Lessons from managing 12,500 iPads

SAP was an early advocate for and adopter of the iPad. Its CIO shares what he's learned

Page 2 of 2

The iPad is reinventing user expectations of IT
Bussmann senses that user expectations for quality experience -- as well as the nature of that quality -- are fast changing. That's a big challenge for developers, especially IT developers who've not been historically charged with worrying about user experience. That challenge is compounded by the simultaneous migration to faster development methods like agile programming. SAP's own customer tracking surveys show that user experience is increasingly an important concern among enterprise buyers and users, therefore requiring significant investment to satisfy both internally and its its commercial development. However, Bussmann was not overly concerned about an insurmountable user-experience skills gap, given attention to such issues in colleges and in the overall mobile application developer market.

Bussmann is a big fan of design thinking, as he says the mobile experience is different even for things that can be done on a PC. He notes that people seem to grok and explore data more on an iPad than a PC, even when it's the same Web service underlying it. He notes that PCs tend to be used for deep exploration, while a tablet is used for snapshot trend analysis. He compares email usage on a PC to email usage on a BlackBerry, the latter being quicker and more of the moment. If mobile apps were designed explicitly for the different mentality used on a tablet, Bussmann believes that the benefits of using iPads and other tablets would be even stronger.

I routinely hear fears from IT pros as to the support burden of iPads and other mobile devices. As I've written, that support burden need not be onerous. But I was struck by a comment Bussmann made as to the kinds of issues his support staff deals with when it comes to mobile applications: the public networks. Users have gotten accustomed to nearly seamless interaction on corporate and home networks when using apps and websites, so when they're out and about and using a 3G network or public Wi-Fi hotspot, they get confused when responsiveness slows. They think the app is not working, when in fact it's simply latency introduced by the network connection.

IT can't fix this issue, but it can help users understand that mobile usage sometimes requires patience due to the realities of public networks. And, Bussmann notes, in-house developers have to plan for such latency in their apps, both in the processing and in the UI, such as to help users understand the app is waiting, too.

Assuming, while verifying, trust
When mobile device management tools became available, SAP adopted one, for more formal management. But it has not adopted technologies such as data loss prevention (DLP) to monitor the flow of information to and from these devices. Bussmann believes the better approach is a form of digital rights management (DRM), where the security is intrinsic to the information itself. DLP and other perimeter approaches all require determination on the fly of what is secret, which means there are too many opportunities to calculate incorrectly or too late, much less act. Plus, false positives hinder employees from doing their work.

Today, DRM isn't able to work seamlessly across devices and OSes, but Bussmann expects Windows 8 and later iOS to adopt a form of the technology. He notes that iOS 5 now supports S/MIME, an encrypted email format that is sort of a DRM for email, and he expects PGP support at some point.

The principles SAP takes to managing iPads and other mobile devices is one grounded in trust. SAP doesn't block users from, for example, copying email text -- which some MDM tools can do -- because that would interfere with employee productivity. It would also push employees to find other ways to access the information that could be less secure or monitorable, as well as create a culture that characterizes employees as untrustworthy and even encourage rogue activity as a result.

Instead, Bussmann prefers to use policies to map access to levels of trust, and he can foresee using analytics tools to create finer-grained policies based on the level of trust derived from monitoring employees' actual behavior. Those who act more responsibly get more trust, and thus more access and capability. Because mobile devices are so strongly monitored, Bussmann is confident that SAP can use a behavioral approach to tune permissions and access on an individual level, not just on predefined groups -- essentially, a trust engine.

There are also practical issues to not being invasive in its management techniques, Bussmann notes: European privacy laws give employees the right to opt out at any time unilaterally from having their personal devices and the information on them made accessible to the company, such as to manage the device and its apps. Thus, Bussmann looks for security approaches that focus on the data itself.

Although DRM isn't an option now in the mobile arena, Bussmann uses other techniques to keep data accessible but secure. For example, Web and mobile apps that access internal SAP data typically leave the data on the server, so the mobile device doesn't actually store it. In cases where offline access is needed, SAP takes advantage of iOS's ability to create secure containers for local data that can be wiped remotely or wiped by the app upon activity completion.

This article, "Lessons from managing 12,500 iPads," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies