Mobile App Mentality: 4 Ways IT Must Change - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
Commentary
5/12/2015
08:06 AM
Ojas Rege
Ojas Rege
Commentary
Connect Directly
Twitter
LinkedIn
RSS
100%
0%

Mobile App Mentality: 4 Ways IT Must Change

From architecture to employee trust, IT must adjust its thinking.

6 Ways To Master The Data-Driven Enterprise
6 Ways To Master The Data-Driven Enterprise
(Click image for larger view and slideshow.)

There isn't any element of what we do in IT today that won't change over the next few years as a result of the "mobile first" world. We will see radical shifts in how we think about enterprise architecture, user experience, technical operations, and organizational governance. Mobility will disrupt much of what we accept as tried-and-true practices in business IT. If you're an IT leader, it's time to accept that many of the things we learned will no longer apply.

Everyone talks about disruptive forces, so why is mobile a true disruption? The test of a disruptive technology is twofold:

First, it changes the way we behave, and that drives the development of new business and user experiences.

Second, it creates massive opportunities for innovation. The PC and the Internet both met these criteria. We've seen mobility meet these criteria already in our personal lives, and now we will see the same in our business lives. However, change is difficult, and taking advantage of these new opportunities requires a fundamental re-imagining of how we do IT. Here are four ways IT leaders must change their thinking.

1. Shift In OS Architecture

The most profound disruption is the shift from the open file system of traditional Windows to the sandboxed architecture of modern operating systems like iOS, Android, and even the new generation of Windows. Modern operating systems use isolated storage and isolated memory for each app, so the data of each app is protected from the actions of other apps on the device. The OS kernel is also protected, resulting in system stability and ease of update.

This model of protected file system and protected kernel avoids the threat of traditional malware. It dramatically reduces the complexity of managing these devices. In the past, your IT department gave you a laptop burned with a system image. All software was pre-installed and several security agents ran on the device, trying to protect the system, but slowing down performance in the process. Now, because security is embedded in the OS, you can choose your own device and select from the services that IT provides you. You update the operating system, not IT.

These new OS architectures allow user choice to replace IT command-and-control without compromising data security.

2. Evolution Of Trust

Trust is a two-way street. In a successful mobile program, IT must trust the employee enough to provide mobile access to a broad base of business services, and the employee must trust IT enough to use those mobile services. IT trust is based on perceived risk of business data loss while employee trust is based on perceived risk of personal data loss. Security and privacy are two sides of the same coin.

[Embracing change? Read Nordstrom VP's advice on taking emotion out of an agile transformation.]

In the traditional enterprise world, IT trust is largely based on Active Directory as the source of truth for employee identity. Employees get access (or not) to corporate resources based on who they are. In the mobile world, identity is essential, but trust is also heavily determined by context, such as whether the device is up-to-date on the security software and updates it should have. And because many employee devices are personally owned, they fall in and out of compliance frequently. Trust must be dynamic. It will determine what level of access a particular employee on a specific device in a certain context has to enterprise resources.

Employee trust is based on something much simpler -- confidence that the employer is not misappropriating personal information from the device, such as family photos or your location over the weekend. Mobile devices are highly personal. They capture our lives in a way that no other technology can. Asking employees to decipher complex legal privacy agreements isn't the path to success. The burden is absolutely on IT to be able to set and, most importantly, communicate privacy policies effectively to the broad employee base. Transparency is the only way to build trust. IT should explicitly disclose what it tracks and doesn't track, and why and when it does so.

This new trust model incorporates identity, context, and privacy enforcement to set the appropriate level of access to enterprise data and services.

3. Ascension Of User Experience

We each want great new productivity apps so we can do our work better and more efficiently. But it is user experience, not breadth of functionality that is the litmus test for whether employees adopt mobile apps in the enterprise. Unfortunately, traditional IT organizations are terrible at user experience. In fact, many IT professionals have been explicitly trained that it is okay to compromise user experience in order to get higher security. This was probably the wrong approach even for traditional enterprise computing, but it is certainly the kiss of death for mobile computing.

Consumer apps set the standard for IT.

(Image: Apple)

Consumer apps set the standard for IT.

(Image: Apple)

In the consumer world, if you don't have a great experience, nobody uses your mobile app, no matter what features it provides. The best apps tend to be tightly

Page 2: The dizzying pace of change in IT.

Ojas Rege is Chief Strategy Officer at MobileIron. His perspective on enterprise mobility has been covered by Bloomberg, CIO Magazine, Financial Times, Forbes, Reuters, and many other publications. He coined the term "Mobile First" on TechCrunch in 2007, one week after the ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GWhyte837
50%
50%
GWhyte837,
User Rank: Apprentice
7/24/2015 | 11:47:14 AM
Trust
You describe the two-way trust that exists between the individual and the company. However there's (at least) a third leg - trust in each individual app that an individual chooses to install on their device. As you point out, those apps are sandboxed from each other for security. However because no one really can be aware of what those apps are actually doing on the device, that proliferation of unknowable/untrustable apps renders that entire device untrustable.

For example, how difficult would it be for an app that performs some legitimate capability to also listen on WiFi and repeat what it has heard to its server via the mobile data network? What company has the capability to intercept and scan mobile data network traffic - isn't that illegal? - or has access to some Compendium Of Bad Apps? And, since the app was installed by the user, what right (or ability) would the company have to prevent it from running on the enterprise network knowing it is bad?

I haven't seen or heard much about the ideal corporate WiFi infrastructure model to support mobile, but it seems that it ought to focus on keeping mobile devices outside of the enterprise network by only letting them attach to company Guest networks and, via per-app VPNs, enable the specific apps to connect to specific internal servers as required. All other app traffic is relegated to the Internet. This model ought to work nicely for any mobile device, whether smartphones and tablets or laptops equipped with VPNs, and enables the company to focus their network security devices needed to scan that incoming traffic at one or few ingress points for those VPNs instead broadly throughout the network.
kstaron
50%
50%
kstaron,
User Rank: Ninja
5/28/2015 | 5:20:09 PM
Trust
That is an amazing amount of change that needs to occur in a very short time frame. Mindsets are not changed overnight. Trust might be the hardest one to come by. IT can do all the security they want but the most vulnerable part of any security system is the people. Either from being stubborn/lazy/oblivious and using something outside what IT provides to being manipulated into giving out a password or other sensitive data unknowingly. That strikes me as the singly most difficult mindset to change.
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll