Best Practices for Enterprise Mobility:

(1)

Best Practices for

Enterprise Mobility:

A Lesson Through Case

Studies

J

UNE

2012

(2)

2

Introduction: The Perfect Storm for Enterprise Mobility

The term “perfect storm” is used to describe a scenario where several independent forces come together to create a single, larger force. An IT perfect storm has happened before. About 20 years ago, low cost processors, near ubiquitous network access, cheap PCs, and Windows converged and gave rise to the Internet computing revolution. Today, the industry stands on the precipice of yet another perfect storm — this time in enterprise mobile computing using a combination of iOS, Android, and the more limited BlackBerry devices.

As with the last perfect storm, there is no single driver of enterprise mobility, instead the following forces are the impetus:

 Wireless Evolution: The ratification of 802.11N WiFi and the commercial availability of 4G cellular services have created a ubiquitous computing environment where a user’s application experience is the same whether connected over a wired or wireless network. This ubiquity has made it more possible to securely utilize devices such as tablets and smart phones for corporate purposes.

 Cloud Services: Cloud has been looming on the horizon for the better part of the past half-decade and has remained more of a vision than reality. However, cloud is ideally suited for a mobile work environment. A multi-OS, cross platform app and device strategy is best served out of the cloud.

 Mobile Device Development: Mobile devices have evolved more in the past five years than ever before. Almost any service or application that a worker may want can be utilized from today’s powerful mobile devices, regardless of the worker’s physical location. This is one of the reasons tablets are now used by 11% of corporate workers, which ZK Research estimates will more than double to 25% by the end of 2012 (Exhibit 1).

Exhibit 1: Percentage of workers using specific devices in the workplace

All of these forces have come together to give rise to the mobile computing revolution, making initiatives like mobile device management a “must have” technology for companies that want to remain competitive. 0% 10% 20% 30% 40% 50% 60% 70% 80% Tablet Smartphone Laptop Desktop 2011 2010 2009

(4)

4

Due to the relative newness of mobile technology and the wide variety of uses cases, however, there are few best practices for IT departments to follow. This report contains four case studies that provide practical examples for IT leaders to use to plan their own enterprise mobile app and device strategy that doesn’t compromise security and incorporates numerous role and industry-based requirements.

Case Study 1: KLA-Tencor – Efficiency and Cost Savings Drive

Mobile Device Management

KLA-Tencor is a Milpitas, CA based process control and yield management company in the semiconductor industry. The company has approximately 7,000 employees located in 55 different locations. Prior to 2011 the company had an unofficial and uncontrolled bring-your-own-device (BYOD) strategy, primarily through ActiveSync for iOS devices and BlackBerry. In total there were approximately 1,500 BlackBerry devices across the user base; the most common applications used were e-mail and web access for HTML apps and mobile e-mail.

In 2011 the company achieved a record year. As a thank you the CEO chose to reward most no employees with an iPad – a total of 5,500 devices. Suddenly, the IT organization went from a position of having no official mobile device strategy to needing to develop one over night.

Consumerization is Rampant at KLA-Tencor

The sudden influx of iPads put the IT department in a precarious position, to say the least. The prior unofficial and uncontrolled mobile strategy did not provide the necessary tools to on-board mobile devices in any scalable way, nor did it provide the visibility into the activities of the users to ensure tablets were being used for business functions. To combat this challenge, the company decided to look into mobile device management (MDM) software solutions and chose MobileIron for its secure support of IOS devices, as MobileIron offered the level of visibility and control desired.

Prior to the deployment, IT would provision an iPad for users and install four core services: Virtual Private Networks (VPN), WiFi access, certificates, and ActiveSync. Each service would take about 15 minutes to install; configuration of all four required about an hour of IT’s time. Senior engineer, Seng Ing, estimated this process would cost the company approximately $90 per device. If that time is multiplied by the 5,500 iPads requiring attention, the cost to bring all of the iPads on the network would equal nearly half a million dollars, not to mention the need for additional full time employees. Clearly there had to be a better way.

By putting the MobileIron MDM solution in place, provisioning time was reduced from 60 minutes to less than three minutes, allowing end users to self-provision. Once the device was registered, MobileIron pushed out the authorized services. Additionally, the MDM solution offered IT the ability to remote-wipe and locate or retire mobile devices, giving the IT department the necessary levels of control and visibility to ensure security of the environment.

Since deployment, the improved platform (iPad versus legacy BlackBerry) has increased the range of mobile applications being used by corporate workers. As stated earlier, pre-iPad, e-mail and ActiveSync were the primary mobile applications. Today workers are utilizing these plus a

(5)

5

wide range of web applications for departmental-specific productivity gains and remote-desktop through virtualization.

The process implemented to support the iPads opened the floodgates for other devices such as iPhones, iPod Touches, and Android devices to be simply and securely brought onto the corporate network. Additionally, since users like to change devices on a yearly basis, the post-MDM environment allows workers to easily switch devices at their convenience without having to involve IT or modify their accounts if a device is lost or stolen.

In addition to deploying MDM, the IT department at KLA-Tencor undertook the following steps:  The corporate Wi-Fi network was upgraded to handle the increased number of consumer

devices as well as rich media, such as enterprise video.

 A FAQ was created with easy-to-follow policy steps which shifted as much of the provision process to the worker as possible.

 Desktop virtualization was used to give access to non-web enabled applications or applications where a mobile version is not available yet.

Best Practices Learned from the Deployment

The primary best practices learned from the KLA-Tencor deployment are as follows:

 The concept of consumerization is to enable to use personal devices, such as iPads, in the work environment. IT departments should embrace consumerization instead of running from it; consumerization is coming but IT might not be the first to know. Be prepared for it when a line of business leader or corporate executive asks for it.  Automate as much of the on-boarding process as possible. Chewing up hundreds of

hours of IT time is very expensive and shifting the work to the users will cause frustration.  Training is a key to success. Publish the company’s BYOD plan and processes as well as explain what apps or devices are supported and why. Also, educate users on proper use policies to minimize organizational risk.

 Use MDM to control the environment rather than trying to enable a BYOD strategy through ad hoc IT processes.

 Visibility into user behavior is a must for a BYOD strategy.

“Previously we had an unacknowledged BYOD strategy which was putting our company’s security and intellectual property at risk. MobileIron’s MDM solution gave us the necessary visibility and control to allow workers to use the iPads in the workplace without putting the company at risk.”

– Seng Ing, Senior Network Engineer, KLA-Tencor Corporation

Case Study 2: Needham Bank – Competitive Differentiation

Fuels Mobility

Needham Bank is a community bank headquartered in Needham, MA. The bank has five locations in Massachusetts and a total of 130 employees, of which 40-45 are mobile. The organization is a full service bank and prides itself on giving as good, if not better, service than

(6)

6

the larger banks while still providing a personal touch as a differentiator to win customers in a competitive banking environment.

Mobility Can Improve Efficiency

One of the corporate goals at Needham Bank was to find a way to make bank executives more efficient; being in the office instead of being on the road closing deals for the bank is not making the best use of the executives’ time. However, because the bank is highly regulated, security is a must, so bank executives were allowed very little access to modern mobile devices or bank applications, forcing them to come into the office.

One of the primary lending areas for Needham Bank is in construction. This is a highly

competitive area so the more executives are out of the office meeting with clients and prospects, the more likely the chances of Needham winning new business. James Gordon, VP of IT for the bank, sought a mobile solution that would make the executives more productive and efficient. Accomplishing this was no easy feat; he knew he would need to provide a simple solution that would give executives the confidence that they would be continually connected to the bank and important resources when working remotely. The company had previously tried giving the president a smartphone but the small screen size made the solution unusable.

To combat this challenge, Needham Bank gave the executives iPads and use of an SSL VPN solution from Array Networks to provide remote connectivity. MobileIron was used for an enterprise app storefront and MDM software.

Since the banking industry is so heavily regulated and many breaches make headline news, MDM was a critical aspect of allowing bank executives to be mobile. The MDM solution provides:

 Application inventory of what apps and devices are currently being used for corporate access.

 Jailbreak protection.

 Geolocation capabilities to locate lost devices.  Security and encryption for the whole device.  Remote lock, unlock, and wiping of devices.

 BYOD capabilities for Blackberry, Android, and iOS devices

Additionally, Needham Bank extended its application strategy for internal and 3rd party apps to mobile devices. Because of the sensitive nature of banking information, the bank chose to build its own applications rather than use packaged applications. Web-based applications were deployed to the iPads, providing the best real-time capabilities. Often banks need up-to-the-minute data such as bank balances, so data stored on the device would not be sufficient. A web application secured through MDM and accessed via SSL VPN was the right combination for Needham Bank to extend their application strategy securely.

Mobility Creates Competitive Advantage by Improving Customer Responsiveness

In addition to making Needham Bank executives more efficient, the mobile strategy led to some competitive differentiation by speeding responsiveness to customers.

(7)

7

The mobile devices allow customer-facing employees to respond in real time, even when not in the office. For example, a high net worth client was looking to purchase a home but needed down payment approval in a very short period of time. One of the bank executives was on vacation in the area of the home and was able to take pictures of it using his iPad and then sent it to the credit committee to speed up the approval process. Historically, the process of applying, taking pictures, and approving could have taken a week or two. The mobile app and device strategy using MDM software allowed for a decision to be made in two days. This is a significant improvement in responsiveness and customer service.

Mobility is now an integral part of the process at Needham Bank. The Security Committee has been given iPads as well and can visit properties in real time and take pictures and videos for immediate approval; this could never have happened before the availability of iPhones and iPads. This process has been refined to include mapping and other efficiencies that can save up to 20-30 minutes per trip. Many improvements were made by having IT “shadow” the field individuals to think about how mobility could be inserted into the process to improve it.

In the highly competitive banking industry, a mobility strategy has allowed Needham Bank to be more responsive, efficient, and compete better with larger, national banks.

The best practices learned from the Needham Bank deployment are:

 Users and IT should partner to improve processes that save time and/or money.  Mobility should be inserted into processes with high amounts of human latency for

short-term wins.

 Rebuild processes with mobility in mind for competitive differentiation.

 Think about the mobile process within a mobile context. That is, consider how location, presence, etc. can improve a process.

“These iOS devices have become like a security blanket to our executives. The IT department went from zero to hero in the deployment of mobility. Prior to the iPads we had pencils, pads, and paper, and the mobility solution allowed us to go full-bore in 2011.”

– James Gordon, VP of IT, Needham Bank

Case Study 3: Lexington County School District One – Expands

its Technical Vision with Mobility

Lexington County School District One is the largest school district in Lexington County, SC, and one of the largest in the state. The school has approximately 23,000 students in more than 30 locations including administrative facilities and K-12 schools. In addition to the students, there are more than 3,200 employees in the school district.

The superintendent of the district has long had a vision to make Lexington a technologically advanced school system. The school currently has a robust network, smart boards, sound

distribution systems for classrooms, a consistent technology replacement cycle, increased access to online resources, network infrastructure, storage and filtering, and other technology to enable better education.

(8)

8

Tablets Go Mainstream at Lexington County School District One

In 2008 the school system passed a bond referendum which included $15 million to expand and upgrade existing technology for the school district. The initial goal was to create a “Personal Mobile Computing” initiative, consisting of 1:1 ratio of devices per student in high school, 1:3 in middle school, and 1:5 in elementary school. The 1:1 ratio would consist of four high schools and 6,500 students plus 500 teachers, totaling 7,000 iPads. Later this year due to the initiative’s success at the high school level, the district will implement a 1:1 ratio for middle schools with additional devices at the elementary level bringing their total deployment total to more than 16,000 devices.

The district’s IT department made the decision to standardize devices and chose iPad 2 tablets and iPhone smartphones. Teachers use the devices to augment the curriculum. Students take notes on the tablets, use it for labs to watch dissections, complete and turn in assignments, research electronically, improve reading fluency, build skills, create study cards, as well as other tasks. Because this was the first year mobile devices were in use the school decided not to provide any meaningful restrictions to the students and teachers. Rather, they waited to see how the devices would be used in practice.

As these devices were being used in a school system, securing devices and protecting students was an absolute must. Network engineer Thomas Burgess consulted Apple as to what to use for a mobile device management solution and Apple recommended MobileIron and Cisco

AnyConnect VPN for access.

Utilizing these software solutions, the school has put in the following controls:  802.1x is automatically pushed to the device for authentication.

 Students cannot download any applications with a 12+ rating or higher. These are applications with objectionable content that can be offensive to school age individuals.  No explicit music can be downloaded to the tablets.

 School e-mail is kept as a closed system and protected in case of jailbreak or device loss.

 No content that is over PG13 or TVMA may be viewed.  No remote desktop applications may be installed or used.

All of the above policies are enabled and enforced automatically through the MDM solution. Additionally, the MobileIron software helps locate lost or stolen devices, but, as of today, this has not been a major issue.

Looking to the future, the school system is investigating more process change to the education department to ensure rapid access to curriculum content. There is a strong desire to use the Apple TV and AirPlay video mirroring capabilities Apple has provided.

Additionally, the district is very interested in retiring textbooks and moving to iPad based e-textbooks. The district is working with the SC State textbook office and Apple to finalize a distribution model.

(9)

9

 Start by determining the desired end-state then figure out the role mobility will play in achieving that goal.

 Educate the users of the device about its capabilities. A user guide and all-hands provisioning exercise allows iPad users to maximize the benefits.

 Implement content filtering to protect the organization.

 Choose a solution with an easy-to-use interface for better scalability.

“MobileIron’s MDM solution does everything we need it to so we can protect the school and the students in real time regardless of their device or app. Additionally, the tool has a naturally, easy-to-use interface making it simple to manage.”

– Thomas Burgess, Network Engineer, Lexington County School District One

Case Study 4: A Leading Solar Power Innovator - Using Mobility

To Keep Its Competitive Edge

This leading solar power innovator is one the largest residential and commercial solar company in the industry today. It’s a full service organization that boasts having many global tier-one

customers.

Mobile Evolution Drives the Need for MDM

Although this organization prides itself on being creative with the tools it gives its workers, its prior mobile strategy was very much like other companies. The company had about 800 BlackBerry devices that ran through a BlackBerry Enterprise Server (BES), allowing workers to access e-mail and the company address book.

The world of mobility had rapidly moved past e-mail and address books, and in order to keep their competitive edge, the company decided to move off of BlackBerry and BES servers. Eventually the company will build its own mobile applications and will need a more robust platform on which to accomplish this. As it turns out, the company’s wireless operator of choice offered a significant data usage discount to switch devices. The company took advantage of this and it became the catalyst to shift off of the BlackBerry.

The company conducted a careful analysis of the mobile industry and determined that Android was at the forefront of innovation and would be the best platform moving forward. However, the company wanted to give their workers a choice and decided they would also support iPhones if employees wanted to use their own personally-procured devices at work.

The company currently supports more than 400 company-supplied Android phones and a number of personally-owned iOS devices. As part of the overall mobile strategy, it implemented an MDM solution based on MobileIron’s software technology.

Thanks to the MobileIron MDM solution, the company overcame their biggest challenge and gave both the Android and iOS devices the same level of security that BlackBerry had provided in the past. The MDM solution gives the desktop support manager the ability to lock down applications, remotely wipe a lost device, provide location information, and deploy applications in a secure way.

(10)

10

The company is currently in the early stages of shifting to Android so the primary applications being used are e-mail and address books. The company has the following in mind for expanding its mobility strategy:

 Secure file transfer to the phone. The organization has more than 100 field sales

representatives and would like to push updated Excel or Word documents to the devices on a weekly basis. This will ensure that the sales force has the latest information at their fingertips.

 Custom mobile applications. For example, the organization has a line of applications that both commercial and residential users leverage to monitor solar panels and determine how much energy is being used and produced. This would be an ideal application for field service workers to be able to access when mobile.

