When RehabCare executives started asking IT for Apple iPads several months ago, CIO Dick Escue didn't miss a beat.
Unlike many of his peers in the healthcare industry, he had no real qualms about security, despite the specter of compliance with the Health Insurance Portability and Accountability Act. Nor did he have misgivings about users loading the devices with personal photos and music, or about the possibility that iPad users would need additional IT support.
While these concerns have other IT shops scrambling, the RehabCare team was ahead of the game. Thanks to a widespread deployment of Apple's iPhone a couple of years earlier, the St. Louis-based provider of acute care services had a formal deployment strategy that it could apply to the iPad and other tablets.
Rather than trying to ban mobile units or deploy them haphazardly, RehabCare's IT group implemented new corporate policies and standardized on mobile management technologies that opened doors for the iPhone, and now the iPad, to be used in the enterprise in a secure, centrally managed fashion.
Based on his prior experience with the iPhone, Escue was well aware that users, not the IT department, are rapidly becoming the driving force behind new technology adoption -- a trend that has come to be known as the consumerization of IT.
"There was a time when work was where you got new technology, but that day is over, thanks to unbounded innovation in the consumer technology world," says Escue, who heads up technology efforts for RehabCare, which has operations nationwide.
Gartner estimates that 69.8 million media tablets will be shipped in 2011, and analysts and forward-thinking tech managers say it's time for IT to do more than simply take note of that surge.
As with the iPhone before it, the iPad is cropping up in all corners of the enterprise, brought in by C-level execs, sales folks and people who purchased the devices for personal use and, now hooked, are hungry to use them on the job.
Regardless of whether staffers use their own tablets or company-issued models, the influx means IT needs a systematic approach for managing, tracking, securing and supporting these devices.
"What the iPhone started to show us -- and the iPad is absolutely making clear -- is that these devices are coming in whether you like it or not," says Leslie Fiering, a Gartner analyst. "That means that IT has its work cut out for it."
Mobile Device Management
In the early days, enterprise-level security for iPhones was nonexistent, but that's not the case anymore. Apple's iOS 4.x operating system for both the iPhone and the iPad supports an array of security features, including encryption, centralized management and remote data wipe.
Dozens of enterprise mobile device management (MDM) tools offer similar capabilities for other smart mobile devices, enabling IT to do everything from setting policies and configuring devices remotely to performing remote wipes of devices that have been lost or stolen and creating "enterprise sandboxes" -- secure virtual areas where personal data can be kept separate from corporate data using tools like passwords and encryption.
IT shops that already have such systems in place for smartphones are well positioned to address security and management concerns from day one of a tablet deployment.
Tablet support strategies
Industry experts and IT managers recommend taking the following steps to support tablets in the workplace:
1. Craft or amend usage policies to enforce security best practices. This includes the use of multilevel passwords and device certificates, and the ability to remotely wipe devices that are lost or stolen.
2. Establish tiered access to network resources to secure critical data and applications.
3. Re-architect application delivery mechanisms. Consider setting up an internal app store.
4. Determine what levels of support IT will provide. Remember that the level of support may vary depending on whether devices are owned by employees or the company.
-- Beth Stackpole
Tellabs, a Naperville, Ill.-based supplier to the telecommunications industry, is leveraging many such capabilities to manage a growing fleet of a couple hundred company-owned iPads. Tellabs' supply chain professionals, sales reps and other employees are using iPads to access email and calendars, as well as enterprise applications that allow them to approve customer shipments.
Employees are required to enter credentials to access applications and information. Tellabs also employs an "always connected" model, where applications work only when a device is connected to the network via the Internet.
"Data doesn't reside on the mobile device for offline access," explains Jean Holley, Tellabs' CIO. "This model prevents loss of corporate data and intellectual property. As the mobile Internet gets smarter and the coverage area continues to grow, we believe there will be minimal need for offline capability in the future."
All iPads and other mobile devices are centrally provisioned with mail, calendar and other enterprise applications and are "known" to Tellabs' MDM platform, Sybase Afaria from SAP.
Tellabs uses Afaria to enforce end-to-end encryption during transmission, help with provisioning, and create a sandbox that keeps work-related applications separate from users' personal apps, which they are allowed to load on their iPads.
Tellabs' mobility strategy will enable the company to accommodate other tablets, and to accept employee-owned smartphones, tablets and other gadgets, as long as they are properly secured.
The company has a global mobile device policy that covers who is eligible to use mobile devices, how expenses related to the devices will be approved, what happens in the event of theft or loss, and who is responsible for tech support. (In general, Tellabs supports devices owned by the company; employee-owned devices are user-supported.)
Bring Your Own iPad? Sure!
Active Interest Media (AIM), a publisher of special-interest magazines and websites, uses MDM software from Good Technology that enables the El Segundo, Calif.-based company to accommodate employee-owned devices, including iPads, other tablets and an array of smartphones.
In addition to letting employees bring their own tablets to work, AIM just purchased 20 iPads that it lends to staffers who are going on business trips, so they don't have to bring their laptops.
Good's enterprise iPad app synchronizes Microsoft Exchange and Lotus Domino email, calendar and contacts and pushes that data out to users, who access it by logging in with a username and password. It also affords IT granular control over things like apps and corporate data access, according to Nelson Saenz, director of IT at AIM.
"Bring-your-own iPads are treated as any other mobile device, just like a phone would be," Saenz says. Users must sign consent forms in which they agree to have the Good app installed on their devices, grant permission for remote wiping of their devices if they're lost or stolen, and confirm that they will abide by AIM's usage policies.
If things change, the Good MDM platform can help enforce policies as they evolve. For instance, Saenz says, "from a security standpoint, we haven't felt the need to put stringent restrictions on apps or iTunes access, but if that should change, it can all be done within the Good console."
Delivering the Apps
As users' requirements move beyond email and calendar access to productivity software and other corporate tools, IT needs to create a strategy for application delivery. Conceptus, a medical device manufacturer, has developed its own enterprise app store to distribute internal apps so it doesn't have to worry about serving up proprietary programs in a public venue, according to Jeff Letasse, Conceptus' CIO.
Currently, the internal app store offers about five applications, including an in-house sales and marketing tool, and Letasse is hoping that number will quickly grow.
The Mountain View, Calif.-based company doesn't support employee-owned devices, but it has purchased more than 250 iPads for its executive staff and field sales reps, who use the devices to access customer relationship management and marketing support applications.
Conceptus has modified its usage policies to allow employees to put personal apps on the devices -- with the understanding that those apps might have to be remotely wiped in certain circumstances and that the devices can't be overloaded with so much content that they become inoperable for corporate use.
Even with IT's involvement, there are still gray areas where end users are in the driver's seat. Take upgrades, for example. Instead of having Letasse's group orchestrate an operating system upgrade over a period of months, as it would with PCs and laptops, Conceptus allows iPad users to upgrade iOS at their leisure without enlisting IT and without giving the group a chance to test the new technology with enterprise systems.
"We in the support world are trying to grapple with a loss of control," says Eric Simmons, director of IT operations and ERP solutions at Conceptus.
While the team is still hammering out its processes, it stays on top of upgrades by using MDM software from Zenprise. When the company recently needed to push out an upgrade for a sales and marketing app, Zenprise fed live data about who had upgraded into a data warehouse, so managers could check to ensure that employees were using the right version.
The IT group is also making a concerted effort to communicate with users more frequently, and it has instituted programs like an "app tip of the week" email newsletter.
Solving Support Issues
While the iPad and other tablets may be relatively easy to use, experienced tech managers say IT should still come up with a formal training program to acquaint users with the utility of new devices and to let them know about any new usage policies and application delivery mechanisms.
Software giant SAP has rolled out 3,500 corporate-issued iPads in its finance, executive management, sales, marketing and service units. At SAP, Web 2.0 technologies like wikis and other new self-service support tools are playing a key role in acclimating users and in easing the help desk's support burden, according to CIO Oliver Bussmann.
"We have a central place where users can go to learn how to use functions, find out what apps are available, [learn] how to use the apps, and to get answers to general questions," he explains. "We needed to beef up first-level support, knowing that there would be a groundswell of devices, and we had to educate users to utilize self-service online."
At RehabCare, CIO Escue isn't overly concerned about the support burden on IT. His group helps users connect their iPads to their home computers and encourages them to make their devices their own for personal use. His thinking: "We suspected they'd take better care of the device if it's got their personal stuff on it."
The strategy seems to be paying off. Internal statistics show that the number of device replacement tickets submitted to the help desk plummeted from 1,800 in 2009 to fewer than 150 in 2010 (including smartphones, laptops and iPads).
RehabCare IT currently supports just under 1,000 iPads, 2,000 iPhones and 9,000 iPod Touches, which it uses as inexpensive wireless devices that allow part-time and freelance workers in the field to access the company's healthcare apps.
For now, Escue is content to stick with the corporate-owned mobile device strategy and Apple gear. Nevertheless, he is mindful of the broader changes under way, and therefore he can't rule out supporting other tablets and platforms in the future.
"While our policy doesn't preclude people from bringing in their own technology, if we truly support [a bring-your-own-device policy], then people might go out and buy other devices," he says. Rather than trying to exert control over users' technology choices, Escue adds, "the smart thing to do is embrace the technologies and leverage the heck out of them."
Stackpole, a frequent Computerworld contributor, has reported on business and technology for more than 20 years.