By Jenny Schuchert, IAITAM
ITAK V9 I7
Mobile devices have been part of organizational communication for some time, but with Bring Your Own Device (BYOD) programs, consumer-led mobile device features and the infiltration of mobile access into the organization’s systems and workflows, previous management strategies for these devices are most likely insufficient. Mobile management is probably inconsistent across the organization and not receiving the level of attention necessary. It is unlikely that there is an overall organizational direction for mobility and certainly not one that starts with the what, how and why for allowing new mobile devices into the environment.
How did this situation happen? In addition to the pressure from employees for the latest and greatest device, there is a general underestimation of the impact of bringing in the next generation of devices. For instance, is the new implementation going to mimic the restrictions of the previous offerings or is this implementation opening new opportunities beyond what was possible before? The move from Blackberries for email to the multi-platform smartphones with more applications and accessibility options is a good example. Did the planning include considering the capabilities and risks represented by the new mobile devices (which are significantly higher)? Does this project set a new direction for mobility within the organization or is the role of this project unclear?
To avoid negative results such as increased security risks and costs, the mobile device management program needs to have better “teeth” in order to make a difference. This article lays out the planning phases that lead to a successful mobile device management program with the “teeth” to limit costs and risks to an acceptable level.
Before Planning Begins
Before launching into specific organizational requirements, it is necessary to develop consensus on the balance between the user experience and the need for security. That balance needs to be captured in an organizational policy so that all mobile projects are built on a common expectation on what that balance is. Policies are uniquely strong communication vehicles since they include all employees and have enforcement terms built into them.
With that initial policy in place, analyze the rest of the organizational policies for language that would guide the implementation of mobile management or the use of mobile devices within the organization. Raise the question to executive management if current policies are insufficient support for the goals that have been set for the mobile program.
Although ideal if policies are in place prior to the planning of a mobile implementation, policy development can be concurrent with the planning of the mobile device program as long as the balance between user and security is known and there is a specified scope for the program. Communication, always vital to project success, will be critical path if the organizational culture has to change as the rules surrounding mobile technology change.
Phase 1: Determine Organizational Requirements
This phase examines the portfolio of mobile assets and the management practices already in place against those requested as part of this project. The development of project specifics begins with research in this phase, examining available choices and potential snags. Communication begins in this first phase to address the realities of mobile device usage for business and prevent the spread of misinformation. The following questions and statements will be part of this phase:
· Research what services are in use currently including the type of devices, the ownership of the devices and the intended audience and usage
· Meet with Accounting to determine acceptable possibilities for internal processing
· What are the restrictions and security policies currently in place?
· Describe the current processes for on-boarding, tracking, replacement and termination
· Examine existing technology choices (such as Blackberry NOC) and determine technology opportunities available (Wi-Fi, remote wipe, split personality, access to block or remove organizational data, etc.)
· Begin vendor research including devices, services and automation
· What is the scope and skill sets of individuals to be served (just sales, or all management, etc.) and what services, product choices are expected to be provided for that audience?
· Identify changes to restrictions and security policies associated with the audience and service changes. Identify use cases for specific actions
· Begin communication and educate about the upcoming mobile transition to employees
· Investigate licensing for legacy and new software
· Investigate governance requirements that may impact the selection of choices
· Engage a cross functional team to ensure mobile strategies adhere to organizational policies and enables the successful execution of daily work
Phase 2: Plan the Implementation
During this phase the preparation for implementation is complete and the details delineated in the project plan:
· Make the decision about the new devices to be supported. Supporting more than one platform (iPhone, Android) is common, but limitations on models supported is necessary
· Consider any device extensions such as wearable technology and factor this and other consumer trends into device selections and deployment planning
· Determine if BYOD will be part of the implementation along with any other choices that budget managers might and incorporate those rules into the deployment aspects of the plan
· Communicate about security steps (encryption, passcode protection), explain what IT can see and what they can’t (misinformation is a big risk to success)
· Draft deployment processes and determine degree of self-management desired
· Design help desk processes and overall support strategy
· Select and negotiate application and device vendors contracts
· Select and negotiate with ITAD vendor for disposal during the project (any displaced devices) and for future disposal of devices to be implemented
· Design configurations and additional resources (ex. Cloud)
· Determine a migration path, most likely a manual process
· Consider life cycle processes for devices (use cases for lost/stolen, etc.)
· Consider life cycle processes for apps (app updates, terminations, new apps)
· Conduct connectivity, speed and security testing
· Meet with legal to discuss any formal documentation necessary to protect the rights of the organization and to gain employee authorization and or agreement to security actions
· Design and deliver end user communication
Phase 3: Execution
In this phase, the roll out of the devices and all associated changes occur. Documentation and communication are vital at this phase to educate, guide and ultimately to gather the feedback necessary to confirm success:
· Begin with a pilot project with representative users, not just IT people, so that the workload and problems encountered are more typical of what will happen
· Execute quality and security testing throughout the roll out
· Implement any migration steps including technical, procedural and legal action items.
· Collect and dispose of replaced devices through ITAD vendors
· Implement automation – architecture, app store, rules, etc.
· Implement all processes including for problems such as quarantining a device that seems to be jailbroken or rooted
· Communicate new processes to affected employees
· Communicate security measures and employee rights and privacy (or lack thereof) again
· Mass deploy new devices
· Begin BYOD (if part of the program)
· Add additional features such as content sharing or access to third party packages
Phase 4: Maintaining and Expanding
With project management, there is always a follow up and debriefing final phase, but in the case of mobile management, one project may lead directly to another since the technology is changing rapidly and the demand is increasing. Phase 4 sets the stage for looping back to phase 1:
· Debrief post-implementation for end user feedback, lessons learned
· Review lifecycle processes for devices and processes
· Begin execution of maintenance activities
· Evaluate current program against new technologies, extensions to program
· Proactively investigate new devices (critical to BYOD environments)
· Analyze security statistics monthly
· Evaluate actual vs. budgeted expense
· Conduct customer satisfaction surveys
· Review appropriateness of policies
· Monitor versioning of all software and hardware and how it impacts the mobile program
· Determine ongoing agreement of program specifications to organizational goals
The Wakeup Call
Despite the twenty years of mobile devices in the work place, mobile smart devices are a revolutionary change that should have organizational level coordination and executive attention. In addition to the significant risks and costs that can be associated with these small devices, the fractured marketplace with its frequently changing technology adds a level of complexity that can lead to a higher rate of project failure. Developing a project plan that includes a roadmap towards an organizational, policy-driven program is the best course for mobility. Another component of success is continually taking a fresh view of technology, requirements and opportunities so that the organization has the best balance of user experience and security.