iPads Run Amok: Does Your Company Need a Tablet Policy?
Unlike many of his peers in the healthcare industry, he had no real qualms about security, despite the specter of compliance with the Health Insurance Portability and Accountability Act.
Nor did he have misgivings about users loading up the devices with personal stuff like photos and music. As for worries about putting an additional support burden on his IT staff -- according to Escue, not a problem.
While these concerns have other IT shops scrambling, the RehabCare team was well ahead of the game. Thanks to a widespread deployment of the Apple iPhone a couple of years back, the company had a formal deployment strategy for the iPad and, potentially, for other emerging tablets.
Rather than trying to ban mobile units or deploy them haphazardly, RehabCare's IT group implemented new corporate policies and standardized on mobile management technologies that opened doors for the iPhone, and now the iPad, to participate in the enterprise in a secure, centrally managed fashion.
Based on this prior experience with the Apple iPhone, Escue was already well aware that users, not the IT department, are rapidly becoming the driving force behind new technology adoption -- a trend some call the consumerization of IT. (For more on the "bring your own technology movement," see Computerworld's recent video chat with Carfax CTO Gary Lee.)
"There was a time when work was where you got new technology, but that day is over thanks to unbounded innovation in the consumer technology world," explains Escue, who heads up technology efforts for RehabCare, a nationwide operator of acute care and rehabilitation hospitals.
Managing the tablet surge
Gartner estimates that 69.8 million media tablets will be shipped in 2011, and analysts and forward-thinking tech managers say it's time for IT execs to do more than simply take notice of that surge.
As with the iPhone before it, the iPad is cropping up in all corners of the enterprise, brought in by C-level execs, sales folks and worker bees who purchased the device for personal use and, now hooked, are hungry to use it on the job.
Regardless of whether staffers work on their own tablets or are given corporate-issued gear, the influx means IT needs a systematic approach for managing, tracking, securing and supporting these devices, just like they do for any other corporate computing platform.
"What the iPhone started to show us -- and the iPad is absolutely making clear -- is that these devices are coming in whether you like it or not," says Leslie Fiering, research vice president at Gartner. "That means that IT has its work cut out for them."
Specifically, industry experts and seasoned tech execs advise IT to do the following:
* Craft or amend usage policies to enforce security best practices for tablets, including use of multilevel passwords and device certificates, and the ability to remotely wipe the device if it is lost or stolen.
* Establish tiered access to network resources to secure critical data and applications.
* Re-architect application delivery mechanisms.
* Determine what levels of support IT will provide, depending on whether units are owned by the employee or the company.
If that list seems a bit daunting, read on to learn how enterprise IT managers have had success in trying to wrap their arms around the tablet.
Mobile device management to the rescue
In the early days, enterprise-level security for the iPhone was nonexistent, but that's not the case anymore. Apple's iOS 4.x for both the iPhone and iPad supports an array of fairly robust security features, including encryption, centralized management and remote data wipe.
Dozens of enterprise mobile device management (MDM) tools extend those capabilities to other smart mobile devices beyond the iPhone, enabling IT to do everything from remote configuration and policy setting to creating "enterprise sandboxes" -- secure virtual areas where personal data can be kept separate from corporate data using tools like passwords and encryption -- and performing remote wipes if a device is lost or stolen.
IT shops that already have such systems in place for smartphones are well positioned to address security and management concerns from day one of a tablet deployment.
Have your say
Tellabs is leveraging many such capabilities to manage a growing fleet of a couple hundred company-owned iPads. The firm delivers broadband access and network management services to telecommunications providers.
Tellabs' supply chain professionals, sales reps and other employees are using iPads to access email and calendars, as well as enterprise applications that allow them to approve customer shipments and provide better service.
In order to access those resources, however, users have to enter credentials that authenticate what applications and information can be accessed by specific users.
In addition to these safeguards, Tellabs also employs an "always connected" model, where applications work only when the device is connected to the mobile Internet.
"Data doesn't reside on the mobile device for offline access," explains Jean Holley, Tellabs' CIO. "This model prevents loss of corporate data and intellectual property. As the mobile Internet gets smarter and the coverage area continues to grow, we believe there will be minimal need for offline capability in the future."
All iPads and other mobile devices are centrally provisioned with mail, calendar and other enterprise applications and are "known" to an MDM platform -- specifically, Sybase Afaria from SAP.
Tellabs uses Afaria to enforce end-to-end encryption during transmission, to help with provisioning, and to create a sandbox that keeps work-related applications separate from users' personal apps, which they are allowed to load on their iPads.
Tellabs' mobility strategy will allow it to accommodate other tablets down the road, and to accept employee-owned smartphones, tablets and other gadgets, as long as they are properly secured.
Among what's covered in the Tellabs Global Mobile Device Policy is who is eligible for mobile devices, how expenses related to the devices will be approved, what happens if theft or loss occurs, and who is responsible for technical support. (In general, Tellabs supports devices owned by the company; employee-owned devices are user-supported.)
Bring-your-own iPad? Sure!
Active Interest Media (AIM), a publisher of enthusiast magazines and websites, uses MDM software from Good Technology that enables the company to accommodate employee-owned devices, be they iPads or other tablets, as well as an array of smartphones.
In addition to the user-owned tablets coming into the firm, AIM has just purchased a fleet of 20 iPads it offers to staffers on a loaner basis for travel in lieu of bringing their laptops.
Good's Enterprise iPad App synchronizes Microsoft Exchange and Lotus Domino email, calendar and contacts and pushes that data out to users as long as they have a username and proper password. It also affords IT granular control over things like apps and corporate data access, according to Nelson Saenz, director of IT at AIM.
"Bring-your-own iPads are treated as any other mobile device, just like a phone would be," Saenz says. Users submit a form that provides consent for installation of the Good app on their device for management purposes, for remote wipe if the device is lost or stolen, and to confirm that they will abide by AIM's usage policies.
If things change, the Good MDM platform can help enforce policies as they evolve. For instance, Saenz says, "from a security standpoint, we haven't felt the need to put stringent restrictions on apps or iTunes access, but if that should change, it can all be done within the Good console."
Keeping ahead of apps
While security concerns are rapidly being addressed, there are other IT issues that remain in flux. As users' requirements move beyond email and calendar access to apps and other corporate tools, IT needs to create a strategy for application delivery.
The options are to load corporate apps on the iTunes store and come up with a solution for secure delivery, or create an internal enterprise app store that IT can manage within the corporate network. Companies also need to determine if and how they will restrict certain apps -- both commercial and corporate -- from being loaded onto corporate tablets.
At Conceptus, a medical device manufacturer, IT has taken an active role in tackling such questions. The company isn't supporting employee-owned devices, but rather has purchased more than 250 iPads for its executive staff and the field salesforce to access customer relationship management and marketing support applications.
The company has also modified its usage policies to allow users to put personal apps on the devices -- with the understanding that they might have to be remotely wiped in certain circumstances and that they can't become so laden with content that they become inoperable for corporate uses.
In addition, Conceptus has developed its own enterprise app store to distribute internal apps so that it doesn't have to worry about serving up proprietary programs in a public forum, according to Jeff Letasse, Conceptus' CIO. Currently, the internal app store serves up about five apps, including an in-house sales and marketing tool, and Letasse is hoping that number will quickly grow.
Even with IT's involvement, there are still gray areas where users are in the driver's seat. Take upgrades, for example. Instead of having Letasse's group orchestrate an operating system upgrade over a period of months, as it would with PCs and laptops, iPad users can upgrade iOS at their leisure without enlisting IT and without giving the group a chance to test the new technology with enterprise systems.
"We in the support world are trying to grapple with a loss of control," says Eric Simmons, Conceptus' director of IT operations and ERP solutions. "Users can upgrade an app or the operating system without us, and that makes us have to [better] manage testing and make our support mechanisms better."
While the team is still hammering out its processes, it stays on top of upgrades by using an MDM platform from Zenprise. When the company needed to push out a recent upgrade to its Experience Essure sales and marketing app, Zenprise fed live data about who had upgraded to Conceptus' data warehouse; from there, managers could check to ensure that their employees were using the right version.
The IT group is also making a concerted effort to communicate with users more frequently, and has instituted programs like an "app tip of the week" email newsletter to help guide users.
Solving support issues
While the iPad and other tablets may be relatively easy to use, experienced tech managers say IT should still come up with a formal training program to orient users to the utility of new devices and acquaint them with any new usage policies and application delivery mechanisms.
Software giant SAP has rolled out 3,500 corporate-issued iPads across finance, executive management, sales, marketing, and service functions. At SAP, Web 2.0 technologies like wikis and other self-service support functions are playing a key role in acclimating users and in keeping the support burden down for the IT help desk, according to Oliver Bussmann, SAP's CIO.
"We have a central place of information where users can go to learn how to use functions, find out what apps are available, [learn] how to use the apps, and to get answers to general questions," he explains. "We needed to beef up first-level support, knowing that there would be a groundswell of devices, and we had to educate users to utilize self-service online."
SAP's MicroApps Gallery classifies apps into three categories: internal, external and playground.
Internal apps, of which there are currently fewer than 10, give traveling employees access to CRM, ERP and internal social media services; external apps, now numbering around 50, are built for the SAP sales teams to demo to customers; and playground apps, of which there are about 40 to date, can be upload to the gallery by anyone to solicit feedback from SAP colleagues.
'Embrace the technology'
Back at RehabCare, CIO Escue doesn't appear to be overly concerned about the support burden on IT. His group helps users connect their iPads to their home computers and encourages them to make their devices their own for personal use. His thinking: "We suspected they'd take better care of the device if it's got their personal stuff on it."
The strategy seems to be paying off. Internal benchmarks show that the help desk group had 1,800 device replacement tickets in 2009, and that number plummeted to fewer than 150 in 2010 (including smartphones, laptops and the iPad).
RehabCare IT currently supports just under 1,000 iPads, 2,000 iPhones and 9,000 iPod Touches, which it uses as inexpensive wireless devices that allow part-time and freelance workers in the field to access the company's healthcare apps.
For now, Escue is content to stick with the corporate-owned mobile device strategy and a commitment to Apple gear. Nevertheless, he is mindful of the broader changes under way and thus can't rule out supporting other tablets and platforms over time.
"While our policy doesn't preclude people from bringing in their own technology, if we truly support BYOD [bring-your-own-device], then people might go out and buy other devices," he says. Rather than trying to exert control over users' technology choices, Escue adds, "the smart thing to do is embrace the technologies and leverage the heck out of them."
Stackpole, a frequent Computerworld contributor, has reported on business and technology for more than 20 years.
For comprehensive coverage of the Android ecosystem, visit Greenbot.com.