 Administrative applications. The company would like to implement mobile timesheets and other functions which would prevent people from having to come to the office. It would also allow the organization to retire many laptops.

 Self provisioning of devices. This is a key step for the company in implementing a BYOD policy.

As part of the MDM rollout, the company provided its workers with a significant amount of training on the devices. The IT department has handled inbound requests to the helpdesk by phone, e-mail, walk-up, or other methods for training with which the workers felt comfortable.

 Mobile is a key part of any organization’s current competitive strategy.

 Be willing to swap out an incumbent vendor for a solution that can deliver the functionality needed today and in the future – at a lower TCO in a quicker amount of time.

 Think of the mobile operating system as a platform for future application deployment.  User training is a significant key in maximizing the value of the mobile solution. “Training was a huge initiative for us. The effort we put into training today will pay us back ten-fold as we roll out more advanced mobile capabilities”

– The organization’s Desktop Support Manager.

Conclusion and Recommendations

The mobile computing era is here. This is the most significant IT transformation since the birth of computing; it will enable more devices than ever to be connected to the corporate network than with traditional computing. Users will have more functionality in more places making them more productive.

To take advantage of the mobile computing revolution, IT leaders must embrace smartphones and tablets in this post-PC era. However, this shift does require a significantly more challenging IT management environment than old-school legacy laptops. To help meet this challenge, IANS recommends the following:

 Fully embrace consumerization. ZK Research shows that fewer than 25% of

(11)

11

acknowledge that consumer devices are in the workplace and are trying to support it through ad hoc methods. The opinion of IANS is that IT teams need to be “all in” when it comes to consumerization and fully embrace and support the technology to take full advantage of what it can bring. KLA-Tencor resisted the wave before an executive decision forced consumerization into the workplace. Supporting consumerization with an MDM solution reduced the IT time required to provision the device from an hour to just a few minutes.

 Think about mobility in the context of business process change. IT leadership and business leaders must work together to understand how to insert mobility into processes in which it can remove human latency.

 Needham Bank’s ability to reduce loan approval time from weeks to days is a great example.

 Provide a significant amount of user training to ensure users are comfortable with

the new systems. Some IT projects fail not because of the technology but because the

users are not aware of what’s possible with the new technology. Maximizing ROI is often dependent on users getting comfortable with the new way of working. For this reason the organization implemented a robust user training program with the rollout of the Android devices.

 Start with a vision of where you want your organization to be. Setting a future vision helps the entire organization with its mobile (or any IT) strategy. Strategy gives the company a single focal point with regards to IT initiatives. For example, the vision of being the most technically advanced school system has been the biggest driver of change at Lexington Schools over the past half decade.

About IANS

IANS is the leading provider of in-depth security insights delivered through its research,

community, and consulting offerings. Fueled by interactions among IANS Faculty and end users, IANS provides actionable advice to information security, risk management, and compliance executives. IANS powers better and faster technical and managerial decisions through experience-driven advice.

IANS was founded in June 2001 as the Institute for Applied Network Security. Inspired by the Harvard Business School experience of interactive discussions driving collective insights, IANS adapted that format to fit the needs of information security professionals.

About MobileIron

MobileIron is a Mountain View, California-based Mobile IT innovator delivering software to help businesses manage both mobile apps and mobile devices. The company solves the complex requirements of enterprise mobility for CIOs forming Mobile IT teams, and Mobile IT vendors and services companies. MobileIron has thousands of customers in 30 countries and most recently posted 400% year over year growth for bookings and 600% growth for number of customers. Within its customer base, more than 60 percent leverage the Android operating system and related apps.

(12)

12

More than 200 of the Fortune 1000 and the Forbes Global 2000 are MobileIron customers. These customers are sold MobileIron software by our value added reseller, carrier and system integrator partners who now have more than 5,000 partner reps globally now trained to sell MobileIron, and 1,000 field engineers now trained to deploy it. MobileIron software is available as both on premise and Connected Cloud implementation. For Connected Cloud, our delegated administration SaaS service provides unique integration with existing enterprise security

Best Practices for Enterprise Mobility: