lundi 28 mai 2012

Best Practices for Supporting 'Bring Your Own' Mobile Devices

A lire sur:  http://www.gartner.com/technology/reprints.do?id=1-17YXF39&ct=111110&st=sb

26 July 2011 ID:G00213799
Analyst(s): Nick Jones, Leif-Olof Wallin

VIEW SUMMARY

"Bring your own" programs for mobile devices demand new support processes and a support organization with new skills.

Overview

This research addresses some of the support tactics we see used in organizations that have adopted "bring your own" (BYO) programs, where employees use personally owned tablets and smartphones for work. This research is intended for CIOs and staff responsible for planning, administering and supporting mobile devices.

Key Findings

  • BYO programs change the goals of the support program and the responsibilities of the support organization, which, in turn, will demand new procedures, metrics and organizational structures.
  • Support organizations will need new skills and must spend more time understanding consumer technologies to better support those technologies.

Recommendations

  • Re-engineer support processes and the support organization to address the challenges and demands of BYO programs; consider some of the support tactics discussed here to address the new challenges of BYO programs.
  • Define a contingency plan to rapidly adapt the BYO program and procedures in the event of unexpected legal or compliance demands, or commercial pressure resulting from external events, such as a high-profile data loss situation.
  • Multinational organizations must customize their BYO support programs for each country, because issues such as privacy, funding, taxation, insurance, network service contracts and working practices vary widely.

What You Need to Know

BYO programs will demand new support processes and new skills, and will change the way support budgets are spent. However, BYO is a principle that most organizations will adopt; therefore, the support organization must prepare for this change.

Analysis

Many organizations are exploring BYO programs where employee-owned devices are used for corporate purposes. Although BYO is attractive to some enterprises, it poses a range of new challenges for the support organization. No organization can afford to fix an unlimited range of issues on a large portfolio of devices, many of which the organization doesn't own and therefore can't control in conventional ways.
We describe some of the approaches we have seen organizations use to address the new support challenges of BYO.

The Goals and Challenges of BYO Support

The goals of support in a BYO environment are fourfold:
  • Social goals. This means primarily keeping the employees satisfied. Employee satisfaction is one of the common drivers underlying BYO programs, and its importance must not be underestimated. We know of cases where thoughtless implementation of BYO resulted in employees resigning. Support organizations must carefully balance the dissatisfaction inevitable if they say "no" to support requests with the complexity of supporting unfamiliar devices. Also, some activities that a support organization may have to perform, such as wiping an employee's device, will inevitably result in dissatisfaction.
  • Functional and business process goals. A key role of support is to ensure that business activities involving the employees and their mobile devices are carried out efficiently without excessive downtime. The support strategy must address what happens when personal devices are lost, broken, faulty and so on. Support may have a role to play in understanding whether proposed application upgrades will operate on devices owned by the employees.
  • Risk management. Many new risks emerge when employee-owned devices are used for business purpose: (1) Corporate data that the organization cannot control in traditional ways is residing on personal devices; and (2) Employees are using applications that the enterprise didn't select, and whose functionality and licensing terms may be inappropriate.
  • There are legal and insurance issues related to devices used for corporate purposes. For example, if a device is required for e-discovery as a result of litigation, it's not the support organization's role to address all of those issues; but some tactics, such as staff training and education, and policy auditing, may fall within the remit of the support staff.
  • Financial goals. One of the most challenging areas for BYO programs is funding, because employees may choose devices that are more expensive to operate under certain conditions. For example, an iPhone roaming intentionally is likely to use substantially more data than a corporate BlackBerry. Financial issues are likely to be particularly challenging in multinational organizations that operate across many cultures and tax regimes. It's likely that a support organization will face many questions and disputes related to funding and reimbursement.

One Size Never Fits All

Consumerization means that organizations can no longer operate a one-size-fits-all strategy for providing and supporting mobile technology (see "New Approaches to Managing Mobile Users and Smartphones"). Typically, organizations identify between three and six management styles to address the needs of different groups of employees. Each style is a blend of technology and policy and is, in a sense, a different bargain between employer and employees. Both sides concede things, and both sides get benefits. For example, employees get more choices of devices, but may have to permit their employer to wipe a personal device if it's lost or stolen. One of the goals of support is to ensure that each party understands and adheres to his or her part of this bargain.

BYO Support Procedures and Tactics

The following list describes some of the tactics we see support organizations using to address the challenges of BYO. Most organizations will adopt several of these strategies:
  • Timeboxed support. Timeboxing allows the support organization to be responsive to user needs without incurring excessive costs. Staff usually will commit to working on any problem for a fixed period of time, typically in the range of 30 to 60 minutes. If the problem can't be resolved in this time, then the issue either becomes the user's responsibility or support becomes chargeable. The logic underlying timeboxing is that many common support issues can be resolved quickly — for example, most support staff can configure ActiveSync on a device in a half hour.
  • Best effort support. "Best effort" refers to a model that limits support costs more informally than strict timeboxing. The IT organization agrees to make reasonable attempts to fix problems with the caveat that, ultimately, BYO problems are the user's responsibility and IT has no commitment to fix anything. Best-effort support is in some ways less satisfactory than timeboxing, as it doesn't clearly set user expectations.
  • Technically bounded support. Some organizations define the support boundaries technologically — for example, corporate IT will support problems involving servers and the network, but not BYO devices. This strategy risks dissatisfaction and is probably best implemented when corporate applications require no on-device code (e.g., they're delivered only through a browser).
  • Loan device pools. Even if a user is able to replace a lost or broken device, he or she may not be able to do so rapidly. Therefore, some organizations maintain pools of spare devices that can be loaned to users to ensure they remain productive while the users are fixing problems with a personal device.
  • Community support. Community and peer support are key elements in BYO programs. Organizations should ensure that employees have ways to share experiences and information. Examples include mailing lists, corporate social networks, corporate wikis, microblogging tools and so on.
  • Defining/providing support arrangements. Some organizations require users to take out contracts for mobile devices that include some level of insurance, support and rapid replacement if the device is lost, stolen or broken. In such cases, the employer must be able to suggest who can supply acceptable services (e.g., the network operator, insurance companies or a third party) and ensure the cost is covered by BYO funding arrangements, such as stipends. In some cases, employers may sign framework agreements with third-party support organizations to provide support services.
  • External services. Many IT organizations are wary of undertaking support for a wide and uncontrolled range of devices; one solution may be to outsource some support to an external organization that has economies of scale and knowledge of more types of devices. Such services are somewhat limited today, although we are aware of a few organizations that have found providers; in many cases, the most likely source of services is a network operator.
  • Education and training. BYO programs demand education and training to make users aware of the BYO policies and their responsibilities, and to communicate solutions to common problems, perhaps using the community support mechanisms noted above. Finally, most BYO programs are immature and are operating in a technology domain that is evolving rapidly. Therefore, ongoing education related to risks, tactics and policies will be necessary.
  • Policy administration and enforcement. Policy is an essential ingredient of BYO programs, which will often demand more responsibility from users — for example, understanding that certain consumer tools and practices are unsafe and that corporate data must not be used in certain ways and on certain devices. Policies must be communicated and sometimes enforced (e.g., by wiping devices, deauthorizing users, removing undesirable applications from devices and so on). Some organizations demand regular written confirmation from employees that mobile policies have been read and understood. Administering this may be a support function (see Note 1).
  • Some organizations monitor policies and, if a user breaks them in a significant way, may remove the user from the BYO program and provide the user with a corporate device. Examples include users who don't replace a lost or broken personal device sufficiently rapidly.
  • Policy enforcement is a complex area that can generate tension between employer and employees. For example, wiping a personal device could be distressing, even when the employee has given permission, because personal applications, pictures and so on could be lost. We recommend that companies consult with their lawyers and HR organizations before deciding how such policies will be implemented.
  • Adopt supportable technologies and architectures. One key ingredient of BYO strategies is to choose application architectures that make mobile support simpler and less expensive. In a recent Gartner survey of CIOs, 74% of U.S. respondents and 67% of European respondents reported that they were moving to thinner architectures; one of the motivations is to make it easier to support a wide range of endpoints. Other tactics include using virtual desktop systems, such as Citrix. Organizations adopt many strategies to make applications more secure and supportable in a BYO world. These include putting security into the application instead of traditional VPNs and firewalls, using multifactor authentication, and delivering services such as mobile email running in controlled sandboxes.
  • Monitoring and auditing. Many support programs include an element of monitoring to validate user compliance with policies, to manage risks and (sometimes) to enforce policy as already noted. Multiplatform mobile device management tools (see Recommended Reading) can provide a way to monitor and control a range of mobile devices. However, monitoring doesn't always demand on-device applications; for example, we know of organizations that monitor device behavior to identify when a device may have been lost or stolen. If a device which is seen regularly and fails to access the network for a period it might be stolen, and so would be wiped.
  • The support organization is also on the front line in issues of employee satisfaction and will become aware of BYO program problems early. BYO programs will likely need tuning; and feedback from the support organization will be an important source of information. Support staff can carry out satisfaction surveys to monitor the program's success.
  • Event management. BYO programs must deal with events and issues that don't occur with corporate devices. For example, users may change their phone numbers, enter or leave the program, or exceed their monthly data plan allowance. Corporate events might include handling e-discovery demands.
  • Insurance. It's a good practice to involve the organization's insurers in the development of the BYO program, as BYO will change the risks the organization faces. Some support tasks may be influenced by the demands of the insurers.
  • Mask the phone number. Ensure that clients don't need to know or contact an employee's personal phone number (e.g., by routing all calls through a single corporate PBX number).

BYO Support Costs

The cost of BYO support varies widely, depending on many factors. Some organizations report reduced costs after implementing BYO, whereas others report an increase in costs due to the wider range of hardware and applications that must be supported. Some believe that there will be a period during which support costs will be higher until staff members adjust to the new models, after which costs may fall. In those cases, when reduced costs are reported, several of the following factors are present:
  • Users are technically knowledgeable and enthusiastic supporters of a platform.
  • Strong peer and community support arrangements are in place.
  • The devices and applications being used are relatively easy to support (e.g., an iPad is simpler than a laptop, and Web apps are usually more supportable than native apps).
  • The organization has eliminated some previous support costs (e.g., by reduced use of laptops or less spending on device administration and control).
  • The legal, cultural and administrative environment supports BYO. In general, it seems easier to implement BYO in North America than in Western Europe (see Note 2).

Skills

BYO will demand new skills of the support organization. In the short term to midterm, there will be more platforms to support; and probably in the longer term, a shift from supporting devices to supporting applications and data as technologies, such as HTML5, allows more device-independence. It's also likely that the first candidates for BYO programs will be technically knowledgeable users who may have more complex support problems demanding more-skilled support staff. Some early adopters of BYO programs comment that they need a new profile of staff who are knowledgeable and flexible, and able to deal with a wide range of issues.
It's important to keep staff skills up to date, so the support staff understands issues before users raise them. This will typically require the IT group to own a range of hardware and be prepared to experiment with devices and applications to gain new skills.

Contingency Planning

Several clients have told us that it's difficult to impose tight security and management in BYO programs, because there have been few high-profile disasters involving data loss on consumer devices. However, this happy state of affairs may not continue. There is a risk that in some industries a high-profile data loss event or security failure could trigger demands for additional security. If this happens, the support organization will take a leading role in implementing urgent changes to policy or technology. Therefore, they should define a contingency plan and a team to address such issues.

Tactical Guidelines

  • Define support arrangements for BYO mobile device programs to address four key requirements: social goals, business goals, risk management and financial goals.
  • Involve HR, auditors, insurance providers and legal staff in the design of BYO programs. Ensure that support plans are designed to accommodate their requirements in areas such as wiping personal devices or retrieving devices to satisfy e-disclosure demands.
  • Support organizations should define contingency plans and identify teams to act rapidly if external events, such as legal rulings or high-profile data loss, demand urgent changes to the BYO program.

1 commentaire: