CIO Attitudes Toward Consumerization of Mobile Devices and Applications
advertisement
Industry Research G00212597 CIO Attitudes Toward Consumerization of Mobile Devices and Applications Published: 25 May 2011 Analyst(s): Nick Jones We surveyed CIOs and senior executives attending Gartner's CIO forums in the U.S. and Europe to gauge their opinions about future mobile device strategies, and the impact of consumerization on the way in which smartphones and tablets are provided and managed. The trends we identify in this research will be of interest to network operators, mobile device manufacturers, and executives responsible for providing and managing mobile devices. Key Findings ■ Mobile device and platform diversity will increase. Most CIOs expect a future of substantial diversity, and many plan to introduce new devices and management models, such as employee-owned IT. ■ When considering new styles of device ownership and management, executives in Western Europe are significantly more cautious than their North American peers. ■ Enthusiasm for new device types, such as the iPad, has run far ahead of security. Only a minority of CIOs are convinced their current mobile security would satisfy an auditor. ■ CIOs do not see tablet devices as replacements for laptops in the short term. Recommendations ■ Consider job roles and needs carefully before deploying tablets to avoid the inappropriate use of devices. Consider tablets for applications that require content consumption and ease of use, rather than complex content creation. ■ Pilot new device management models, such as employee-owned IT, but develop security policies and controls before deploying devices. ■ Pilot technologies such as multiplatform mobile device management (MDM), which can allow employees access to app stores on devices that are used for a mixture of personal and corporate applications, but can maintain control over corporate data. What You Need to Know CIOs in Europe and the U.S. expect substantial increases in device diversity, and are exploring new management and funding models, such as employee-owned devices. However, significant management and security challenges remain unsolved, and European CIOs are more cautious in their approach to consumerization than their U.S. counterparts. Strategic Planning Assumption(s) Through 2016, at least 25% of employees in the U.S. and Western Europe will not be permitted to use their own mobile devices for work because of the sensitivity of data they access. Analysis Gartner surveyed CIOs and senior IT executives attending our U.S. and European CIO forums in March and April 2011. These surveys were conducted during a series of workshops on managing mobile devices and surviving consumerization. Survey Process The U.S. conference attendees were predominantly from North America, while European conference attendees were from Western Europe, with around half of those based in the U.K. We caution readers that this is not a random sample: Respondents were self-selected, in that they opted to attend a Gartner conference and to participate in a workshop on mobile devices and consumerization. However, we believe that these results are a good barometer of the attitudes of CIOs and senior IT executives in Gartner's client base, which tends to represent larger organizations. In the U.S., we received between 78 and 81 responses to each question; in the corresponding European event, we received between 70 and 76 responses to each question. Percentages are rounded to the nearest digit, so they may not always add up to 100. Histograms record the number of individuals responding to a question. Because the sample sizes are slightly different in the U.S. and Europe, care should be taken when comparing the results. Page 2 of 11 Gartner, Inc. | G00212597 Survey Results and Analysis How many different smartphone and tablet platforms do you expect to be used for business purposes by your employees in 2012? Figure 1 shows histograms of responses from the U.S. and Europe; the horizontal axis shows the number of platforms and the vertical axis shows the number of respondents expecting to support that number of platforms. The average number of expected platforms in the next two years was 3.5 in the U.S. and 3.7 in Europe; however, the distribution has a long tail, so many CIOs expect a complex future. A minority of organizations believed they'd be able to hold the line, allowing only one or two platforms. Discussions with workshop attendees in this situation suggest that they are mostly in industries that are regulated or constrained in some way (e.g., financial services, healthcare or defense). Organizations expecting greater diversity tend to have a more diverse and less controllable range of employees (e.g., higher education). Figure 1. Mobile Device Diversity U.S. Number of Respondents 35 30 30 25 25 20 20 15 15 10 10 5 5 0 0 1 2 3 4 Europe Number of Respondents 35 5 6 More than 6 1 2 3 4 5 6 More than 6 Source: Gartner (May 2011) In two years time, approximately what percentage of the mobile devices (laptops, tablets and cell phones) used in your organization will be owned by employees? The histograms in Figure 2 show that respondents in the U.S. were more aggressive in their expectations for employee-owned devices than European respondents. The average expectation for employee ownership in two years was 38% among U.S. respondents, but only 20% in Europe. We believe several factors contribute to this difference, including: Gartner, Inc. | G00212597 Page 3 of 11 ■ The more complex and diverse reimbursement and taxation issues facing European multinationals ■ Roaming data costs ■ European data privacy regulations ■ Significant differences in employee expectations and conditions of employment across Europe (see Note 1) Figure 2. Employee-Owned Devices Number of Respondents 35 U.S. Number of Respondents 50 Europe 45 30 40 25 35 30 20 25 15 20 10 15 10 5 5 0 0 Less 21 to 40 41 to 60 61 to 80 than 20 More than 81 Less 21 to 40 41 to 60 61 to 80 than 20 More than 81 Source: Gartner (May 2011) In the workshop discussions, we noted that, in general, U.S. organizations tend to be ahead of European businesses in exploiting the opportunities enabled by consumerization. If a shift of this magnitude toward employee-owned devices takes place in the U.S., it will have major implications for many technology and service vendors. For example, there will be opportunities for telcos to provide new types of contracts and support for employee-owned devices, and device manufacturers selling to corporations must make their products more attractive to consumers and find new direct sales channels. Given your view of technology trends, in five years, what percentage of your staff will not be eligible to use employee-owned mobile devices or laptops, because they are still dealing with information that is too sensitive to be allowed on equipment you don't own? The histograms in Figure 3 show that, in the longer term, Europeans seem likely to remain significantly more conservative than Americans in this area. U.S. respondents expected that, on Page 4 of 11 Gartner, Inc. | G00212597 average, only 24% of employees would not be eligible for employee device ownership in five years, whereas the European respondents expected that 35% of employees wouldn't be eligible. We believe that much of this difference is caused by factors such as the complexity of multinational regulations and taxation, as well as the significantly more-stringent data privacy regulations in Europe, which will restrict some information to devices that the enterprise can control (and can prove that it controls). Figure 3. Staff Not Eligible for Employee Device Ownership in Five Years Number of Respondents 60 U.S. Number of Respondents 40 Europe 35 50 30 40 25 20 30 15 20 10 10 5 0 0 Less 21 to 40 41 to 60 61 to 80 than 20 More than 81 Less 21 to 40 41 to 60 61 to 80 than 20 More than 81 Source: Gartner (May 2011) Do you have a strategy to move toward thinner client architectures so that you can support different types of endpoint devices more easily? In the survey, 74% of U.S. respondents and 67% of European respondents reported that they were moving to thinner architectures. Thin clients offer substantial total cost of ownership (TCO) advantages for mobile applications; in addition, as HTML5 evolves, more-sophisticated applications will be delivered without the need for native code. However, we believe that thinner architectures may not fully deliver on their potential, because of HTML5 fragmentation and, in some regions, the risk of poor network performance caused by lack of cellular capacity, at least until Long Term Evolution (LTE) arrives. Corporate interest in thinner architectures appears to have accelerated in 2011; a smaller European survey conducted in 2H10 showed only about half of organizations exploring this option. Gartner, Inc. | G00212597 Page 5 of 11 Do you believe that the security currently applied to mobile devices, such as smartphones and tablets, used in your organization is adequate and would satisfy an auditor? U.S. and European respondents were very consistent in their assessment of security; only 27% to 28% believed their mobile security would satisfy an auditor, 41% to 42% believed it wouldn't and the remainder were not sure (see Figure 4). This response stresses just how far enthusiasm for new devices has run ahead of control over those devices. The consistency between U.S. and European responses is surprising, given that, in these workshop sessions, Europeans generally seemed less advanced than their U.S. peers in exploring new devices and ownership models. We believe this is good news for a variety of security and device management vendors that can address a clear corporate need. Figure 4. Mobile Security Number of Respondents 45 U.S. Number of Respondents 45 40 40 35 35 30 30 25 25 20 20 15 15 10 10 5 5 0 Europe 0 Yes, security is adequate to pass an audit. Maybe; the No, security is adequacy of not adequate to security is not pass an audit. known. Yes, security is adequate to pass an audit. Maybe; the No, security is adequacy of not adequate to security is not pass an audit. known. Source: Gartner (May 2011) In two years, approximately what percentage of your employees will be using tablet devices, instead of laptops? Expectations of tablet usage were very consistent across the U.S. and Europe, as illustrated in the histograms in Figure 5. U.S. organizations expected that, on average, 23% of employees would use tablets, instead of laptops, during the next two years, and Europeans estimated 20%. A small number of CIOs had much more aggressive expectations, with 12 U.S. respondents and nine European respondents expecting that more than 40% of employees might replace laptops with tablets during the next two years. Page 6 of 11 Gartner, Inc. | G00212597 Figure 5. Use of Tablets, Instead of Laptops, During the Next Two Years Number of Respondents 50 U.S. Number of Respondents 60 Europe 45 50 40 35 40 30 30 25 20 20 15 10 10 5 0 0 Less 21 to 40 41 to 60 61 to 80 than 20 More than 81 Less 21 to 40 41 to 60 61 to 80 than 20 More than 81 Source: Gartner (May 2011) These results support Gartner's view that, in the medium term, tablets will remain functionally inferior to laptops, and not appropriate for the full range of corporate applications. The consistency between U.S. and European attitudes in this area is a consequence of the fact that the viability of tablets is determined by job roles, not technology or regulations, and there is considerable commonality in the needs of similar roles in both regions. Discussions with workshop participants suggested that roles that would benefit from tablets include sales, business development, senior executives, marketing staff and staff carrying out simple data collection tasks (thus serving as a clipboard replacement). If CIOs act as they predict, a shift of 20% in corporate device purchases from laptops to tablets would imply substantial growth in the tablet market during the next two years. Do you make your users sign any form of declaration or policy document if they use personally owned mobile devices to access corporate information or corporate e-mail? If so, how effective do you think such paper policies are in controlling user behavior? Approximately 50% of the respondents in the U.S. and Europe used some form of policy document, although few respondents thought they were effective in controlling behavior. However, they may be useful as an educational tool, or necessary for legal reasons, to establish that an employee is aware of company policy or has agreed to allow his or her employer to perform tasks such as wiping a personal device (see Note 2). A surprisingly large proportion of respondents (31% in the Gartner, Inc. | G00212597 Page 7 of 11 U.S. and 22% in Europe) appear to allow corporate e-mail and other information on personal devices, but don't even require their users to sign any form of declaration or policy. Figure 6. Use of Policy Documents U.S. Europe Policy documents are mostly ineffective. Policy documents are mostly ineffective. Policy documents have some value. Policy documents have some value. Policy documents are very effective. Policy documents are very effective. We don't make users sign policy documents. We don't make users sign policy documents. We don't allow access to corporate e-mail or documents on employeeowned devices. We don't allow access to corporate e-mail or documents on employeeowned devices. 0 10 20 30 40 Number of Respondents 0 10 20 30 40 Number of Respondents Source: Gartner (May 2011) What's your view on the risks of allowing employees to download apps from public app stores to install on mobile devices that are used wholly or partly for business purposes? (Please select the response that's closest to your opinion.) Figure 7 illustrates that app stores are a problematic area for organizations. On the one hand, allowing employees access to apps increases staff satisfaction and innovation by enabling employees to customize their working practices and find new tools to support their work. Apps are also one of the main reasons that individuals want smartphones and tablets, so they cannot be banned on a device that is used for personal purposes. On the other hand, the risks of apps include data incompatibility, and the potential for viruses and trojans. Europeans were significantly more Page 8 of 11 Gartner, Inc. | G00212597 cautious than U.S. respondents, with 3% banning apps. A significant proportion of respondents permit apps, but are concerned by the risks. This suggests opportunities for technologies that can either control apps or isolate corporate data from the risks of rogue apps (see Note 3). Figure 7. Use of App Stores U.S. Europe We don't allow downloading of apps from stores. We don't allow downloading of apps from stores. We allow app downloading, but retain the right to control or veto apps if required. We allow app downloading, but retain the right to control or veto apps if required. We allow app downloading, but are concerned by the risks. We allow app downloading, but are concerned by the risks. We allow app downloading and are not concerned by the risks. We allow app downloading and are not concerned by the risks. Other Other 0 10 20 30 40 50 Number of Respondents 0 10 20 30 40 Number of Respondents Source: Gartner (May 2011) Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Findings: Consumerization Is Affecting Enterprise Mobility Strategies" "Mobile Device Management 2010: A Crowd of Vendors Pursue Consumer Devices in the Enterprise" Gartner, Inc. | G00212597 Page 9 of 11 "Mobile Architectures, 2009 Through 2012: A Trend Toward Thin" "Magic Quadrant for Mobile Device Management Software" "Checklist for an Employee-Owned Notebook or PC Program" "Creating New Policies for Employee-Owned PCs and Notebooks" "How to Choose the Right Enterprise Tablet for Your Employees" Note 1 European Challenges Discussions in the European CIO workshops highlighted the fact that multinational European organizations face greater challenges than their U.S. counterparts in adopting strategies such as employee-owned devices, because of the variations in working practices and cellular contracts around Europe. For example, in Germany, new working practices would typically have to be agreed on by workers councils. Also, many European executives travel internationally, and the high cost of international data roaming (especially on consumer cellular contracts) complicates reimbursement plans, thus making simple stipend models impractical. Note 2 Wiping Personal Devices In our experience, most organizations permitting the use of employee-owned devices obtain a waiver from the employees permitting them to be wiped in certain circumstances, such as when a device has been lost or stolen. However, a small number of workshop attendees had been advised that this might be risky, because of the potential value of the personal information on the devices. Therefore, we advise organizations to consult their lawyers when creating policies for controlling corporate data on personal devices. Note 3 Controlling Applications Some MDM tools can control applications on mobile devices (for example, by enforcing blacklists or whitelists). An alternative approach is to use technologies that wrap corporate data in a controlled environment that is inaccessible to external apps (for example, so-called "sandboxed" mobile e-mail solutions). Page 10 of 11 Gartner, Inc. | G00212597 Regional Headquarters Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 Japan Headquarters Gartner Japan Ltd. Atago Green Hills MORI Tower 5F 2-5-1 Atago, Minato-ku Tokyo 105-6205 JAPAN + 81 3 6430 1800 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611 Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, 12551 9° andar—World Trade Center 04578-903—São Paulo SP BRAZIL +55 11 3443 1509 Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600 © 2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/ ombudsman/omb_guide2.jsp. Gartner, Inc. | G00212597 Page 11 of 11
