Hesam Seyed Mousavi, February 28, 2019
By: Arun Bhattacharya
The Revolution Will Be Mobilized
Mobility is transforming our lives. How we bank, shop, entertain, travel, learn, make decisions, and work. We’ve gone from a world that had only 500 million telephone lines in 19901 to one in which there will soon be more active cell phones than people. And as billions of sensors and devices intelligently connect to form the Internet of Things, we’ll access all manner of smart products and services via mobile technology and applications.
But, are you ready for the mobility revolution? Consider the following questions to ask: Can you seamlessly connect your mobile workforce to back-end systems for increased productivity? Are you prepared for an exponential increase in business activity from your always-connected customers? Can you balance employee and customer privacy requirements with enterprise security goals? Is your infrastructure and architecture flexible and robust enough to support devices, apps, and the Internet of Things? Are your teams responsive enough to keep up with an always-on business world and 24/7 connected customers?
The companies I’ve worked with that are best positioned for the mobility revolution are considering mobility far more broadly than Bring Your Own Device (BYOD). Those on the cutting edge are developing an enterprise mobility strategy that takes into account the above requirements and more.
Three Core Tenets of Enterprise Mobility
An enterprise mobility strategy is less about managing mobile devices and more about being an advocate for the business—enabling the business to integrate and deliver new and innovative business services more quickly. It is more about enabling and accelerating new windows of opportunity and efficiencies and less about restricting access and choices, which can have the unintended consequence of slowing business down. Even so, security remains fundamental to making these new and innovative business services possible. An enterprise mobility should always engage customers in powerful new ways, boost employee productivity and connectivity, and enrich the business with new innovative services.
Seven Steps to Ensure an Unbeatable Enterprise Mobility Strategy
Even if you can’t anticipate all the ways mobility will transform your business three, five, or ten years out, there are seven steps you can get started today to develop an enterprise mobility strategy that will accelerate your mobility transformation and ensure you are prepared for what the future has in store. First, start with the end in mind—define your business goals and outcomes. Second, choose the right experience – is it a native app? Or a mobile website? Third, strive for continuous application delivery. It’s important to use APIs to deliver a seamless user experience—and to make sure the APIs are secure. Throughout this process be sure to stay focused! The device is one thing, but managing information is everything. Next, be sure to take control with an end-to-end security strategy. And finally, you should govern mobility globally, but empower your business departments locally.
One: Start with the End in Mind—Define the Business Goals and Outcomes
Many companies jump right into implementing half-baked mobility plans without thinking first about desired business outcomes. They move quickly into “how can we support the Apple iPad,” without first making sure they understand what the company is trying to achieve by using tablets and other mobile technologies. You’ll need to consider many things when building an enterprise mobility strategy. First, how do your employees and customers interface with your business and consume your core products and services today? Second, does the ability to engage with your company through mobility create new opportunities for your business, and if so, how can you capitalize on those opportunities? Are there new applications or interfaces that need to be developed? And finally, do processes need to be re-engineered or infrastructure upgraded and better-managed in order to deliver the right experience for your employees and customers?
Two: Choose the Right Experience
Mobile app development is different than building a traditional application. There are two basic approaches to building a mobile app. One is to create a mobile website, which is essentially a website, which is tuned to work well on the small screens of a mobile device that can be accessed at any time by the web browser of any mobile device. The other is by developing a native mobile app, where a custom application is built for a specific type of device, and the user must download and install the app on the phone before it can be used Both approaches have their advantages and disadvantages.
The Pros and Cons of the Mobile Web
There are many pros when it comes to the mobile web. First off, mobile websites are a good first step in many circumstances. The sites are easy to build and easy to change and anyone can access and use the mobile website, no matter what device they have. Also, Visitors don’t need to download anything to use the mobile website and Mobile websites are a great way to attract new visitors.
There are, however, some cons when it comes to the mobile web. Mobile websites don’t necessarily offer a great user experience, and they are typically good enough for addressing the needs of casual visitors, but to really engage with users—customers, employees, or partners—you might need a native app. Mobile websites also require a connection via the Internet, so any user in an area with poor connectivity will not be able to access the website.
And lastly, Mobile websites must be usable on a wide range of different display sizes. The best approaches incorporate responsive design (in which the display adapts according to the capabilities of the device) and mobile-friendly technologies, such as HTML 5.
The Pros and Cons of a Native Mobile App
There are also many positives when it comes to native mobile apps. Mobile apps offer tremendous opportunity for engagement—a high-value app will keep people returning on a regular basis, becoming a central touch-point for customers, employees, or partners. Mobile apps also offer much greater control over the user experience. They can easily support local data processing and data storage for times when the device is in an area of low bandwidth. They can also easily consume information via APIs (application programming interfaces—more on that in a bit), and mobile users prefer using mobile apps over mobile websites.
In terms of cons, mobile apps are targeted for a specific device, and it is difficult to port an app from one platform to another. Also, successful apps have to be continuously updated—it’s not a one-and- done development effort and users have to download and install the app before using it. Also, the app marketplace is crowded, and there are many alternative apps competing for the user’s attention.
Three: Strive for Continuous Application Delivery
Mobile users have grown to expect weekly or even daily updates to mobile apps. Developing for mobility requires short development cycles, frequent revisions, and an ability to support a growing number of target mobile platforms. This creates a level of complexity that wreaks havoc with the traditional approaches to application development and deployment. Instead, companies need to become more agile, both in terms of using Agile methods in software development and moving to DevOps methods to speed both the development and deployment of software.
If a business is to be successful in today’s world, it has to be agile in terms of listening and responding to customer needs. Mobility is inherently synonymous with the word agility, and adapting to the fast-cycle world of developing mobile applications can, by its nature, help increase business agility, enabling companies to move quickly on new opportunities.
Four: Use APIs to Deliver a Seamless User Experience …
The mobility revolution puts incredible power in the hands of the end user, but that power depends on access to back-end information systems. Application Programming Interfaces (APIs) encapsulate back-end information systems, allowing them to be leveraged by front-end mobile applications for entirely new uses. This means that the existing systems don’t need to be touched, while a new mobile application architecture is built around them. APIs are windows into applications, providing a direct conduit straight into the application’s back-end databases.
APIs also open up enterprise resources to third-party developers. This is an interesting approach, as resource-constrained companies no longer have to develop their own mobile apps. Instead they can engage with outside partners that are part of a company’s larger “ecosystem” to develop, market, and maintain mobile apps.
… but Make Sure APIs are Secure
Done right, APIs are a way for companies to tap into entirely new markets and new customers. Done wrong, APIs open the enterprise up to a huge array of new attack vectors for hackers to exploit. The unfortunate irony is that the same things that make APIs great also make them a perfect target for hackers.
Seamless and secure API management needs to be a key element of any enterprise mobility strategy. The use of APIs is exploding in popularity because it builds on well-understood techniques and leverages some existing infrastructure. But it is a mistake to think we can secure APIs using the same methods and technology that we used to secure the conventional, browser-centric web. While it is true that APIs share many of the same threats that plague the web, they are fundamentally different and have an entirely unique risk profile that you need to manage.
Five: Stay Focused! The Device is One Thing, but Managing Information is Everything
Data is at the heart of any enterprise mobility strategy. You need to understand what happens to the data that is being used on these mobile devices. Its important to ask, what information do people need on their mobile devices? What are they going to do with that data? Will they need to make changes to it? How do you ensure access to data, even in locations where cell service is spotty? Is it OK to cache data on mobile devices? How are you going to protect your data while in transit over the network, or stored on the device that’s outside your firewalls?
There is a lot of focus in mobility management on managing devices, applications, and content. But the reason that you’re managing all of these things is to ensure that your people have access to the information they need while protecting your company information from exposure to an outside entity. In terms of the top seven considerations, one of the highest priorities is thinking about the secure and efficient portability of content (or data) in any given context (like location or network characteristics).
Six: Take Control with an End-to-End Security Strategy
Part and parcel of ensuring that the right people have access to the right information is determining the user’s identity and enforcing proper rolebased access and security policies are in place. Many organizations believe that mobile security should be focused on the device or the app, but you should take a more holistic view. As we expose new mobile-oriented services (such as APIs), you must secure the backend integration and the transactions that are happening between the client and the back-end servers. Without comprehensive security, exposing these different services opens your organization to many different threats, such as SQL injections (a form of attack where malicious SQL data query statements are inserted into a data entry field in a way that exploits weaknesses in an application).
Leveraging Security Standards
The proper security measures should always be taken into account for securing mobile apps and associated services. This might mean taking advantage of the different types of security solutions available rather than building your own. Software development processes can be the source of security vulnerabilities. Therefore consider leveraging the many different methodologies focused on improving the development process, reducing errors, and the vulnerabilities resulting from inconsistent and non-standard approaches. It’s important to review standards such as OAuth 2.0 or OpenID Connect and others you currently adopt. This can standardize the security approaches that you should build into your mobile app process.
Balancing Security with User Experience
Another key consideration for mobile security is that the mobile device is built around convenience. Mobile security works best when it doesn’t infringe on the intuitive user experience of the mobile platform itself. Otherwise, people will “vote with their feet” and simply not use your mobile service or, worse, find insecure “workarounds.” There are many ways to implement strong security while retaining an optimum user experience. One way is Single Sign-On (SSO), which is especially useful if you are engaging users across multiple applications. Users only have to log in once to get access to multiple applications. Another is strong authentication that moves beyond just passwords towards more innovativeIdentity & Access Management solutions. Features such as Apple’s Touch ID are proof that users don’t like passwords and want a more convenient experience when they’re accessing applications. And a third is geo location services that allow access depending on where the device is located. If someone is using an application from a company facility, they might be given relatively easy access to the information. If they try to use the application from a remote location, they might be required to go through a more rigorous login process, or even be blocked entirely. While security is obviously important, you have to think about the convenience factor as well and how you can improve the user experience.
Seven: Govern Mobility Globally, but Empower Your Business Departments Locally
The final consideration is the overall management and governance of mobility. You need to address questions, such as, who is in control? Who should be in control? Who is empowered? Who isn’t empowered? It comes down to who in the organization has both the right and the responsibility to make the policies and decisions around mobility. Unless you have that understanding, it will be difficult to establish a cohesive mobility strategy. Mobility is such an allen compassing technology with a widespread impact, everyone in the organization will feel they have at least partial ownership of how mobile technology is used. Marketing will have its perspective, as will sales, HR, manufacturing, logistics, etc.
Eliminating Mobility Silos
While BYOD is very widely adopted, far fewer companies have implemented a comprehensive enterprise mobility strategy. When there isn’t a consistent governance policy in place, the approach to mobility tends to become fragmented and siloed, with each department executing on its own strategy. Without a high-level, enterprise view of mobility and the governance policy to support it, mobility management will be supported by a series of redundant and fragmented point solutions, which can be quite costly. Worse still, failure to implement an end-to-end strategy leads to increased risk and suboptimal service from lack of coordination.
Managing Exponential Complexity
If you think that mobile technologies are difficult to manage today, you haven’t seen anything yet. The growing use of mobile is going to lead to an explosion in complexity. It’s important to think of the volume of data we will be dealing with as the Internet of Things emerges and elements as diverse as traffic lights and heart monitors start using mobile technology to communicate their status. The sooner you address the need to holistically manage an explosion in complexity, the better positioned you’ll be to take advantage of the mobility revolution. Taking action on these top seven considerations will help you prepare for the tremendous changes that lie ahead for us.
(number of devices or things)x x (number of applications)y
x (number of platforms or operating systems)z = (HETEROGENEITY)n
All of this might seem daunting. But we can meet these challenges by applying well-known life cycle management disciplines to new technologies and business models. You also have help, as many traditional management vendors (yes, including CA) are adapting our proven tools to this new world, and acquiring the technology we need to fill any gaps.
The upside for you: The ability to deliver a world of new capabilities to differentiate your selves as we move towards Internet of Things for the enterprise.
By: Arun Bhattacharya