Supporting Mobile Devices: Current Issues, Current Solutions


Current Issues, Current Solutions

by Roy Atkinson
May 25, 2012

 

“We have to accept that workers are no longer chained to their desks and not always using company-issued computers. Regardless of operating system, hour, or location, employees will be sweating to meet deadlines and help desks will need to support them.” —Doug Mueller [1]

With the tremendous growth of the mobile phone market in recent years, you no longer call the home or the office or the car; you simply call the person. This has been a subtle, but rapid and universal paradigm shift. Wires are disappearing, just as that old bastion of communication, the phone booth, did. What’s more, unified communications systems can make the boundaries between office, airport, hotel, and coffee shop disappear. According to phone maker Ericsson, mobile broadband users numbered half-a-billion in 2010; that number will double in 2011 to 1 billion users. That’s a lot of new users to support. Are support organizations ready?

This article will tackle the support issues surrounding the mobile device revolution, that explosion of the demand and adoption of consumer mobile devices, such as smartphones and tablets. This article is based, in part, on data collected for the HDI Research Corner report “Supporting Mobile Devices.” As an indication of the rate of change in this market, the data for this report was collected in November 2010, and by the time the data had been collected, analyzed, and reported on, a new smartphone—the Windows 7 phone—had been released, presenting its own challenges and opportunities for support.

It’s the day after the New Year’s and the calls are streaming in to the service desk:

  • “How do I connect my iPad to the department’s shared drive?” 
  • “How do I view a presentation on my new BlackBerry?”
  • “What’s the best app for editing Word documents on my iPhone?”
  • “How does this Droid app connect to our central database?”

And what’s worse is that only one of these hypothetical callers has a mobile device that was purchased by the company.

If you were to state many companies’ policies about supporting personal devices in a slightly different way, what you’d be telling your end user/customer is, “We’re sorry, but our policies do not allow for you to be more productive. You’ll have to choose between sitting at your desk to wait for the quarterly sales report or going to your daughter’s soccer game. You cannot do both.” Of course, both the employee and you know quite well that, yes, you can do both. That smartphone is perfectly capable of connecting to the company’s e-mail servers, but the company doesn’t own the tools to properly manage it as a network client, or to ensure the security of important data should the device be lost or stolen. The employee could go to the soccer game and get the e-mail about the sales report on her phone, “if the IT department would only let her.” Likewise, you would gladly work at home for an hour or two in the evening if only you could use your iPad to read and reply to all the e-mail that seems to pile up on its own every day. But your company does not support your device or allow it to connect to any company resources.

Later in the day, you happen to be walking past your friend Mark’s cubicle. Mark is a fairly tech-savvy guy. You overhear him saying, “Sure, I just set up a rule in Outlook to send all my e-mail to my Google Mail account, and I get it on my Droid from there. It’s easy.”

There appears to be a tug of war going on here, and it’s growing more difficult by the day. On the one side is IT, trying to deliver on its promises to the business that its data will be secure, it will comply with regulatory obligations like HIPAA (the Health Insurance Portability and Accountability Act) and SOX (the Sarbanes-Oxley Act of 2002), its hardware will be standard and inexpensive, and its resources will be protected and available to those who are authorized to use them—and to no one else. On the other side are employees whose workload has increased, who face the demands of parenting their children and caring for their parents, and who would like nothing better than to have the ability to work both smarter and harder, given the tools to do so. In one study, employees said that they expect to have access to “networks, applications, and information anywhere at any time.”[2] Of course, this raises questions far beyond the scope of the technology itself. There are HR considerations, such as overtime, differentials, work-at-home policies, and so on. But essentially, employees want to be more productive, and they have the means to do it literally in the palms of their hands.

How should the support center respond? How should IT in general respond?

According to the HDI Research Corner survey report “Supporting Mobile Devices,” only 2 percent of respondents reported that they are staying ahead of the technology, while 49 percent are struggling to keep pace and another 8 percent have simply opted not to support mobile devices. Meanwhile, 44 percent of respondents say their policies regarding mobile support are in development, while 45 percent say they have policies that are well defined. This tends to indicate that organizations are choosing a policy-driven, rather than completely technology-driven, approach to handling the increased demand for mobility. Policies are far less expensive to update or modify than infrastructure is, but policies do take time to create, gain approval from senior management, and publicize to the user community at large. At the same time, an organization’s technology must be “in sync” with its policies, or the policies are unenforceable.

HDI member Todd Wheeler contributed these notes to a discussion on mobile device support in the HDI Professional Association Group on LinkedIn:[3]

We issue BlackBerry as the standard corporate mobile device, but due to popularity and user requests, we’ve recently begun allowing iPhone 3GS, iPhone 4, and iPad users to connect to corporate e-mail. (Only these newer iPhone/iPad models are allowed due e-mail encryption capabilities. We do not support the Android platform.)

Our users must purchase their own device and service plan. iPhone users may return their corporate BlackBerrys and port their BB numbers over to their iPhones if they wish. Users who return their corporate BBs are eligible for reimbursement for their iPhone service up to $100/month.

As for support, our help desk analysts assist with e-mail configuration only. The users must maintain their own device and service account with AT&T or their international carrier.

We do have a “contract” or disclaimer presented to users that makes it clear that IT may send a wipe command to their personal device as we deem necessary (i.e., the device is lost, stolen, termination of employment, etc.). We do NOT allow iPhone and iPad users to connect to our network via VPN.

Given this description and reports of similar policies in other organizations, some key components of policies directed toward the use of mobile devices are:

  • Having clearly stated security goals, communicated in a way that employees can understand; 
  • Providing for both company-owned and personal devices, clearly stating any differences between the ways these devices are supported; 
  • Remaining general enough to provide for changes in mobile operating systems and capabilities; and 
  • Being specific enough to be effective and enforceable.

Notice that Mr. Wheeler’s statement fits this outline quite closely by differentiating between personal and company ownership, stating security goals (encryption), and setting expectations for the limits of both support and access to data. Also, notice that changes are being driven by the end user/customer.

The HDI Research Corner report also reveals how organizations are thinking about mobility; for example, even though BlackBerry is currently the frontrunner among company-owned devices, organizations are less concerned with specific brands than they are with ownership. The decisions surrounding which devices to buy and support are generally not made by the support center, and probably not even by IT. They are made by purchasing, finance, or other functions, though IT may (and should) be brought in as a partner to advise on security and overall compatibility. The high cost of fully supporting company-owned devices is daunting to many organizations. A highly mobile user whose phone and data plans are paid by the company can cost as much as $3,000–4,000 per year, so caution is certainly warranted. The result, at least for some companies, has been to adopt a BYOD (Bring Your Own Device) plan, allowing employees to choose among mobile devices, and offering shared costs.[4]

In all cases, however, IT is the target of blame by end users/customers for not allowing certain devices or certain types of connections in favor of others, and the support center, as the public face of IT, must field these complaints. They must be equipped with the correct information and tools to be able to:

  • Differentiate between supported and non-supported devices quickly and easily; 
  • Explain clearly the limits of support for any device, whether company-owned or personal; and 
  • Provide support within those limits quickly and easily.

IT in general, and the support center in particular, find themselves wrestling with a changing market. New devices are emerging and gaining market share rapidly; OS upgrades and new hardware versions are changing the game when it comes to encryption, application compatibility, and sheer computing power. What’s demanded by corporate leaders and other workers today will likely not be what they want next year. According to a report published in November 2010, “A survey of nearly 200 enterprise IT decision makers shows widening support for multiple operating systems. More than half prefer the BlackBerry today, but three-quarters expect to prefer a different platform two years from now.”[5]

So, what are the answers? How can IT and the support center keep up? Where is the market going? How can IT anticipate the changes? What actions can we take now to prepare for this huge shift?

Those are all valid questions. But maybe they aren’t the right ones. Certainly, part of the answer is to integrate mobility services into the array IT offers to the business, and to negotiate the terms of those services in the same way other services are introduced, provisioned, and supported (using, for example, the processes associated with ITIL or other ITSM frameworks). Happily for IT (from a technical, if not a financial, perspective), whenever there is a huge market move, vendors will fill the vacuum. More companies are introducing mobile device management (MDM) and related products (i.e., security and antivirus), and many of these companies are already familiar to most IT organizations.
Some vendors are even offering (or plan to offer) multiplatform mobile solutions and outsourced MDM.

“No longer bound by the walls of the corporate headquarters, business professionals equipped with industry leading wireless handhelds and software are increasingly able to do business anywhere, anytime.”—Good Technology

In the last issue, we looked at where the support center finds itself today with regard to the support of mobile devices, whether company-owned or personal. In this article, we’ll dig into some ways in which support centers should prepare themselves for the unavoidable changes on the horizon. The rapid adoption of mobile devices is neither a fad nor a race to be “cool.” It is part of a real revolution in the way people can work and will work. In February, for example, Gartner announced that they were lowering their forecast for PC sales for 2011 and 2012, mainly because of growing interest in the tablet market. Organizations that are not positioned to respond in a way that makes sense—to both management (including the C-suite) and employees—risk of being overwhelmed when support demands spike, or being ignored as employees use inexpensive or free consumer-level tools to make an end-run around existing policies.

One size does not fit all, of course, and certainly an institution of higher education’s support demands are very different from, say, a banking institution or a healthcare provider. Regulatory compliance must be taken into account when considering the support of devices that are aimed primarily at consumers, who often connect over consumer-grade wireless networks with no security standards. As outlined in the HDI white paper “The Mobility Revolution and Its Consequences for Support,” there are three ways to think about policies for mobile support:

  • The exclusion approach: Narrow, strict policies; may be best for regulatory compliance;
  • Usage limitation: Allows for some personal devices, based on established standards; and
  • “Bring your own device”: Wide open, or nearly so; expects end users to manage themselves.

The first of these, the exclusion approach, runs the highest risk of being out of step with both employee desires (including those of the C-suite) and general industry trends. Exclusion has benefits for security planning, certainly, but the right tools and policies must be in place for it to work. Written policies must be enforced, and the organization needs to have the tools to enforce them.

The second approach, limitation, has some innate advantages. If your organization provides mobile devices to just a few employees but wants to respond to demand from a broader cross-section of its personnel base, it might want to consider allowing personal mobile devices to connect to e-mail systems, provided the devices meet some minimum requirements (data encryption and remote wipe, for example). These requirements should be clearly articulated and communicated. And if the organization purchases dedicated mobile device management (MDM) tools, it will be better able to support the increased use of mobile devices.

There are some prominent advocates for the third approach, the “bring your own device” (BYOD) policy, but this approach requires IT departments to rethink the tendency to want complete control over the devices that can connect to the network and/or access internal resources. The virtualization of internal applications, coupled with lightweight clients for common mobile devices, can provide the secure access employees need without actually transferring any data to the mobile device. This approach can satisfy both the need for security and the demand for mobility. Of course, good practices for password strength and use are crucial when providing such access; password policies should be enforceable, and employees should be educated on the risks to the organization. Much of this communication becomes the task of “the face of IT”: the support center.

The Support Center's Role in Communication

Because the support center is uniquely positioned to “touch” end users, it is important to have a good change communications plan, especially when it comes to mobile support. The support clear, consistent messages about mobile device connectivity to those who are using them. If employees don’t fully understand the implications of mobile device use, the organization’s data and access security may be put at risk. As revealed by a Cisco study, there is a serious gap between how IT professionals think about security policies, and how employees think about the same policies. Closing this gap requires a good communications plan:

  • Know and understand what your policies and procedures are now, and what they will be;
  • Create memorable talking points for your entire team;
  • Make multiple communication channels available:
    • Put a tag line on outgoing e-mails with a link to information;
    • Have agents/analysts ask if callers have any questions about mobile devices and record those questions for inclusion in FAQs and the knowledge base; and
    • Take advantage of tools like wikis and internal chat.
    • Make sure the message is consistent across teams and channels; and
    • Plan ahead—don’t wait until you get a question you can’t answer (i.e., prepare your escalation plan in advance).

    New Technologies Make Things Possible

    It cannot be stressed enough: Mobile technologies are evolving extremely fast. Because of the rising demand for mobility, developers are rushing to produce products that will provide mobile users with the greatest flexibility and IT departments with the greatest control over secure access.

    Relative to mobile support, two types of virtualization should be considered. The first is the virtual desktop infrastructure (VDI). Desktop virtualization is already underway in many organizations. The “always on” managed desktop is available at all hours and in any location where the employee has access to an Internet connection. With the development of software clients that are capable of running on mobile devices, VDI can be extended to tablets and smartphones, with processing power and data management
    provided by the data center—or even the cloud.

    The second type of virtualization happens on the mobile device itself, effectively creating multiple devices—usually one for work and one for personal use. In such cases, mobile device management (MDM) tools can enable the IT organization to focus on the “work side” without too much regard for specific platforms (e.g., iPhone, Windows Phone, Droid, and others), leaving the employee free to use the “personal side” of the device without restrictions.

    As an alternative to virtualization technology, more straightforward MDM products allow administrators to set policies for authentication and authorization, enforce data encryption, perform remote wipes, manage mobile data plans, and provide remote assistance for mobile clients. To this last point, with the newer generation of MDM tools, IT organizations no longer need to buy platform-specific device management software. This gives the organization greater flexibility, enabling it to support an array of mobile devices. One global MDM company even offers an end-to-end mobility solution that includes mobile device client software, services gateways, and mobile service providers. The aim is to provide a secure environment in which mobile workers can operate without exposing the organization to the unexpected risks and changing cost structures associated with different mobile access points and networks.

    These emerging technologies can change the game for support, but only if they are integrated into ITs service offerings. Most companies, especially over the past few years, have not had the budget flexibility to make major technology purchases; and even as the economy turns around, businesses will have hard decisions to make when it comes to spending any available IT dollars. In some cases, businesses may decide that the best bet is mobility, and IT—and the support center, in particular—should be prepared to respond quickly to the modifications and additions required to support it.

    IT service management is flexible and inclusive enough to accommodate this new technology. However, the focus should be on the services, not on the devices, because the mobile device market is constantly changing. The software tools exist now—and are developing rapidly—to allow secure, flexible mobile support, almost without regard to platform or device. As with any new technology, it is our job to learn as much as possible and be prepared to deliver support and education to our end users. When assessing your readiness to take on new or additional support responsibilities in today’s mobile landscape, consider the following questions:

    • Do we understand the technology our organization has chosen, and how we are to support it (e.g., service level agreements, operating level agreements, and underpinning contracts)?
    • Do we have the knowledge we need to provide the support (e.g., FAQs, knowledge bases, etc.)?
    • Are we providing the right channels for end users to contact us for information (e.g., self-service, phone, e-mail, chat, instant messaging, social media tools, etc.)?
    • Do we have the right hours of operation?
    • Do we have the right staffing levels and skill sets?

    Armed with the answers to these questions and others, IT organizations can move into the mobility era with renewed commitment and an improved capability to support the needs of their organizations.


     

    Roy Atkinson is HDI’s senior writer/analyst. He is an HDI-certified Support Center Manager and a veteran of both small business and enterprise consulting, service, and support. In addition, he has both frontline and management experience. Roy is a member of the conference faculty for the 2011 HDI Annual Conference & Expo and is known for his social media presence, especially on the topic of customer service. He is also the outgoing president of the HDI Northern New England local chapter.

    Tag(s): process, practices and processes, technology

    Related:

    More from Roy Atkinson :


    Comments: