I’ve been reading some interesting articles on Harvard Business Review about how sometimes we fail to see what is right in front of us. This issue is one of cognitive dissonance where we fail to see the alternative uses of an item due to functional fixedness. Basically we become blind to the alternative uses of an item because we tend to fixate on object’s typical use, not the object itself and what else it can do. The same problem has been occurring in IT with relation to BYOD and new and innovative technologies. Since we are charged with delivering a given service, we fixate on the technology used deliver it and forget that our users don’t care “how” we do it, only that they want the service and that our existing tool sets probably will work for us if we only let them.
To put it in different terms, this is really just the Service Management discussion that was introduced with ITIL in a different form. What we need to do is understand that our users don’t care about Outlook, or Exchange or any of the servers, protocols other back ground issues. They care about getting their e-mails, accessing the ERP, or and printing from where ever they are, with the device in hand. I.e. they care about the service, not the method of delivery.
Looking at this chart describing how to build a service catalogue. Let’s be clear, your users care about what is in RED, the service, nothing else.
The “business” cares about the next 2 levels, and everything below that is the IT department’s view of the world. We need to step out of that view and look at the problem from the users view.
So lets take another look at BOYD in that light. Do your user say they want BYOD, or do they simply want e-mail on their own device? IT does deliver E-mail as a service right? So instead of offering BYOD and all the complexity that comes with it, simply give them the services they are asking for using your existing tools!
In our case, we exposed our Exchange server through the Microsoft provide web-mail interface years ago. Since I’m already exposing my e-mail system with the approval of senior management, what’s to say I can’t expose it to non-traditional PC devices. To do this all I had to do reconfigure the web-mail server and turn on the included ActiveSync features and allow any device to read e-mail. I use our normal e-mail archiving processes to limit how long mail can be in a mailbox (<90 days) to restrict the amount of data that can be exposed with the device. There is still a data leakage risk, but it is identical to my existing BlackBerries and laptops if they go missing, so it is not a new risk. And since ActiveSync includes tools to kill individual device access if one is reported missing, I don’t even need to introduce any 3rd party tools for device management. The only hard part was introducing a code of conduct where users need to have a password on their device to meet our security requirements, but honestly who doesn’t these days. A few FAQ articles on our intranet site and guess what, I meet my compliance targets, I’m as secure as I was with my BlackBerries and I’m now delivering “e-mail as a service”. It really is that easy.
The key here is to realize you are only responsible for exposing an existing API interface in the products you ALREADY HAVE IN PLACE.
Don’t believe me it is that simple, well here is another example.
If you want to give users the ability to run software on their own device, then simply provide remote RDP access to their workstation in the office and get them to use Jump Desktop or basic Windows RDP through the Microsoft Remote Desktop Gateway (RD Gateway). Again, a free service you already own, that ties directly into Active Directory for security you already have in place, and that can run on the same server as your Web-Mail interface. In under a few hours you move from saying NO to delivering Desktop as a Service to all your users, on any platform.
With the above configuration, I manage the user’s internal desktops per normal, and the only thing I need to do is give them RDP access rights to their own machines. Talk about a quick win. My staff now have easy remote access to do their jobs. Sell it as part of your DR/BC plan for an epidemic or weather related event if you need to convince anyone. Trust me on this one. When you say you can deliver desktop as a service for no cost, you will get people turning their heads.
Now want to allow them to use their MAC or IPAD in the office? Well again, it is simple. Go to your AP and configure it with an VLAN and a public SSID. Tie that VLAN to a port on your firewall DMZ and you have now delivered BYOD with zero complexity. Users can use any device they want, the key is it is not on your internal network. The tools you use to deliver it externally work just as well internally.
The key here is understanding that you are charged with “service delivery”. Go back and take a good look at your ITIL service catalogue, layer the existing services, and technologies and you can deliver your BYOD solutions by morning. You can thank me tomorrow.