Highly functional personal devices are increasingly being adopted as technology tools in enterprise IT environments. This represents yet another challenge for CIOs and senior IT managers trying to use standards and frameworks-based IT service management (ITSM) processes for better governance and business benefits.
There are many ITSM implications to be considered if you allow employees to undertake some critical work tasks on the devices of their choice.
More than just being sold on the potential efficiency, mobility and cost saving benefits of embracing the bring-your-own-device (BYOD) phenomenon as part of your IT service delivery, CIOs also have to concern themselves with new risk management issues relating to data control and security.
In addition to risk, there are also implications from BYOD adoption to core ITSM processes such as incident, problem, change and service level agreement management – to name a few – which must be considered.
In many cases, these are operational controls that IT organisations have invested heavily in over the last five years in search of cost savings, operational efficiencies and performance improvement.
Irrespective of whether you are managing IT operations in-house or utilising a third party services provider, BYOD has the potential to sully some of the processes that you currently have in place.
However, this does not necessarily mean that it is something that should be feared. Good process can accommodate BYOD. There are ways and means to mitigate the risks with the potential benefits being many and varied if managed astutely.
IT service provider Dimension Data recently embraced the BYOD concept within its internal operations.
Ian Jansen, CIO at Dimension Data said that when its internal BYOD journey began, it soon became apparent new ITSM policies and processes had to be created for effective service management as it was something quite foreign to traditional IT.
“The method which controlled our environment no longer sufficed; yet the fundamental need to secure, manage, support and service was still there,” Jansen said. “Generally, people think of BYOD in terms of devices but in reality BYOD is also a change to applications, processes and the overall experience that employees have.
“It changes the way we deploy infrastructure and services and ultimately how we manage and operate IT. Having a best practice framework like ITIL to manage the BYOD challenge is incredibly useful.”
Ian Jansen, CIO at Dimension Data
Jansen insists internal ITSM practices are applicable “more than ever” where an organisation allows BYOD but he does not see it as a threat to the application of traditional ITSM best practice.
“In order for BYOD to work, you need to have extremely well implemented policies and processes,” he said. “Without them you can’t provide the level of service required to make it successful.
“For instance, service level agreements need to be very clear on what we support on a person’s own device and what we don’t. Another good example is capacity planning where we take into account the new infrastructure needed to manage personal devices.
“In the end BYOD will probably force a better ITSM practice.”
Impacts across the ITIL lifecycle
The rise of BYOD has implications for organisations that have invested in process-based ITSM programs.
Karen Ferris, director of ITSM consulting company, Macanta and a board member for independent industry association, itSMF Australia, said that BYOD has an impact in many ways on ITSM processes and operations. This is because the current iteration of best practice ITSM frameworks (ITIL v3) defines a lifecycle approach to the delivery of services.
Every step defined in the ITL lifecycle framework – including service strategy, service design, service transition and service operation – needs readdressing with BYOD in play, Ferris said.
“For instance, service strategy needs to consider the adoption of BYOD in the organisation,” she said. “It may not be appropriate to every organisation and it may not be appropriate to every employee within the organisation but careful consideration needs to be given to the ramifications of a BYOD strategy including security, legal, financial, HR and the need to maintain productivity and meet service level agreements.
“Meanwhile, the service portfolio approach of ‘define, analyse, approve and charter’ needs to be applied to BYOD as it does to any other service under consideration as a potential service offered by the organisation. The implications for service desk and support also have to be considered. Each of the ITSM processes has to be adopted and adapted to manage the implications of BYOD.”
Ferris offered, as an example, that “BYOD as a service” would need to be included as part of the service catalogue while there will be changes to a range of other processes to reflect the changing environment.
“It will have associated service levels managed via Service Level Management,” Ferris said. “Change management will be key in ensuring that changes do not compromise the security around BYOD and therefore increase risk.
“Service asset and configuration management can be used to record details of employees who have signed up for BYOD and the associated policy. Supplier management may have to manage additional suppliers if third party support for BYOD devices is put in place.
“Meanwhile, security management will be key while there will also need to be clear communication about what service is provided by the service desk and support teams for BYOD through incident management and request fulfilment. There is no right or wrong answer but the ITSM practices will need to be adapted to manage the situation.”
Staff and IT have different views
It is hard to determine how much impact BYOD has on existing ITSM processes and help desk support but there is some research that suggests it is not as much as you might expect.
Lee Ward, vice president and general manager, IT outsourcing, for Unisys Asia Pacific said that while the adoption of personal devices represents “an unstoppable trend” this doesn’t mean it is unmanageable.
She cited “2012 Unisys Consumerisation of IT” research – completed by Forrester – which showed that IT support for company-owned smart phones and tablets in Australian organisations has nearly doubled from the previous year. Interestingly, it also showed that support for BYO devices has decreased significantly compared to 2011.
“Perhaps this is because there are some fundamental differences between how employees and the IT department view IT support requirements for BYO devices,” Ward said of the Forrester research.
“The study found 52 per cent of Australian IT and business decision-makers believe that employees who encounter trouble with their personally-owned devices are most likely to contact the IT department.
“However, the same report showed that 60 per cent of Australian employees say they are most likely to troubleshoot the problem themselves. A further 14 per cent say they will ask a friend. BYO devices won’t necessarily create the strain that IT departments fear.”