Policies for Pad Computing Mobility – Going Mobile? – First Get a Roadmap

By Ed Cartier, xAssets Ltd.

Anyone who really believes that pad-computers (hereafter “pads” to save some ink and paper) won’t invade just about everyone’s IT infrastructure in the next year or so is woefully naïve. Strong words? Not really. First, that’s not just my opinion. The consensus of the research companies (the ones that we’ve all been taught to believe can infallibly predict the future) is that pads will outnumber laptops in the next 12 to 18 months. Second, numerous articles are appearing about what CIOs are doing to cope with the invasion of pads and smartphones. Third, employees are already bringing them to work and doing God-knows-what with corporate data on private devices. Finally, every major PC manufacturer either has a pad on the market or will introduce one shortly. These guys don’t manufacture gadgets that they don’t believe they can sell in quantity. With pads massing at the gates of your datacenter, what’s an IT Asset Manager to do?

Beat Them to the Punch

There is no sense in trying to avoid the inevitable. Instead of waiting for pads to spring up a little at a time, the IT department (CIO?) needs to take the lead in developing a policy that incorporates pads into the organization. Any policy should specify approved and supported hardware and software, what data can be accessed and stored on pads, use of employee-owned devices, and how to recover the devices and data if an employee separates from the company. With a policy as a framework, the organization avoids confusion, excess or duplicative costs, potential legal exposure and improves employee adherence. However, determining what rules belong in the policy is the easy part. Getting the policy written and followed is a whole other story.

Perhaps the most important factor in developing a policy is to realize that you can’t do it alone. I know it takes more than one individual from personal experience, having been charged with or involved in multiple policy-making efforts over the course of my career. Although the IT organization owns the network and data center, you need to recruit some folks from other departments to develop a meaningful policy and really make it work. I suggest that you identify some allies in Purchasing (Supply Chain?), Legal and Human Resources, as well as a few likely end users to form a team to develop a policy that meets everyone’s needs and that employees follow instead of working around it.

The Process

It is often said that two things you don’t want to see made are laws and sausage. Probably organizational policies should be in that group. Nonetheless, you have to both watch and own the process of policy development for IT. Start with the easy part. Once you have your management’s buy-in or directive, make it clear that the IT organization sees a need for pads in the workplace and is prepared to support the devices. Next, establish that each group is a stakeholder in the process and has a real role in the development and success of the policy. Let’s take a quick look at who could do what. Bear in mind that much of this process happens in parallel, making it fairly dynamic.

IT should be making decisions about configurations and features. Consider this list of questions:

  • What operating system is standard – Android Honeycomb, Apple iOS, HP’s Palm OS or RIM? (They are all found on pads for sale or are coming out very soon.)
  • What brand or brands are acceptable?
  • What apps are acceptable?
  • Who is authorized to install apps?
  • What device configuration is standard?
  • What kind of connectivity is standard – WiFi only or WiFi and cell?
  • Are the devices locked down or open devices?
  • How are the devices tracked to an owner?
  • How is the approved device and configuration to be supported?
  • If data is stored on the device, how is it going to be backed up?

Missing from this list is determining who or what occupations will use these devices in the most profitable way for the organization. HR can take the lead on that determination. In most organizations, HR is the official keeper of the job descriptions, roles and responsibilities. Matching the agreed upon pad capabilities with a job (as opposed to an individual) makes the policy easier to implement and gives it longevity. As I noted in my article, “Surviving the Arrival of Pad-Computing” (ITAK Vol 6 Issue 1), it is likely that not every employee will benefit from a pad. (Yes, they all want one, but that holds true for a corner office and a company car as well.) To be truly effective, and maximize the ROI derived from the devices, a pad (or mobile device) policy needs to put the pads in the hands of the people who can best use them. Inserting the approved-user profile will eliminate excessive purchases, optimize the budget and make it easier to process requests. (One hint from past experience – to make your life easy, put all senior executive positions on the list.)

At this point, it’s not too early to involve some potential end users. Select people from the areas identified by HR and ask them what they would do with a corporate-supplied pad and what kinds of apps would be most beneficial. Angry Birds is a poor answer. Ask leading questions, ascertaining that the pad would indeed replace the laptop or netbook currently in use. Then do some homework as to what apps are out there that are available for use in an enterprise. Not surprisingly, some consumer-oriented apps have different pricing and license terms when used by a corporation.

With the configurations and features defined and presented to the team, purchasing can determine the “what kind”, “how many” and “what cost” parts of the equation. They can decide whether to work with existing vendors or issue a request for quotation (RFQ) from new ones. The pricing and license terms for identified and approved apps need to be reviewed by both Purchasing and Legal. The key component of this phase is to establish the official pad configuration that the corporation supports and purchases and start to create a budget for the devices.

Just about everyone reading this article is somewhat familiar with the need to adhere to end-user licenses, avoid using unlicensed software on corporate owned devices and the need to have some recourse to deal with the unauthorized use of corporate assets. App management is the same as any software. Legal can help here. Get an opinion on the end-user license agreements for the proposed apps. Ask the legal team member to include clear guidelines as to what, and even if, corporate data can be stored on the pads, what apps are allowed on corporate-owned devices and what constitutes authorized uses of the device. Use of personally owned devices should be covered, if not prohibited. Reporting lost pads, retrieving pads from separated employees (hint – get it back before issuing any final checks) and audits of the devices are points that need to be covered. Consider codifying the terms of the policy in a document that is signed by the end user when the pad is issued. Having Legal review, or preferably write, these aspects of the policy will insure that it is complete, covers any potential loopholes and is enforceable.

Once the devices are out the door, somebody needs to track them. With few ITAM solutions inventorying pads at this writing, consider entering the supplier, model, serial number, configuration, apps, end user etc. in your CMDB as part of the operational policy. Include the password if you decide to lock down the devices after the apps are loaded.

After your policy is formulated, write it down in clear language and send it to the team for final comment. Then, be sure that the executives in each group read it. Nobody at that level likes surprises.

Informing the Troops

After the policy is blessed, make sure everyone understands it. Send emails to all staff outlining the policy, with the actual policy included as an attachment. Post it on your internal website and be prepared for questions and complaints. You will probably uncover some points that need to be added to the policy that you did not anticipate, but hold firm on the content to the greatest extent possible. Accepting too many exceptions weakens the policy and makes it more difficult to enforce.

Too Much Work?

If this process seems like a lot of work, it pales in comparison to the potential problems that can arise in the absence of a policy. Without clear guidelines, the corporation opens itself to excessive costs in the way of buying too many pads and apps, poor support and backup which will lead to frustrated users and lost data, software license reconciliation problems and a blurred line as to what the device can be used for. Save yourself real problems down the road and take the time to develop a policy before beginning your journey to pad-computing land. It will make the trip so much more enjoyable.


To read more on this subject go to the xAssets Resources Webpage at http://www.xassets.com/resourceswhitepapers.aspx

Or go to the individual articles listed below: