Welcome to part two of this post the first part of Building your consumerisation of IT Strategy can be found here

Productivity

Consumerisation and productivity go hand in hand, but it might not be top of mind when you first think about consumerisation. Being productive in some way, however, is the main driver for consumerisation in the mind of the user. Sure, they might also be thinking about using a device that makes them look good, but most people are really motivated by doing something well (I’d like to think), and if having a shiny device in front of a customer when making a sale helps the sale, well…

When we think about productivity, though, we almost always think about software, and having good software that people know how to use and want to use is essential. People need to have software that lets them achieve the same results at work as at home, so the idea of productivity changes a little. First and foremost productivity software does need to do the things that it’s always done: write documents, understand data, create presentations, organise information, collaborate. Modern productivity software needs to go far beyond that remit, though, because people simply expect to be able to do more with what they have. They might not use everything all the time but they do expect to be able to do it when they need to.

Take the example of creating a presentation. When you’re in that particular flow of organising information into a digestible form, people find it useful to be able to embed and edit video, to crop, alter and colour pictures and to be able to insert eye-popping charts. It would be a far more interesting world if everyone used all the tools open to them but it’s better that they’re there than for users to have to go grab £60 of video editing software or £200 of photo editing software. Having really strong basic productivity tools that do more than just the very basics makes good business sense, so it should still be a cornerstone of your strategy.

Seamless collaboration is something that’s become essential, yet few people even realise that it’s part of consumerisation. People collaborate around slightly different things in a consumer setting; not so much around documents but more around pictures and video. Being able to quickly and simply share a photo on Facebook is so ubiquitous that people do it now without even thinking about it, and they also expect people to be able to comment on those items immediately. This simple act of sharing is the first step to collaboration. How much more useful is this in a business setting when what’s shared is a tender document and colleagues working on it together can simply comment or make updates?

Collaboration as a part of consumerisation makes the tools for collaborating more natural for the end user. That could be a SharePoint site where people can upload, comment on or edit the document online, or it could be using Lync to have a real-time conversation about a document. Better yet, it could be having an online meeting using Lync, where one colleague presents the slides and can go back a slide or two when someone gets lost. Your strategy for productivity within a consumerisation strategy should be to naturalise workflows.

In my mind, Office 2010 is the starting point. Again, most people have Office at home, many people use some kind of sharing site and many use video conferencing or internet voice calling, like Skype, on a regular basis. In a business environment you need similar functionality but with some central control.

Application development

This area should be a no-brainer for everyone. Does it cost more to produce one version of an application or two? Wherever you can it’s wise to build your strategy around minimising the number of bespoke applications you need, but you should also try to minimise the need to build applications for different devices. Sure, it might be popular to have an iPad version of your internal sales tool, but at what cost? The reality is that with the proliferation of all these different types of devices it might seem like you need to invest money in having a custom application developed. There are, however, lots of other options.

One such option is to develop a web app. Most devices are capable of viewing web pages, so it’s perfectly possibly to do, even if it’s not all that popular. There are times, though, when a web app becomes the right move. I suspect we’ll see much more being made of the “touch-friendly web” or some such naming over the coming years as we see all devices, including PCs, becoming better at touch. A touch-friendly website is a good move in many ways, not least because the tendency is for touch-friendly to equate to user-friendly. The National Rail website is a great example.

Websites should work the same on a touch device as with a keyboard and mouse, and so should applications. If you’re currently running a project to develop any application ask yourself and your development/UX (User Experience) team if the website works well with touch. If it’s an internal-facing application ask the question until you get the right answer – in my experience they tend to hang around for about five to seven years between major iterations.

This is more than a question about UX. It’s a question about the OS you are targeting. If you build an application for Windows, you know it will work on Windows regardless of it being a on touch-friendly device like the current crop of great devices from Asus, Acer, Fujitsu and Novatech (to name just four). Someone will probably comment to say that’s not the case with Windows Phone, but I’ll pre-empt that by saying again that there’s more to device targeting and it goes deeper into the realm of code reuse. Someone else will probably comment to say that there have been countless application compatibility issues with Windows over the years, and there have, but there have always been numerous ways to mitigate the problems. The miriad ways to mitigate IE6 compatibility issues is a testament to that.

So how should one think about application development within a consumerisation sense? For me it’s simple: do as little development as you need to help your users. By that I mean it would seem wasteful to build different applications for each target device. Always look for at least one parallel of synergy: same language, same framework, same delivery vehicle.

Your delivery vehicle is another interesting consideration. It’s worth remembering that self-service application deployment (aka an application market place) is a normal thing now – everyone is used to using them on mobile devices. I’ve already written about the importance of self service in consumerisation, though.

Summary

So when thinking about building a consumerisation strategy you’ll want to consider:

• Devices: Think about what “support” means, about changing how you buy devices
• Security and management: Think about data, provide access to it whilst considering the circumstances
• Productivity: Think about making the workflow as natural for the end user as possible, pre-empt as many of their actions as possible
• Application Development: Think about finding commonality between the devices you target so you need to do less development

The consumerisation of IT trend is hurtling towards most IT shops and it’s clear from those I talk to that they’re just trying to deal with things as they happen. The MD wants to attach his cool new device but what does that mean for IT – are they expected to support it? What’s the cost of doing that? What else needs to change? It’s clear to me we need a more strategic approach to consumerisation that allows for flexibility and helps reduce costs whilst still permitting the choice that end users now demand. 

It’s something Microsoft has been thinking about and you’ll start to see us talking about consumerisation in terms of devices, security and management, productivity and application development. A clear understanding of an evolving trend is always going to be difficult to build, but it’s good to see that we’ve thought about a way to frame our thinking. Whilst it clearly needs deep thought, it’s a good place to start from.

Devices

At the forefront of the trend is probably the fact that new devices are coming into organisations at an uncontrollable rate. More tech-savvy consumers are bringing their kit into the office excited by the potential that those devices hold. People expect access to their email at any time and many even expect to converse with their friends or organise their social lives when they’re in the office. They will find whatever way they can to use their devices, and sometimes that will comply with IT policy, but often it won’t.

We’ll tackle the management of those devices in a few paragraphs. First, let’s just have a little look at the potential advantages that using those devices will bring to your business. Strategically you should consider allowing a couple of options over device choice for your users. The first is to allow them to Bring Your Own Computer, or BOYC. BYOC has a number of advantages for you as an organisation, not least of which is that you don’t need to own the asset or have it on your books and depreciate it over time. You could consider a couple of ways of doing this; one might be to give your employees a “technology allowance” that works in a similar way to a car allowance. Obviously there are tax implications for doing this for your employees, but it would move the cost to Opex from Capex.

That wider choice will also help make your employees feel more valuable and more trusted because you’ll be giving them the chance to make their own decisions. You can still centralise purchasing control and exercise some guidance around devices by bringing in a computer leasing company, just like with a car scheme. Just be aware that, unlike cars, computers are actually quite cheap and this could backfire on you if people choose not to lease from your list. It may just be better to allow your employees to buy whatever they like off the shelf.

The other option for device acquisition is to spruce up your list of approved devices. Select kit that appeals to your user base but that is still worthy of your support and the time required for your IT team to support it.

You should also think about the types of devices you’ll support. You also need to be really crisp and clear about what “support” means to your end users. This is where clear communication comes in and it leads to the idea of having a communications team or (better still) a marketer whose job it is to communicate IT services updates to your organisation. If you’re wondering why I’ve suggested a marketer it’s because marketers understand the environment into which they are selling (and your IT department is now selling itself). You may find that you need to redefine the term “support” within your organisation, changing user expectations dramatically.

Not sure what I mean by redefining support? Well, with consumerisation you need to focus on providing flexibility, and that will probably mean evolving your support functions into connection functions, ensuring that any device can be connected in a safe and secure way that meets business requirements. Realistically, you want to be looking at a way to support the people for whom you need to be most flexible (you know the ones – usually they have a C at the start of their job title!) in a way that seems similar to everyone else – it’s far easier to play to the highest common denominator in this case.

We’re starting to get into some familiar ground here around security and management, but before we do and whilst we’re on support, it’s important to note that you probably need to do some heavy lifting using self-service to reduce the load for simple fixes. General things like “how do I do this formula in Excel” are best handled by a Bing search or something similar internally. You can find out more in this post about why self service is so important to consumerisation and cloud.

Device selection is an obvious area for concern. It would be helpful if you could guide your employees to use the right kind of kit, because if they’re buying their own devices you need to make sure they will still be securable and manageable. Think, for example, about how you remote wipe a device. It’s really easy when you have a device with a 3G connection, but how do you remote wipe a device that only has WiFi if it gets stolen? Food for thought.

Security and management

When you think about management and security you probably first think of managing and securing Windows PCs. Given that you’re reading this on a Microsoft blog you might be thinking I’d be extolling the virtues of that. I am, but it’s about far more than that. Your management software and security strategy needs to be able to manage your users’ Windows devices, but it must also be able to manage and secure other devices. If your CEO wants to use his iPad you need to be able to secure it, and critically you need to be able to remote wipe it if it goes wrong and he’s syncing his corporate email. Tricky if it only does WiFi. So what do you do in that case? Well, firstly you only allow the devices that you trust to access some parts of your IT. For example, it’s fine to trust people to access their email on a mobile device, but to ensure security and to reduce operational risk you probably want to ensure your users have access to (and know how to use) rights managed email. With that technology you can ensure that sensitive emails are only accessible to the intended recipient and also that they can only access that specific, sensitive email on a secure device, or possibly just through a HTTPS secured web page.

You can probably see now that security and management in a consumerised IT shop needs to take a data-security led approach, but one that differs to most you might have come across before. Traditional data security has a (user perceived) focus on preventing access by working against a lowest common denominator model of ‘block access to people who shouldn’t have access’. It’s been a good approach for the greater part but has led to disenfranchisement of the user base in many organisations. Far better to promote a security model based on circumstance.

The HR Director has access to all personnel records, for example, except if she’s accessing the HR system from a PC that’s facing the window. If you don’t think this is possible then you should have a look at some of the solutions for Remote Desktop from Quest. Perhaps the HR Director also shouldn’t be able to have access to the HR system, which is web based, from a slate device or even from a PC that doesn’t have up-to-date anti-malware. Again, perfectly possible scenarios using solutions like the Forefront family. The big thing to do then is understand the data in your organisation and grant access based on circumstance and identity. Deep understanding of data is something you need for the cloud, too, so it’s a good project to kick off.

Flexibility in security and management solutions is also required, because in order to deal with security based on circumstance you need to be thinking about a devices lifecycle. When you think about lifecycle you start to realise that a device tends to go through stages – things like power on, load OS, pre-logon, sleep, hibernate, wake from sleep, power down, internet connected, no internet connected, LAN connected, WAN connected, VPN connected…the list goes on. Here you soon start to notice you need security solutions that start and stop as early as possible and remain constantly pervasive.

This is where solutions such as DirectAccess (a remote network solution enabled by Windows 7 and Windows 2008 R2 and enhanced by ForeFront) come in. DirectAccess starts early on in the lifecycle of a Windows 7 device and creates a tunnel back into your corporate network that effectively brings the devices onto your LAN and into your management sphere. This means it’s possible to quickly deliver patches, do remote control and manage every aspect of the device. Windows Intune provides a similar solution in a different way. Rather than forming a tunnel into the corporate network, the management agent simply talks to the cloud. That immediately means that patches, antivirus and policies can be deployed, and soon you’ll be able to deploy your own software over the Internet, too – a feature already in the beta.

Questioning the idea of “secure” also needs to be a prime concern when dealing with consumerisation. Do you trust your LAN? Unfortunately the answer should probably be no. You’ve probably had to deal with a virus outbreak already in your life, possibly more than one, and they typically happen because a device on your network doesn’t have enough security to prevent infection. That infection will spread and eventually take hold, leading to lost weekends and overtime. Technology like Network Access Protection (NAP) allows you examine devices connecting to your network and if they don’t match your standards they don’t receive an address, or are placed into a “remediation” network. A remediation network can provide access to services like Windows Update for patching but perhaps doesn’t allow access to your internal HR or email systems. In a consumerised IT shop, though, it could be a good idea to treat your remediation network as the Internet – give people access to everything if at all possible.

Summary

• Devices: Think about what “support” means, about changing how you buy devices
• Security and management: Think about data, provide access to it whilst considering the circumstances

In part 2 we’ll take a look at some of the thoughts you need to keep in mind around productivity and application development.  For now though knowing that a modern desktop and management are key parts of the puzzle I’d suggest deepening your thoughts about getting off XP and onto Windows 7 and implementing management with System Center.  The Springboard resources that we have available are a good place to start investigating Windows 7 deployment.

Consumerisation is an amazing trend; the idea that anyone can make choices about the way they work and the tools they use to get their job done. From an IT point of view it can, at first, look like a scary proposition. All those people bringing in different bits of kit and making you look after them, manage them and connect them to your network. Of course, consumerisation is about far more than just devices – it’s actually about new ways of working, not about specific bits of technology. It’s about what the technology enables.

One of the more interesting aspects of the consumerisation trend is that people are more willing to do more for themselves – providing the tools are right. Not convinced? Just have a quick think about the types of things you used to do that required someone else’s input in the past:

• Grocery shopping – once you visited a shop where the shop keeper served you, then came supermarkets, now online shopping is commonplace
• Car insurance – once you visited a broker, then you called them, then you did it online, now you use a comparison site
• Banking – once branch-based, now online banking is considered a norm and mobile banking is becoming a norm

Whilst these are all examples of consumerisation (consumerisation being about convenience at its root) they aren’t really examples of the consumerisation of the services we provide as IT professionals. Sure, they have a technology element, but they don’t directly relate to the enterprise. Does the model that we see evolving above have a place, though? I think it does; I think there is a key to enabling consumerisation in those three examples. Self-service is one of the keys to the consumerisation of IT.

Self-service is nothing new; we’ve had it for decades. We’ve been attempting to create self-service portals for one thing or another for years and I see this as a positive. Self-service is such a key lever that we have been pushing for it for so long purely because we know it’s the right thing to do. Applying it to IT systems, though, has often been done for the wrong reasons, in my opinion. Every self-service project I’ve ever been involved in that the users hated was done with the wrong primary driver. Cost saving is not the primary driver of good self-service.

Again, if we take the above three examples we can reach the same conclusion about why have they evolved as we know them today:

• Grocery shopping – internet shopping – it’s convenient for the consumer
• Car insurance – price comparison sites – it’s convenient for the consumer
• Banking – online / mobile banking – it’s convenient for the consumer

Consumer convenience is the real driver. Cost reduction is a nice to have, but what does it mean to the consumerisation of IT? Here are my thoughts about where to bring a consumer-centric self-service model into play, why such models work and how they can help you save money.

Application market places

These days you don’t have to look far for an example of market places that have been a runaway success – application market places being an obvious one. That runaway success is an indicator that your users will be able to get their heads around the idea of a self-service market place to install their applications. Products like System Center can help you build an application catalogue that your end users can deploy for themselves. If you aren’t already doing enterprise application deployment (and most large enterprises are – I was employed to do this 11 years ago on SMS 1.2), then you must be under significant pressure for human-based installs. If you’re doing enterprise app deployment but there’s no self-service aspect, you have to ask yourself why you’ve not made that step.

If you think about what the end user wants when they ask for an application, they really just want to do a specific job. They need Visio to make a diagram, they don’t have Visio, they ask how to get Visio, they find the form, fill it out, wait, get told it’s not right, rework it, submit it, wait, then someone pushes out the package and then….well, by that time they don’t need Visio. It would be far more user-centric to have allowed them to self-select the product and install. Licensing just reared its head there and some will say that licensing gets in the way of this model – I agree it’s a challenge, but you need to work that out for your business – if someone needs Visio to do their job, they need it (or a similar tool to which you can guide them).

The advantage of an application market place is that it gives you the opportunity to demonstrate guidance to your users around the decisions they make.

Self-help

This, for me, is the biggest no-brainer self-service system to support consumerisation. Where do you go to get help with a technical problem? You go to your favourite search engine (Bing, obviously) and search for it. Where do your users go when they need help? Do they call you, or do they Bing it first? If they’re calling you it’s probably because you’ve got a restrictive IT regime in place and they think it’s the only route. If they call you when they can’t find the information they need, how can you help them better?

Enterprise search in the form of SharePoint FAST is a pretty darn powerful tool, and it can, with almost no configuration, search within the content of all the documents you pop on your SharePoint. Why not just upload your technical library of word documents created by your IT team and let your end users search them? Granted there could be some dark secrets in there, like administrator passwords and secrets (e.g. you can still launch a command prompt from a help file, but your end users can probably find the latter from the internet anyway). If something needs to remain secret then apply appropriate content control.

You’ll find that all the good public cloud based services have great self-help built in, Office 365 being no exception.

Remember what the point of a good self-help system is; it’s to allow people to consume conveniently. You don’t need to start out with heavy taxonomy. Begin with a simple search and allow people to tag and organise the content themselves to reduce management burden – just manage the content, not the content discovery. This will save you money running your helpdesk and make your end users more efficient. If you don’t believe me, do a simple trial.

Self-service infrastructure

This is the biggie with private cloud: it needs to be self-service/no-service to make it a private cloud. Private clouds are about providing resources to end users who can do things with them that give the business an advantage in some way. What everyone is looking for in a private cloud is the ability to have as much of the operating model of the public cloud as possible. Let’s give people what they want – if they need a new VDI session for a new starter, give them a simple portal through which to request the desktop and have it auto provision in the back end. If they need a new SharePoint team site, let them provision it themselves – they know what they need, so ask what value you’re adding and step out of the equation.

Don’t forget that sometimes no-service infrastructure is better than self-service. If it’s the end of the month and the pay run is on, allow the payroll system to auto scale up – a simple example of no-service, or rather no- human-interaction-required-service. Of course no-service can be helpful in other places: the VDI session we created above can be de-provisioned after 30 days automatically to prevent VM sprawl and to save cost.

When dealing with self-service infrastructure on behalf of a person (or department or team), don’t forget to make it chargeable. Making things chargeable helps keeps a keen eye on preventing sprawl, and doing so up front, when the user is making a decision, triggers extra decision making to ensure they do the right thing.

Self-service BI

The information you have within your business is a key asset (I actually rank it only next to people in that respect), so being able to make the most of that information is one of the most important things any business has in its arsenal. It’s no secret that data is getting bigger either, over time there’s more of it, so being able to store it is expensive. As a result, from a purely financial point of view, being able to make best use of it is critical.

Allow your people to be agile with the way they use data; let them break it down in interesting ways by giving them the tools for self-service BI. It’s actually quite simple to do, be it giving them Excel 2010 (which can process about 1m rows of data!), democratising data using SQL Server 2008R2, giving them cool tools like PowerPivot or even giving them a simple coding environment like LightSwitch. People will be able to do better things with data than even you can think of.

Of course you need to remain responsible, giving users appropriate access and protecting that incredible corporate asset.

Summary

Hopefully you can see that providing people with the tools to do things themselves need not be scary. Rather it’s a natural evolution of the way we’ve done things for years. It’s also something that your end users will not only be able to accept, but will actively want to adopt. The role of the IT professional is pretty clear – be a guide not a gatekeeper, provide appropriate access to the tools of work.