itd 13 041111 eng

8/3/2019 ITD 13 041111 ENG

1/12

1

ITD #13 Mobile devices and the IT department

IT Decisions 4 November 2011 All rights reserved

Mobile devices and

the IT departmentITD Research #13

4 November 2011

8/3/2019 ITD 13 041111 ENG

2/12

2



IntroductionMobile devices are taking over many organizations with

an increase in employees carrying smartphones into the

workplace and demanding the right to use their own

device.

Whilst the mobile revolution means the CIO can worry

less about network infrastructure at the office such as

structured cabling it introduces a series of new issues,

such as wireless security. A complete lockdown of the

network is unpopular with workers who want to be able

to work on email, documents, and company information

using the same device at home as in the office.

But with hackers even targeting the Android and Apple

operating systems, what could be the price of flexibleaccess to your company systems using mobile devices?

An information leak because of security weaknesses

created by mobile devices is just one possible outcome

from the proliferation of smart devices. There can also be

the opportunity to create a more flexible working

environment for your team can you remember a time

before the Blackberry, when email could

only be answered in the office?

Mobile devices can also create new

innovations for your end customers too in many different industries.

Customers are interacting with

information in new ways and many of

them want a mobile offering, so it is only

natural that this would translate into the

use of more smart devices within the

organization.

There is a change in customer

expectations and in the expectations ofyour own workers everyone wants to

ability to use mobile devices to access

information. But as an IT leader, how do

you support all of this change? Its a long

way from the standardized systems of

old now people are bringing their own

devices into the office and expecting

your IT team to support them.

In this IT Decisions report, we explorewhat our IT leaders think about the

explosion of use in mobile devices at

work. What opportunities are created

for the creation of new services and

what complexities are created with the

need to manage this?

what could be

the price of access

to company

systems through

mobile devices?

8/3/2019 ITD 13 041111 ENG

3/12

3



Participant feedbackTo explore the issue of preparing the IT department for a change in business strategy we asked four

questions three of which were multiple choice and one designed to promote an open discussion.

We received answers from 22 executives from 11 industry sectors: Shipbuilding, consumer goods,

insurance, media, food production, chemicals, logistics, financial services, consumer services,

manufacturing, and transportation.

Question 1: Has your organization faced an actual or the threat of an information leak because

of wireless networks and devices?

Our IT leaders are overwhelmingly in control of their own security risks regarding mobile devices in

the workplace.

Despite the risk of security breaches being one of the main concerns around the proliferation of

mobile computing devices, a full 50% of our respondents said that they have not faced any form of

information leak because of mobile devices. This was further strengthened by an additional 36.4%

who answered that they have not faced any information leak, but they perceive it as an ongoing

threat.

Only one in ten of our respondents had faced a real situation where data was stolen or leakedbecause of mobile devices.

0 2 4 6 8 10 12

Yes

Yes, but we closed it quickly

No

Not yet, but is a threat

9.1%

4.5%

50%

36.4%

8/3/2019 ITD 13 041111 ENG

4/12

8/3/2019 ITD 13 041111 ENG

5/12

5



Question 3: Would you consider paying a fee to users to use their own devices at work inexchange for them agreeing to not use your internal IT support service?

This was a very unpopular suggestion. It is a strategy that some companies such at the energy

giant BP have adopted. With all their internal software available via browsers, the actual device

used to access company software is no longer important, and they give an annual fee to users to

not bother the local IT support team.

But this takes a huge amount of planning and it is not always possible to locate every piece of

corporate software in the cloud. And if a user cannot fix their own laptop then should their

manager simply allow them to keep on struggling, or call on IT support even though it was agreedthat they would be left alone?

Our own IT leaders could see more problems than advantages with this approach with a full 38.1%

saying they would not be interested in this kind of idea, and the same percentage saying that it

introduces new risks into the organization.

Perhaps this is an idea that has yet to mature.

0 1 2 3 4 5 6 7 8

Yes

Maybe, if I can see it has worked elsewhere

No

No, it introduces risks

9.5%

14.3%

38.1%

38.1%

8/3/2019 ITD 13 041111 ENG

6/12

6



Question 4: Once people had to be in front of a PC to access the Internet, now they can do it

from anywhere using a mobile device. This introduces new opportunities for businesses in allsectors new services can be devised around locationaware mobile devices, but it creates new

security challenges too.

What are the mobile innovations you are exploring in your business and where do you advise

caution should be applied?

The most relevant responses from our CIO respondents are listed here.

Insurance: Our main challenge is "having to keep everything open"

Mobility is something desired for a long time and now is a big reality. Like any "new" technology,

the safety factor must be well planned, and frankly, today, very few institutions are prepared to

understand and close security gaps that currently exist. My company operates exactly in this field,

and we have developed products that help a lot in this sense, and costs have decreased a lot, but

the main blocker is the culture of having to "keep everything open."

Media: Every new technology creates risks

Every new product linked to mobility which enables access to the enterprise environment creates

security demands, even if it's only to review policies and methods. There is no way to preventaccess to these devices, since the dynamics that businesses demand requires access to corporate

information outside of the organizations as an essential element of market competition.

Consumer goods: This is a oneway journey

The era of consumerization arrived, it is already within medium and large companies, is a oneway

journey. The major challenge in IT is to mitigate the impacts of this revolution.

Food production: Carry out pilots beforehand

The adoption of consumerization in business is inevitable. Thus, we have been discerning in that

regard and have limited use to a limited audience, with the implementation of policies that make

clear that only a few applications available.

Chemicals: We can't swim against the tide

Mobile devices in the enterprise are a reality and we cannot swim against the tide. In addition to

distributing many smartphones, we extended our base with the policy of "bring your own device."

That is, we will devices that belong to our own employees to receive corporate email or access a

segregated wifi network.

8/3/2019 ITD 13 041111 ENG

7/12

7



We will manage the risks with rules and technology, but being connected is essential. We're latein the development of applications to leverage this important technology. That will come in the

next few years.

Logistics: Create a support policy for personal devices

We have a policy that is already in place which allows the use of personal devices (smartphones

and tablets), so long as they are not supported by the internal service desk.

In practice, this does not work very well, because we still get calls and not answering them

generates dissatisfaction from those who put the calls in.

The consumerization associated with social networks is still a big challenge for companies, but I

think the fundamental problem is one related to education and trust, which ultimately generates

a high management cost.

Financial services: The mixed model is the reality

The CIO has to face up to a new reality: providing, with appropriate controls and security,

applications and company information on multiple devices some belonging to the company,

others to the user.

Customer Service: Application of mobility requires maturity

Indeed, mobility is a factor that can not be dismissed as a tool that gives competitive edge in

business. Access to information at any time allows more agile decisions. But mobility technology is

still fairly immature from the standpoint of information security.

Companies need to look more closely at this issue, otherwise we will live the problems that were

experienced earlier during the boom of Internet access.

Financial services: Do not ban access

What has no solution, is already solved. Invest in educating consumers of IT (formerly known as

users), set policies that are consistent with the reality of your company and do not prohibit access

(there is no way to prohibit access even in prisons that is not possible).

8/3/2019 ITD 13 041111 ENG

8/12

8



Manufacturing Set the importance and benefit of using mobile devices

Indeed, this is a situation that is here and has to be dealt with. The easiest way would be to

prohibit the use, but if we are to create value for our organizations, the attitude should be:

minimize the risks and enable benefits. Therefore, we need to answer the following question: how

significant is [the use of mobile devices] and where does the benefit come from?

Other CIOs also said ...

Shipbuilding:

The advent of mobile devices is a reality that companies must consider and take advantage of the

opportunities that can generate.

Consumer Goods:

Even the mobile device manufacturers are concerned about the security issues of this type of

equipment. Certain features of IOS5 already demonstrate that.

8/3/2019 ITD 13 041111 ENG

9/12

9



Conclusion and Executive SummaryThe world has changed. Not only is work and home time blending, but mobile devices have

allowed executives to manage their work on the move but the use of mobile devices with

Internet access has now moved far beyond the boardroom alone.

There is now a wave of userowned devices entering the workplace and those users expect to be

able to work on their own device as well as any tools supplied by the company. In many cases, the

personal devices are more powerful and userfriendly than the corporate tools.

But our IT leader responses demonstrate some important initial findings this week:

There is not much evidence of user devices causing security threats yet, but many of our ITleaders are aware of the possibility and taking measures to ensure security is improved.

There is a strong sense of pragmatism. This cannot be prevented. Everyone now carries aphone, most have Internet access, and many are carrying tablet devices we cant return to

an age where our users carried an old LCD screen Nokia phone that was just a phone. The

best way to approach the problem is to define governance and behaviors, so the

workplace can be flexible, but also secure.

There is very little support from our IT leaders for a push to moving the workplace to analmost 100% reliance on user owned devices. Some companies have tried this, and

reduced their support requirements, but it is a difficult ideal to achieve and our IT leaders

dont see it as a target worth aiming for just now.

Our IT leaders reflected these key views in their additional comments on the subject; with the key

theme being that enterprise IT managers cannot swim against the tide of consumers. The people

formerly considered users are now extensive IT consumers in their own right, with personal

iPads and smartphones all equipment that is powerful enough to be used within the enterprisein addition to their own personal use.

Prohibition creates no value and denies users the opportunity to add any value to the

organization. The smart IT leader will explore how best to open the organization to every user, so

they can use their own devices to work away from their desk, but without opening the company

to dangerous security risks.

8/3/2019 ITD 13 041111 ENG

10/12

10



The members of our research network believe that this is now a oneway journey and cannot bechanged, but they urge caution and selfawareness. Mobile security is still evolving and is

therefore an easy place to slip up. If a determined hacker really wanted to target your

organization then a flexible network policy promoting remote access could be your Achilles heel.

Times change and users of enterprise business systems are now all technology users at home and

at work. The smart IT leader can capture this enthusiasm to create a flexible working

environment, encouraging a blend of companyissued and personal devices.

8/3/2019 ITD 13 041111 ENG

11/12

11



IT Decisions ResearchIT Decisions produces a report like this every Friday, based on what CIOs told us that same week.

It is fast and relevant knowledge from your peers, it is only available to the CIOs in the research

network, and it is free.

What is the catch? You pay by participating. Every week, we will send you four simple questions

that will take no more than five minutes to answer.

The more participants, the better the quality of the research. So please do invite your

colleagues to join! Get in touch with recommendations via [email protected] you want to direct the research and define the topics alongside our board of founder

members? We also offer Platinum memberships that allow you to steer the process, as well as

other benefits including comprehensive reports, facetoface focus sessions and more.

The IT Decisions FutureSkills fund is a charitable, transparent fund focused on improving IT

education and training in Brazil.

If you recommend a Platinum member to the network, we will donate R$500 to the fund in your

name and Platinum members will get to choose which organization gets the money at the endof the year. Please contact us for more details.

8/3/2019 ITD 13 041111 ENG

12/12

12


IT D i i 4 N b 2011 All i ht d

About IT DecisionsIT Decisions is the premier source of insight into the technology and hightech service industry in

Brazil. The company creates Englishlanguage news and insight for a CIO audience with regular

features and analysis that cannot be found elsewhere.

We focus on decisionmakers and influencers the buyside. Reproducing the sales pitch or

adverts of suppliers is not our thing; we focus on those buying the systems. IT Decisions was founded in 2011 by Mark Hillary and Angelica Mari, two of the most respected

business and technology writers in Europe with a collection of bestselling books and industryawards between them.The IT Decisions research network is an invitationonly group of CIOs in Brazil who work together

to produce a new research report every week.Take a moment to connect with the IT Decisions management on LinkedIn and take a look at some

of their books, other media, blogs, and publications:

Mark Hillary, CEOhttp://j.mp/markhillary

Angelica Mari, Publishing Director

http://j.mp/angelicamari

Mark, Angelica, and the whole IT Decisions team is based in So Paulo, Brasil the biggest city in

the Southern Hemisphere.

www.itdecs.com

Image Credits licensed under Creative Commons

Horizontal Integration http://www.flickr.com/photos/ebolasmallpox/3536804299/ (capa)

Ed Yourdon http://www.flickr.com/photos/yourdon/2675323741/ (woman with Blackberry)

itd 13 041111 eng

Documents