Mobility is an integral part of any successful business today, but IT organisations are still getting their heads around how to approach network strategy to best enable this way of working.
The hybrid nature of most IT estates these days has only added to the complexity – with mobile apps connected to both cloud-based and on-premise infrastructure.
Meanwhile, the cyber threat landscape only continues to worsen – with mobile often at the centre of attempts to hack into enterprise networks.
When it comes to delivering the key components of a network infrastructure fit for mobility, the first and most obvious requirement is an access network for the mobile devices. This means that end users are not on a company’s trusted network when accessing information.
The important lesson for mobile architecture is that organisations cannot deploy mobile services on-premise without considering opening them up to public internet access.
Allowing mobile clients is very similar to allowing external web access: organisations must enable open access.
‘Mobile forces you to rethink your DMZ security model,’ says Mícheál Ó Foghlú, CTO at Red Hat Mobile. ‘Mobile acts more like a web server but, unless you have a middleware platform, there is no server to mediate between the clients and the internal end points.’
Overcoming the acronyms
What is the best mobile strategy for the network? If can be difficult for IT directors to see through the acronyms – BYOD, CYOD, COPE, COBO – and truly understand what is better for their organisation.
BYOD is the most well known of the mobile strategy acronyms. Short for ‘bring your own device’, BYOD gives employees the freedom to use their personal device in the workplace and access the company network with no restrictions.
CYOD means ‘choose your own device’, in which the IT department offers employees a choice of company-approved devices for use in the workplace. Either the employees pay for a device themselves with a discount from the company or the company provides the chosen device for the duration of their employment.
COPE, which stands for ‘company-owned, personally enabled’, means the device is paid for and chosen by the company but the employee can also use it for personal activities (with restrictions), while COBO (corporate-owned, business-only) is the traditional method of device supply for business purposes.
When enterprises use current mobility solutions, too often employee productivity slows to a crawl. Mobile is relatively static in the enterprise at the moment because many workers still can’t use their devices for core business tasks and functions.
Many instead find their own workarounds to use on their devices in an effort to improve productivity and better collaborate with colleagues, partners and customers.
The trouble with the mobile strategies prevalent today, says Synchronoss CMO Jay Chitnis, is that organisations are forced to make a trade-off between productivity and security. BYOD may provide more freedom, for example, but at what cost?
‘Workers at an organisation with a BYOD strategy in place are concerned that the personal content on their own device is at risk if their corporate network is the target of a malicious attack,’ he says.
However, Paul Clarke, channel manager at 3CX, is confident that BYOD is the only way to go. ‘Ultimately a mobile strategy must be based on the needs of end users, who will chafe at anything less than full BYOD,’ he says.
‘As soon as restrictions are placed on the devices workers can use, or where and when they can use them, they will naturally push against the edges of those restrictions and expose any limitations and reduction in productivity.’
A mobile strategy, says Clarke, should be based around unified communications, offering total mobility and flexibility so that workers can collaborate, conference or message on any device, from anywhere, at any time.
However, few vendors provide smartphone clients that provide every kind of messaging, including voice over IP, chat and conferencing. As a result, organisations must be certain that they have access to all the services they need, and haven’t neglected any core capabilities.
The second consideration is management time and costs. The IT operations time dedicated to running a unified communications system is expensive on its own. Added to this is the need to build in scalability, which can be expensive when vendors charge licence fees for adding new lines and devices.
Most traditional solutions were developed when enterprise mobility was in its infancy. However, as mobile technology has matured, user demands and expectations have increased.
These include the need for smooth, unobstructed access to corporate apps and data from their device, together with easy usability.
Conventional enterprise mobility solutions currently consist of an assortment of isolated bolt-on apps and features rather than a unified joined-up platform. They often face backwards to fix problems rather than looking forwards to enable new capabilities.
‘Importantly, many enterprise mobility solutions weren’t built for highly regulated industries with stringent security and compliance requirements – such as the financial, healthcare and legal sectors,’ says Chitnis. ‘A correctly architected solution will be a single cohesive system equipped with detailed, fine-grain policies that are hyper-responsive to the specific context of individual users.’
The success of a company’s mobile strategy depends on user adoption. Critically, the chosen approach must provide an on-device experience for employees that is seamless and straightforward, but which doesn’t compromise security.
Many companies, however, struggle to put in place networks and systems that provide the performance and productivity benefits that mobile should in theory deliver, but which don’t leave their data vulnerable to theft or their network open to attack.
Instead, they settle for solutions that are secure but which only provide their staff with stripped-down apps and tools on their mobile device.
Lack of functionality
These stripped-down versions fail to provide the same functionality that workers would expect from these apps and tools on their laptop or desktop PC.
‘Companies preparing a mobile-ready network need to focus on productivity and not be preoccupied with security,’ says Chitnis. ‘Companies that are serious about their workers benefiting properly from mobile must think of the user first. Ask the question, “What do my staff need to do on their mobile device?” and work back from there.’
Clarke adds, ‘Businesses know they need mobility, but their workers are sometimes either afraid that mobile work will be looked down on, or technically challenged and unable to take advantage. Managers need to address this with easy-to-use apps, while also making it clear that working remotely is the same as working in the office.’
A successful mobility strategy encompasses a combination of connectivity, manageability and security, to ensure that employees can work to the same level remotely as when they’re in the office.
CIOs should be considering all of these criteria and integrating IT solutions that provide the perfect blend of them – the biggest concern, though, should be security.
Recent research from Toshiba suggested that this is an area of neglect across Europe. A survey of senior IT pros found that unauthorised use of IT systems and solutions is a widespread occurrence in 43% of organisations, with 62% of staff using personal devices for remote working that may lack the necessary security defences to deter and prevent attacks.
‘Hardware plays an essential role in ensuring that employees are working securely and productively no matter where they are,’ says Neil Bramley, B2B PC business unit director at Toshiba Europe. ‘CIOs need to consider devices from a productivity perspective, while also ensuring that they have in-built security defences to protect against cyber attacks.’
State of isolation
Meanwhile, the expanding sets of endpoints in the enterprise – driven by mobility and, increasingly, the Internet of Things – are often operating in isolation from one another.
In the past, there has been a huge emphasis on SOA (service-oriented architectures) and ESB (enterprise service bus), where a heavy middleware infrastructure was put in place to aggregate internal APIs into a centralised location.
The first generation of this tended to use XML and SOAP (itself defined in XML). Modern architectures are becoming more distributed into microservices, where the applications themselves need to consume other small services to function.
Mobile typically needs these APIs to integrate with enterprise systems.
‘The potential explosion of APIs is leading to a new emphasis on the internal tooling to allow discovery of the APIs,’ says Ó Foghlú. ‘There is a shift away from the formal aggregation into an ESB, towards standardised descriptions in an API registry allowing search and discovery by developers.’
The biggest problem isn’t isolation on its own – instead, it’s not thinking about how endpoints have to function in all situations.
Laptops may be perfectly secure when they are on the company’s own network and behind a firewall, but today they will be exposed to much more uncertain environments.
This might be challenging from a security perspective, but the business expects people to connect and work wherever they are.
For IT, getting an accurate list of all devices and their status is essential to keeping assets secure over time.
‘Without this, we are essentially throwing users out into the stormy seas in paddle boats and expecting them to fend for themselves,’ says Wolfgang Kandek, chief technical officer at Qualys. ‘IT can help extend the same secure awareness and management of vulnerabilities outside the network, but it can’t rely on hands-on access. Cloud security techniques can help cope with this.’