<<
As mobile devices become widely used as micro-computers, the way enterprise employees and IT teams work is undergoing a transformation. With more and more employees bringing their own devices (BYOD) to work, the difficulty of IT work is gradually increasing—mobile device management, already no easy task, has become even more complex. In this context, some have begun to question whether standard frameworks for IT service delivery are suitable for a BYOD environment. Sharon Taylor, Chief Architect of the IT Infrastructure Library (ITIL) and President of Aspect Group Inc. (an IT service management consulting and training firm based in Ottawa), believes that ITIL’s role in BYOD is absolutely positive.
Is ITIL applicable to mobile device management and BYOD? Some think the ITIL framework is a mismatch for mobile platforms.
Taylor: ITIL, in its own right, is a set of management practices for all IT services, not just specific platforms. ITIL is effective for cloud computing, mobile computing, and any other area of IT. Personally, I think some people hold this view mainly because they haven’t grasped the essence of what ITIL really is.
Mobile computing has gradually emerged against the backdrop of cloud computing, driven in part by the demand for device-agnostic service delivery. From an IT service management perspective, mobile computing presents us with new challenges.
BYOD, in turn, adds new dimensions to typical mobile platform management. Managing a mobile fleet of corporate-issued devices is not difficult; it is simply related to service management, and ITIL already covers this area.
BYOD introduces new complexities to some best practices, such as compliance, cost reduction, security enhancement, and risk mitigation. If employees are allowed to bring their own devices, we must shift our service management mindset. Nonetheless, the specific methods and processes remain universal.
Do BYOD policies conflict with ITIL and ITSM principles?
Taylor: First and foremost, BYOD forces us to think differently about certain aspects of best practices.
Let me give a few specific examples. Some issues arising from BYOD are more about enterprise management than service management. Take identity, for instance: if identity is critically important to a company, BYOD can cause significant trouble. If employees bring their own devices, they are highly likely to use personal phone numbers, which is entirely different from using a corporate-issued device. Consequently, the enterprise has to consider how to address this. Of course, it’s not an unsolvable problem through technical means, but it does bring increased costs and work complexity.
Similarly, BYOD raises new questions when employees leave or change roles—for example, how should access rights to corporate data and networks from their personal devices be handled? From a security management perspective, this is a very serious problem.
Moreover, from an IT support standpoint, there is a risk of rapidly escalating costs regarding compatibility. If a service needs to support access from multiple devices, and some of those are employee-owned devices, who can know exactly what is running on that device? If you decide to bring such devices into the support scope as work tools, from an IT service perspective you might also be compelled to support them—and thus the problem becomes extremely complex. In short, issues like corporate information security will all emerge with the arrival of BYOD. That said, these problems are not without solutions.
As for how to tackle such challenges from an ITIL perspective, perhaps the first step is to strengthen access management (one of the ITIL processes). For example, using VPNs or setting corporate policies to regulate what can be stored on personal devices. As you can see, ITIL can fully handle these new issues through its existing body of content. What we might need to do is establish new ways of thinking, or focus on resource integration and transformation during the execution of best practices.
Given the rapid technological development in mobile computing and BYOD (such as the surge in device types and numbers, and the speed of software updates on them), what is your view? Can the service desk keep up with this pace of change?
Taylor: Technology is indeed advancing at a rapid pace, but ITIL has never slowed down its own evolution; it’s just that people need to shift their thinking. However, if a service desk model is used, a great deal of training is required to enable various devices to access the company’s infrastructure—leading to a rapid rise in related costs. Therefore, a viable approach is to establish relevant standards (covering both devices and infrastructure) and stipulate the frequency of changes.
A reality check is that mobile devices didn’t just appear in recent years; think of the PDAs long ago (some couldn’t even fit in a coat pocket). So, you have two choices: either use policies to regulate the use of such devices, or allow them to become one of the employees’ work tools. However, you must recognize that the latter choice carries inherent risks and costs, and you need to make a business decision.
Thus, the matter ultimately returns to business strategy. Is it necessary to keep pace with changes from a service desk perspective? Should you pass costs onto users, as some companies are already doing—if you want to use an iPhone 4 for work and receive service support, then you must bear part of the cost. This business cost model is becoming increasingly popular. In fact, this approach has long existed in ITIL, which is about making users aware of the cost of service delivery.
Especially in ITIL v3?
Taylor: Right. Since the early 1980s, we have tried to control user behavior through demand pattern management. For example, suppose you have a sales department whose staff have various different devices, and they all want to use these devices at work due to the convenience of cloud computing. From an asset management perspective, you might be happy: “Oh, we can spend less money on issuing mobile devices.” But the increased cost in service support may well offset the savings in device procurement. Therefore, as a business entity, IT should state: “No problem, we can support BYOD, but doing so will incur additional costs. Here are the options: If you agree to limit the types and number of devices, we can build the applications you need on them to support access to the infrastructure. Alternatively, if you agree to limit the applications accessed, we can also build you a different platform.” As you can see, we have various ways to solve such problems, and the corresponding content has existed in ITIL for nearly 20 years.
Recently, there’s a view that the days of IT controlling all technology may be gone forever. In your conversations with CIOs, have you sensed a cultural shift in enterprises, such as in IT-business alignment and cooperation, or IT service delivery?
Taylor: I do believe a shift is taking place, but it has nothing to do with mobility. The factor driving this transformation is the pursuit of maximizing business revenue. As IT, you certainly can control everything, including technology; you can achieve 100% control over the environment through various means. However, the consequence of doing so is stifling innovation and productivity. I think CIOs, CEOs, and COOs are gradually starting to define their approach based on the actual situation—for instance, tightening control further in highly regulated environments, while relaxing control a bit in other areas to stimulate innovation. Innovation can come from the realm of technology (such as BYOD), but to some extent, it’s more about a flash of inspiration. So, let’s shift our focus away from technology and toward business innovation. All these changes are a byproduct of our new thinking; stop limiting your view to IT’s protection of the environment, and think more about how to use innovation to bring revenue to the enterprise.
【Editor’s Picks】