASD Sun Microsystems and Siemens He holds an MS in Computer Science and Automation from the Indian Institute of Science and a BS in Electronics and Communications Engineering from JNT University Hyderabad Contact Kamesh at kameshsandhill com
M R Rangaswami M R co-founded Sand Hill Group LLC (httpsandhillcom) and has been a strategic advisor to fast-growing companies He has held global VP marketing positions at Baan Company Avalon Software and Oracle Corporation MRwasprofiledonthefrontpageoftheWallStreetJournalandwasnamedtoForbesrsquoldquoMidas100ListrdquoasoneofthemostinfluentialinvestorsintechnologyHe holds an MBA from Kent State University and a bachelorrsquos degree from the University of Madras
About Sand Hill Group (httpsandhillcom) provides strategic management investment and marketing services to emerging market leaders Sand Hill Group is best known for its work in the $600-billion software and services market As founder of the ldquoEnterpriserdquo and ldquoSoftwarerdquo conference series Sand Hill Group has been credited with uniting the software business ecosystem of executives entrepreneurs investorsandprofessionalsThefirmisalsothepublisherofSandHillcomthepremier online destination for business strategies for the software cloud and mobile ecosystem The site and its newsletters are read by thousands of top software industry executives as well as CIOs and IT buyer executives Sand Hill Group also funds primary research into key technology and business model trends that impact business in the software cloud and mobile ecosystem
Copyright 2011 Sand Hill Group This report is for internal use of the original purchaser only Any other use or copying by mechanical or electronic means without prior permission from Sand Hill Group LLC is prohibited The information contained herein was obtained from sources believed to be reliable Sand Hill Group disclaims all warranties as to the accuracy completeness or adequacy of such information Sand Hill Group shall have no liability for errors omissions or inadequacies in the information contained herein or for interpretations thereof The reader assumes sole responsibility for the selection of these materials to achieve its intended results The opinions expressed herein are subject to change without notice
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
56
About the Underwiters
Sybase An SAP Company
Sybase is an industry leader in delivering enterprise and mobile software to manage analyze and mobilize information For over a decade the company has been executing on the Unwired Enterprise strategy mobilizing the enterprise with a portfolio of access management development and security software as well as mobile messaging and mobile commerce services
Currently 50 million enterprise users are running Sybasersquos mobility platform to manage a heterogeneous set of mobile devices and develop and manage mobile applications on all major mobile operating systems This platform enables IT organizations to transform mission-critical business processes and boost employee productivity Sybase also connect 5 2 billion mobile subscribers around the globe and process 1 8 billion messages each day empowering people to communicate and transact
Key products and services include the following
Sybase Unwired Platform is a mobile enterprise application platform that accelerates the enablementofstrategicandtacticalmobilityinitiativesItsimplifiesthedevelopmentdeploymentandmanagementofmobileenterpriseapplicationswhileaddressingthedifficultmobileapplicationchallengesofback-officeintegrationsecureaccessformobiledevicesintotheenterprise and support for multiple device types all within areliable push data synchronization architecture
Afaria is a mobile management software that allows companies to centrally manage and secure mobiledevicesandapplicationsAfariahelpscompaniesprovisionconfigureandsecuredevicesas well as deploy and manage applications content and data throughout the device life cycle
SQL Anywhere is an industry-leading mobile and embedded solution providing data management and data synchronization technologies that extend information in corporate applications and enterprise systems to databases running in frontline environments without onsite IT support
mCommerce Services provide an end-to-end platform covering mBanking mPayments mRemittance to both developed and emerging markets Coupled with Sybasersquos leading messaging platform and global reach these services are well-positioned to enable mobile operatorsfinancialinstitutionsandenterprisestorealizethepotentialofmCommerceEnterprise Services provide mobile services for enterprises brands and content providers enabling customers to monetize premium mobile content and deliver interactive services mobile CRM mobile advertising and mobile marketing campaigns globally
Operator services offer Short Message Service (SMS) Multimedia Message Service (MMS) GPRS Roaming Exchange (GRX) and Internet Protocol Exchange (IPX) messaging interoperabilitybetweenmobileoperatorsworldwideTheservicegreatlysimplifiesthedeployment and delivery of inter-operator messaging over incompatible networks protocol stacksandhandsetsServicesincludetrafficanalysisanddetailedreportingandstatistics
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
57
About the Underwriters
Cognizant Mobility Practice
(NASDAQ CTSH) is a leading provider of information technology consulting and business process outsourcing services dedicated to helping the worlds leading companies build stronger businesses Headquartered in Teaneck New Jersey (U S ) Cognizant combines a passion for client satisfaction technology innovation deep industry and business process expertise and a global collaborative workforce that embodies the future of work With over 50 delivery centers worldwide and over 120000 employees Cognizant is a member of the NASDAQ-100 the SampP 500 the Forbes Global 2000 and the Fortune 500 and is ranked among the top performing and fastest growing companies in the world
Cognizant established a dedicated Mobility Practice earlier this year to work proactively with companies seeking competitive advantage from the rapid convergence of mobile cloud and social networking technologies Leveraging its vast industry and business consulting experience Cognizantrsquos Mobility Practice provides end-to-end strategic advisory and thought leadership services that help companies across industries design build test deploy and manage a wide array of mobility solutions The practice has broad-reaching partnerships across the entire mobility ecosystemincludingdevicemanufacturersMEAPMCAPprovidersMDMMAMsolution developers mobile payment and mobile testing solution vendors Our robust portfolio of solutions frameworks and accelerators help organizations across the extended value chain optimize mobile user experience and achieve superior returns from their investments in emerging technologies and business process change
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout
58
Acknowledgments We sincerely thank our Board of Advisors who contributed to this research study and report Combined these executives represent decades of business technology and operational experience
Toby Redshaw EVP and CIO American ExpressDaru Darukhavala CTO British PetroleumYuvi Kocher CTO VP Technology The Washington Post CompanyWilliam BoniChiefInformationandSecurityOfficerT-Mobile
We extend our special thanks to Scott E Ferguson who assisted us on security-focused input and research Scott has 20 years of domestic and international experience in the computer and communications industry He has held numerous senior-level positions in engineering product management and product marketing at startups Fortune 500 companies and business turnarounds in both carrier- and enterprise-focused businesses He is an industry leader driving hardware andsoftwareproductstofinancialsuccessandmarketrecognitionintheareasof security management systems routers switches services wireless VM and applications He has held senior-level positions at companies including Apani Networks Avaya Colubris Networks Nortel New Oak Bay Networks Xyplex Networks and Computervision Currently he consults with companies to help themachievetheirbusinessgoalsthroughhisstrategicbusinessplanningnewproduct introduction implementation and marketing skills He can be reached at scottefergusoncomcast net
WealsothankTechWebfortheircooperationandassistanceinfieldingthequantitativesurveyswhichcontributedtothefindingsofthisreport
Special thanks to Kathleen Goolsby editor of SandHill com for her painstaking work pulling together all the survey and interview information in a coherent manner and writing and editing the report Thanks also to Kathy Burk for her creative work on the graphic design and layout