Many years ago an IT manager, responding to one of our research studies, said one of the saddest and most pathetic sights he had ever seen was a 100Kg salesman coming into his office telling him that his 120g mobile phone was too heavy. He needed an upgrade to something smaller and lighter.
That was back in the days when mobiles were for making phone calls; a lot of the advances taking place were to make them more compact and stylish. Fitness for purpose in business still often takes a back seat to status symbolism, and personal image management as far as many users are concerned.
What that rugby player of a salesman was really looking for, of course, was the latest bling to impress his customers at work and his mates in the pub. The chances were that the 80g phone he was after would perform worse than his trusty workhorse of a business phone – but that wasn’t the point.
Wind the clock forward 10 years, and things aren’t really different. The trusty business device has moved on, and is now capable of mobile email and access to a range of applications and services that can help users get their jobs done. But, of course, some would still rather have the latest, trendiest touch-screen device, even if the battery life sucks and the user interface is optimised for consumer fun entertainment rather than business use.
It’s pretty much impossible to keep up with expectations if you are managing a pool of mobile devices for your organisation. You can’t replace your whole mobile estate every time a hot vendor has a high profile launch and ad campaign.
But because IT doesn’t stand a chance of keeping up, and from a user perspective is therefore always behind the cutting edge, users are increasingly taking things into their own hands, and this comes in a couple of different forms.
First, politically strong – or ill-disciplined -groups within the business procure kit and applications, and subscribe to associated services independently of IT, using local budgets or expense accounts. Second, some users simply acquire stuff as consumers, paying for it themselves, then bring it into the workplace. As far as they are concerned, what does it matter? They are spending their own funds and it saves IT a job. Doesn’t it?
The problem is that much of the latest mobile kit allows or encourages users to do things that are at best superfluous to business requirements and at worst dangerous. Tangible risks, such as those created by synchronising sensitive data onto devices with no encryption and rudimentary pin code protection, is one consideration.
At a more general level there is simply the fact that the boundary between personal and business data is broken down in the mind of the user. This can have all kinds of unexpected cost and risk implications as the two worlds get mixed up. Then, of course, there is the question of where users turn when they can’t get things working or something goes wrong. Which, as you know, will be the IT team.
If your business culture or HR policies do not instil a sense of informed and responsible behaviour, or the IT function isn’t geared up for the DIY approach, then risks and costs can escalate.
There is also the question of whether devices chosen by users will actually support what the business wants to be deployed to help effective mobile working. Technology that has its roots in the consumer market can be subject to limitations and constraints that create problems in a business context.
This is not just about compatibility and interoperability, but also what the vendor or service provider allows, prohibits or discourages. IT departments may have to deal with the unintended consequences of suppliers putting “safeguards” in place to stop consumers doing undesirable or unsafe things, which can often impact deployment options as well as hampering visibility, monitoring and management.
So what do we do as IT professionals? We can put measures in place to protect the business from dodgy or distracting end user activity and, to an extent, to protect users from their own behaviour. This could mean restrictions on which devices can be connected to the network, which will be supported by IT. It may be mandatory requirements for configuration, policy enforcement, and so on. The problem is that business people then complain that IT are a bunch of killjoys who don’t understand how important it is to have the latest gadget and all of the freedom that comes with it.
Does this ring any bells with you? Maybe you don’t think this is a problem. but if you do, how have you solved it?