Mobile App Mentality: 4 Ways IT Must Change - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
08:06 AM
Ojas Rege
Ojas Rege
Connect Directly

Mobile App Mentality: 4 Ways IT Must Change

From architecture to employee trust, IT must adjust its thinking.

6 Ways To Master The Data-Driven Enterprise
6 Ways To Master The Data-Driven Enterprise
(Click image for larger view and slideshow.)

There isn't any element of what we do in IT today that won't change over the next few years as a result of the "mobile first" world. We will see radical shifts in how we think about enterprise architecture, user experience, technical operations, and organizational governance. Mobility will disrupt much of what we accept as tried-and-true practices in business IT. If you're an IT leader, it's time to accept that many of the things we learned will no longer apply.

Everyone talks about disruptive forces, so why is mobile a true disruption? The test of a disruptive technology is twofold:

First, it changes the way we behave, and that drives the development of new business and user experiences.

Second, it creates massive opportunities for innovation. The PC and the Internet both met these criteria. We've seen mobility meet these criteria already in our personal lives, and now we will see the same in our business lives. However, change is difficult, and taking advantage of these new opportunities requires a fundamental re-imagining of how we do IT. Here are four ways IT leaders must change their thinking.

1. Shift In OS Architecture

The most profound disruption is the shift from the open file system of traditional Windows to the sandboxed architecture of modern operating systems like iOS, Android, and even the new generation of Windows. Modern operating systems use isolated storage and isolated memory for each app, so the data of each app is protected from the actions of other apps on the device. The OS kernel is also protected, resulting in system stability and ease of update.

This model of protected file system and protected kernel avoids the threat of traditional malware. It dramatically reduces the complexity of managing these devices. In the past, your IT department gave you a laptop burned with a system image. All software was pre-installed and several security agents ran on the device, trying to protect the system, but slowing down performance in the process. Now, because security is embedded in the OS, you can choose your own device and select from the services that IT provides you. You update the operating system, not IT.

These new OS architectures allow user choice to replace IT command-and-control without compromising data security.

2. Evolution Of Trust

Trust is a two-way street. In a successful mobile program, IT must trust the employee enough to provide mobile access to a broad base of business services, and the employee must trust IT enough to use those mobile services. IT trust is based on perceived risk of business data loss while employee trust is based on perceived risk of personal data loss. Security and privacy are two sides of the same coin.

[Embracing change? Read Nordstrom VP's advice on taking emotion out of an agile transformation.]

In the traditional enterprise world, IT trust is largely based on Active Directory as the source of truth for employee identity. Employees get access (or not) to corporate resources based on who they are. In the mobile world, identity is essential, but trust is also heavily determined by context, such as whether the device is up-to-date on the security software and updates it should have. And because many employee devices are personally owned, they fall in and out of compliance frequently. Trust must be dynamic. It will determine what level of access a particular employee on a specific device in a certain context has to enterprise resources.

Employee trust is based on something much simpler -- confidence that the employer is not misappropriating personal information from the device, such as family photos or your location over the weekend. Mobile devices are highly personal. They capture our lives in a way that no other technology can. Asking employees to decipher complex legal privacy agreements isn't the path to success. The burden is absolutely on IT to be able to set and, most importantly, communicate privacy policies effectively to the broad employee base. Transparency is the only way to build trust. IT should explicitly disclose what it tracks and doesn't track, and why and when it does so.

This new trust model incorporates identity, context, and privacy enforcement to set the appropriate level of access to enterprise data and services.

3. Ascension Of User Experience

We each want great new productivity apps so we can do our work better and more efficiently. But it is user experience, not breadth of functionality that is the litmus test for whether employees adopt mobile apps in the enterprise. Unfortunately, traditional IT organizations are terrible at user experience. In fact, many IT professionals have been explicitly trained that it is okay to compromise user experience in order to get higher security. This was probably the wrong approach even for traditional enterprise computing, but it is certainly the kiss of death for mobile computing.

Consumer apps set the standard for IT.

(Image: Apple)

Consumer apps set the standard for IT.

(Image: Apple)

In the consumer world, if you don't have a great experience, nobody uses your mobile app, no matter what features it provides. The best apps tend to be tightly

Page 2: The dizzying pace of change in IT.

focused on two to three core tasks. Employees expect this same, focused, consumer-grade experience with mobile business apps.

This is why technologies like virtual desktop infrastructure (VDI) fail the individual. Forcing employees to use legacy Windows apps that were built for keyboards and big screens on their beautiful new tablets optimized for touch and mobility will result in poor adoption, user frustration, and minimal business value. A 2015 Ferrari should not have the engine of a 1990 Buick. Employees want modern apps that are optimized for the mobile experience and for the way they want to do their work.

This move to an experience-centric model of apps requires a re-imagining of underlying business processes and a change in the mindset and design methodology of the enterprise developer.

4. From Inside-Out To Outside-In

The mobility disruption for business IT isn't driven by technology, but rather a fundamental flip in the way IT must look at the world. The core infrastructure technologies of the last 20 years -- anti-malware, system management, virtualization, VPN, and remote desktops -- were not driven by the needs of employees, but instead by the need of IT for efficiency and data security. The requirements were developed inside-out: They started with IT and were then deployed to the employee base. Now the requirements are being set outside-in: They start with the employee needs and are then enabled by IT. Employees are demanding that IT respect their preferences for particular operating systems, devices, and apps. IT doesn't have the option to say "no," but must instead accept the challenge of making these services available in a business context without sacrificing enterprise security, user experience, or personal privacy.

What makes this challenge so difficult is its pace of change. The technology landscape is more dynamic than at any time in our lives, with the launch of Apple Watch and a new generation of wearable devices; new versions of Android, iOS, and Windows coming out every few months (or weeks); and a stunning rate of innovation across apps. The speed with which IT must race through this gauntlet is daunting. Mobile moves at consumer speed, which is far outside the comfort zone of most IT organizations.

We all have much work to do. Establishing a successful mobile program requires a rethinking of the assumptions that have driven enterprise IT for the last 30 years. But the prize at the end is that mobility can enable employees to do things they could never have imagined before, because data and information become ubiquitous. That's why mobile will be not only the great disruptor of IT, but also the core driver of business transformation in this decade.

[Did you miss any of the InformationWeek Conference in Las Vegas last month? Don't worry: We have you covered. Check out what our speakers had to say and see tweets from the show. Let's keep the conversation going.]

Ojas Rege is Chief Strategy Officer at MobileIron. His perspective on enterprise mobility has been covered by Bloomberg, CIO Magazine, Financial Times, Forbes, Reuters, and many other publications. He coined the term "Mobile First" on TechCrunch in 2007, one week after the ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/24/2015 | 11:47:14 AM
You describe the two-way trust that exists between the individual and the company. However there's (at least) a third leg - trust in each individual app that an individual chooses to install on their device. As you point out, those apps are sandboxed from each other for security. However because no one really can be aware of what those apps are actually doing on the device, that proliferation of unknowable/untrustable apps renders that entire device untrustable.

For example, how difficult would it be for an app that performs some legitimate capability to also listen on WiFi and repeat what it has heard to its server via the mobile data network? What company has the capability to intercept and scan mobile data network traffic - isn't that illegal? - or has access to some Compendium Of Bad Apps? And, since the app was installed by the user, what right (or ability) would the company have to prevent it from running on the enterprise network knowing it is bad?

I haven't seen or heard much about the ideal corporate WiFi infrastructure model to support mobile, but it seems that it ought to focus on keeping mobile devices outside of the enterprise network by only letting them attach to company Guest networks and, via per-app VPNs, enable the specific apps to connect to specific internal servers as required. All other app traffic is relegated to the Internet. This model ought to work nicely for any mobile device, whether smartphones and tablets or laptops equipped with VPNs, and enables the company to focus their network security devices needed to scan that incoming traffic at one or few ingress points for those VPNs instead broadly throughout the network.
User Rank: Ninja
5/28/2015 | 5:20:09 PM
That is an amazing amount of change that needs to occur in a very short time frame. Mindsets are not changed overnight. Trust might be the hardest one to come by. IT can do all the security they want but the most vulnerable part of any security system is the people. Either from being stubborn/lazy/oblivious and using something outside what IT provides to being manipulated into giving out a password or other sensitive data unknowingly. That strikes me as the singly most difficult mindset to change.
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll