Although some organisations initially tried to resist the trend of employees using personal mobile devices for work, it seems that many have now accepted their inevitability. A Cisco survey of 600 IT and business leaders in the US has found that 95% of respondents said their organisations permitted employee-owned devices in the workplace.
If personal mobile phones and tablets are now an integral part of working life, how can enterprises turn this to business advantage? Many organisations have begun cautiously, by allowing employees to access the firm’s email and calendar applications from their mobile devices. Even this can save time and money – in the space of one quarter, Intel saw 640,000 emails sent from employees’ mobile phones, which it calculates as creating an average of 51 minutes of user productivity gains a day.
Email and calendar are only a small part of the mobile app story, however. Intel is now planning to make instant messaging, conference room reservation and audio conference speed dialing available from users’ mobile devices.
The number of mobile business apps – some cloud-based, some residing on the device – is proliferating. We can expect to see even more being developed as a result of the new HTML 5 standard, says David Bradshaw, a research manager at analyst IDC. HTML 5 makes it possible to develop apps simultaneously for different mobile platforms, so that a business that chooses to roll out a sales app, for example, can make it available for their whole sales force, regardless of whether they’re using Android phones, Blackberry or iPhone devices.
Some mobile apps are simply mobile versions of existing enterprise apps – Oracle, Salesforce and Siebel offer mobile versions of their CRM solutions, for example. Although there can be design problems relating to the size of screen, these apps are useful simply as a way of allowing people to carry out tasks away from the office – sales people can retrieve information about customer accounts or respond quickly to leads on the road, for example. As Adam Thilthrope, director for professionalism at BCS, the Chartered Institute for IT, says, “For anyone who’s really engaged in mobile or international business, inputting notes in real time so that it goes straight into the CRM through your app is going to be a really big asset.”
There is also a growing number of apps designed specifically for mobile use. These can be very generic or targeted at particular sectors. An example of the former is BoardVantage, a collaboration app that allows a board meeting to take place on an iPad. The app stores all the relevant board information securely on the device. Another is Mimecast’s cloud-based Mobile Access app that provides users with access to their entire email archive from their mobile phone.
Thilthorpe cites on-boarding as an example of a generic business process that works well as a mobile app. When a large organisation takes on new starters, instead of sending them lots of paperwork, it gives them an app both to provide personal details the organisation needs and to inform the new starter of relevant organisational information.
The benefit, says Thilthorpe, is that it provides a “a streamlined and seamless process of bringing those people into the organisation.” But there is another advantage, he says, which is that in an age when people increasingly use their mobile phones to carry out personal transactions, it “tailors the experience of engaging with your employer in a way that is familiar and intuitive to the individual. It provides the sorts of interactions that these individuals expect in their social life.”
Sector-specific apps are flourishing in areas such as medicine and pharmaceuticals, where professionals are likely to spend a lot of time away from their desk and there is often a need to access a body of knowledge quickly while, for example, performing ward rounds. There are numerous apps (often developed by pharmaceutical companies, and available for free) that help doctors make diagnoses or calculate the correct dosage, as well as apps that give them access to journal articles, databases and trial data. Apps such as these make professionals not only more efficient, but more effective at their job.
It is possible to create apps in-house, though in practice there are now so many commercial apps available that one might question whether it is worth the effort. In some cases, it can be useful: the law firm Eversheds, for example, developed an app that allows lawyers to switch their PC on and off remotely from their Blackberry, so that by the time they get into work, the PC has run through its virus-patching and security checks and is ready to use. Some firms have launched simple mobile apps for customers and partners – Eversheds has a free app for HR professionals, available on Blackberry and the iPhone, that provides answers to commonly asked questions about employment law in 25 countries.
There are, of course, management issues to consider when provisioning mobile apps for users. Cost is unlikely to be a major problem – most apps are relatively cheap and many are free. The bigger questions are: should the organisation decide which apps employees use, or let them choose their own apps? Does it make sense to have an in-house app store? Should apps sit in the cloud or on the device? How can the organisation make sure that sensitive data is kept secure?
Many enterprises choose to specify which apps users can and can’t download on to their devices so that they have some degree of control over sensitive information. One step on from that is to create their own app store, a portal (similar to the Apple app store) from which employees can download apps to their mobile devices. This makes sure that all users will have access to exactly the same generic apps (such as calendar and email), while users in a particular job role are given the apps necessary for that role. The app store can contain a mix of in-house and third party apps hosted internally, but can also link to external app stores.
The advantage of an enterprise app store is that the IT function can configure apps appropriately before they are downloaded, and create blacklists or whitelists of apps for users. IT then has a single point from which to manage the provisioning and decommissioning of apps and the implementation of security policies.
Eversheds’ approach, however, is to allow users to choose their own mobile apps, because users understand their own needs better than the IT function. “We’ve moved away from trying to standardise everything. We allow a totally bespoke IT experience and let the individual choose what the best product is. Why should I force a workflow engine on them if they can find an app on the iPad that suits the way they work more efficiently?” says Paul Caris, Eversheds’ CIO.
Caris’s view is that “a consumer device is no different from a business device it’s just a different procurement method.” This means that mobile devices owned by the user are subject to the same policies as those owned by the business: if staff want to use their personal device for work purposes, then they have to agree to having the firm’s security policy enforced on the device and to data being wiped remotely if the device is lost or stolen.
Whichever approach is chosen, it is still hugely important to put security policies in place to protect corporate data. The balance between security and usability is always a delicate one. Intel insists that all devices used to access corporate data, whether they are personal or company devices, are equipped with two-factor authentication, store data in encrypted form and are subject to patch management. All devices can have data wiped remotely. The company’s security policy was drafted in consultation with its legal and HR teams – and, unusually, with employees themselves, through a blog. This enabled the firm to find out how employees used their personal devices, and whether they were prepared to increase security habits for more device freedom.
The decision whether to adopt apps that sit on the device or in the cloud – or a combination of both – can also be tricky. The advantage of the cloud is that data will not be held on the end device, and upgrades and patches are taken care of centrally. The potential downsides are that users always have to have an internet connection to use the app, and the organisation has less control over the app’s availability. “It’s one area that needs to be managed closely to make sure that the service level is maintained and that functionality works no matter what the end point is,” says Peter Bevan, market development manager for Intel.
Concerns about security and technical issues should not, however, override the fact that the advent of apps for Smartphones and tablets has enabled organisations to offer a greater degree of flexibility to their workforce. Although there are security and management challenges in implementing mobile apps, the benefits are a more productive and ultimately more effective workforce.