Transcript for Consumer Products vs. Enterprise IT - Part 1

Jim Burton: Welcome to UCStrategies Industry Buzz. This is Jim Burton and I am joined today by my UCStrategies expert colleagues and today’s topic is about how consumer-related products are driving major decisions by IT organizations. I think from a history standpoint, we have seen this happen before, but in quite different ways; we saw mainframes, to mid-range computers, to PCs having big impact on the IT organizations. We’ve seen data networking from the big players having data networking now any small enterprise or even our home can have data networking. Word processing was a good example. That was something that was very well managed and then we had PCs coming out with word processing capabilities as well. So our topic is really about what impact it has, having these new consumer devices. We can talk about the smartphones and the iPhones and the Blackberrys, the impacts that they are having on organizations, as we have seen a little bit of history there. Tablet PCs are certainly having an impact and social networking is having an impact. So I am going to turn it over to the UCStrategies team and we are going to start with Michael Finneran, as he is our expert on mobility.

Michael Finneran: Well thank you Jim. Well certainly, the mobile market has brought this to our attention most forcibly, but IT has traditionally had a challenge describing to end users why you simply can’t bring any consumer gadget into the enterprise. I think what mobile is really doing, however, is demonstrating that the gap is getting a lot wider and the strain is getting a lot greater. Certainly on the mobile front we will see things like call handling – PBX can do simultaneous ring, however; we have call handling solutions like Google Voice that just leave that in the dust. Voice over wireless LAN will have a Polycom SpectraLink phone or a Cisco 792x. But now we can do Skype on the iPhone and with video. And certainly, the place I see the gap the greatest today is with location-based solutions, where I keep waiting for the UC managers to start using the location capability of the mobile device to adjust our presence status. We are doing that with foursquare, with Google Maps—Superpages.com makes use of a location capability. And I don’t even want to get into the social networking aspects, because I know Blair is going to be addressing that later.  

But certainly, what we are seeing is greater pressure on our traditional enterprise UC vendors to stay relevant and certainly for IT departments to respond. What we are seeing is this move to consumerization. Of course, I am still confident that we will be able to do this. We faced exactly the small challenge back in the early 1990s with the advent of PCs; initially we figured out how to support them and eventually they became the accepted solution. So I think we have some work to do, but I still see the IT department as having the wherewithal to master this situation as time goes on. Andy, I know you have some ideas on this, as well.

Andy Zmolek: I am at ground zero for some of this, being with a traditional handset manufacturer for consumers here at LG and what we are seeing is that as we are starting to get into the enterprise space is that there is a real dualism that happens right there on the device – the lines of demarcation between what is personal and what is business have become so blurred and I think the iPhone was really the beginning of that blurring, but it's accelerating and in fact, one of the interesting things we’re looking at with what’s going on in terms of how does the IT department manages that, is where is the line of demarcation inside the device? I need to, if I am an enterprise, protect the enterprise data that is within that device, but at the same time as an individual, I don’t want my enterprise to be privy to call detail records for my personal calls and ideally I would like to be able to pay personally for my personal calls and have my enterprise pay for my business calls and have a perfect separation between the two. And the interesting thing is that the technologies were all there, but what we don’t yet have is a set of clear lines of demarcation for where one sphere of influence begins and the next one ends. There is some interesting technologies out there coming to help address this, virtualization is one, and there are some interesting possibilities for how UC fits into this, because obviously I would like to have my personal number that is not necessarily directly connected to any of the enterprise UC separated from what my single reach number might be that I might want extended to my mobile device and clearly the technologies are there, but what we don’t yet have is integration from the UC vendors that makes that as seamless within the device as it could be.

What we are seeing here today is similar to what happened in the PC realm in the sense that the whole MIS transition to information technology is happening where mobility is changing what IT does and means and we’re going to see those – probably a new name for IT come out of all of this, after we’ve figured it all out. But figuring out that line of demarcation, who owns what, how to preserve the privacy of the personal use of the device, but at the same time, extending all the UC functionality, if you just think about some of the simple things like getting presence from that phone, which is a mobile phone, into the enterprise UC system, and that’s where your most accurate presence data is going to be...that is something that is still nontrivial and really not terribly available today.

Art Rosenberg: Andy, this is Art; I just want to throw a comment in – it's a term that has been bandied about and you are right, it hasn’t happened yet, called “dual persona.” It's a device, a single device representing a single person, but it represents two different areas—and can actually be more than two—but just for simplicity sake, personal versus business.

Andy Zmolek: That’s right and we’re even doing some things with VMware in that space and there are several other ways of attacking this dual persona. There are a couple of other companies out there in that space, Open Kernel Labs and Virtual Logics that have been doing some type one dual persona. Open Kernel Labs has even done this for some government customers, really interesting use cases. I tend to agree that that notion is one that we are going to see a lot more of, as people get tired of carrying around two phones or doing other gymnastics to try to work around this problem. Let me hand this off to Dave Michels, who has some additional thoughts.

Dave Michels: Thanks Andy. This is really the same song and dance routine that we have been going through for a long time, except that the rules and expectations are just slightly changing. But when I was in IT management for the ‘90s and every 2000, it was the same thing. We would have a corporate standard for say a PC, and we would have a budget number of something like $700, and people would be coming in all the time, saying, “well hey I can go to Office Max and buy a complete PC with decent specs for $350, this is unheard of.” You can settle that conversation with some reason around corporate software licensing, corporate standard support, enterprise edition of the operating system... You could eventually, with a little bit of education, explain what the difference really was and why we had all this entire corporate infrastructure in place. It’s kind of the same today, except that there is less and less tolerance of that corporate infrastructure, because it's becoming so much of a barrier. I am on a committee here in my hometown with the public school district and they are wrestling with thin client – netbook-type of computers versus desktop. They can buy a significantly higher quantity of the thin clients or the netbooks, but the problem is the networking infrastructure – they don’t have enough ports and they have very expensive managed network ports and they can’t wrestle with that dichotomy , where do you draw the line?  

And so much of that corporate infrastructure, rules, policies... is being attacked and questioned right now because of the incredible rate of innovation that we are seeing in the consumer space. Yesterday for the first time, I got a Skype video call from an iPhone and that’s pretty impressive technology. I think we are seeing things like Skype penetrate the enterprise far faster than other technologies have in the past, because they are in the consumers’ hands or because they offer extraordinary capabilities and tools. Art mentioned about the dual purpose-type of stuff. The cell phones are a real problem because you have customer numbers, you’ve got basically a lot of corporate sensitive information on a cell phone and corporations are having a real tough time. It's not uncommon and it’s almost embarrassing to find organizations where you find employees having to carry two cell phones; one for their corporate and one for their personal. Possibly one answer to that is the virtualization of the cell phone technology that might be coming out here in 2011 as a standard. But it's the same old battle and I guess my key point here is that there is just a lack of tolerance around the corporate infrastructure that we used to be able to discuss and convey a strong value with – is now really often being considered a barrier to innovation, which is a balancing act that every organization needs to figure out. Marty do you have any thoughts on that?

Marty Parker: Yes Dave exactly, and building on what each of you has said so far, the thing we see our clients doing is looking at the use cases. The answer to this use of consumer technology is not a one-size-fits-all answer. So by looking at use cases, the enterprise is able to determine what UC functions are needed to optimize the business process. Once they do that, they can look at how these use cases are influenced by the business requirements, including things such as compliance and audited privacy, some of which are even external regulatory legal requirements on their enterprise, not just something set by internal standards. When they get that clarity—what’s the use case, and what are the constraints and conditions—then they can select the best solutions and sometimes that means using consumer tools. We have seen this happening with a number of our clients. Sometimes a whole segment of the user population will be moved on to consumer-based tools, while the remainder of the enterprise remains on what I will call “enterprise control tools.” And sometimes that selection–it will require some capability integration, but that’s just what systems integrators do.

Now most enterprises then will set a standard based on that, and standards get updated every two, three, or four years, so it's not like standards are immutable, but the enterprise sets the standard saying, “this is how we’re going to do it. This is what software we’re using, what devices or services and solutions we are using for this use case,” and with those standards in place then they will have solid policies, they’ll have solid auditability, they’ll have solid manageability, and solid economics. They will know what to expect. As I said, all this happens in the context of economics usually. The users expect their employer to pay for usage on their personal device. I’ve seen some real tricky conversations going on between employees and employers, when the employer says, “Oh we’ll just send that to your personal device.” “Fine, I am not paying for text messaging right now, so are you going to compensate me on a per alert basis or what?” So what we find is that the cost of reimbursement and we find that this economy of consumer pricing often will drive the enterprise to issue a business-only device, with IT management and better economics. So I think it all goes back to the use cases, David, and others, we find what the particular need is, where’s the business process improvement, and that will define the economics and your requirements in such a way that the enterprise can easily determine whether to depend on consumer-based solutions or to depend on the enterprise-class solution for that particular use case. Samantha, I think you mentioned that some IT organizations, with outsourcing, are struggling with this, right?

Samantha Kane: I certainly concur with you Marty, on the business process and the business solution driving the technology, but mine are more observations and they are two different kinds of observations. One is that larger business enterprises seem to be getting skinny on their IT resources and you no longer can be a generalist in the IT department. You have to have very specific skill sets and things that the consumers are pushing, both into the enterprise as a demand for requirements and tools – now are driving other businesses. We came across a company called "Spokeo" the other day that gathers all the personal information that is out there on the internet and tells you how much personal information is out there. So from an enterprise organization point-of-view, how do I deal with that versus the consumer point-of-view or the personal as Andy and ground zero folks have brought up.

The other observation is that some of the customization and requirements that are driving these tools to be recognized are making demands on other things. Our practice has an E911 flavor to it and what we are noticing is that the demand on firewalls and appliances and being allowed to have Map-2 and Map-3 information distributed to be able to register things, is causing sincere grief at the IT level. And so not only is it the tools that the consumer is pushing into the enterprise, but it is again as you have stated, the people and process requirements and the policies regarding security and facilities and those types of things. So I will put it back out to the knowledgeable team out here that we have today to comment on the security aspects and those requirements.

Andy Zmolek: Let me jump on the security question, because I have been dealing with that both within the UC and now the consumer space for a little while, and what I am seeing is that the bar in terms of what an enterprise expects – I will specifically talk to the mobile device, as that is where I am seeing the most movement in the last two years. It used to be that what enterprise would do is say, “okay, Blackberry is going to meet all of our requirements, therefore you have to get a Blackberry.” Starting really with the iPhone, the IT department has gotten less and less ability of absolute dictation of policy and especially as senior executives have pushed back and said, “why do you need to have that policy; what is important there?” And what we’re seeing is a smaller number of policies that are required, but absolute focus on real security – having encryption, having at-rest capability, having the ability to remotely wipe a device, is just at this point completely assumed for any device that will have enterprise data on it. That has actually accelerated in the consumer realm in ways that were unthinkable a few years ago. There are now a lot of consumer-specific security applications that are kind of the flipside of the enterprise security, where now you can find your phone, you can wipe the data on your phone if you’re just the consumer. What we are seeing here is that security has become the critical baseline feature for doing anything in this space and certainly, while a lot of this started in the enterprise there is a consumerization of those security requirements that has been breathtaking over the last year and a half.

Art Rosenberg: This is Art. I just want to make a comment that security is really for the information, not for the device. The key is to not store things in those devices and the information access is what you really control at all times. This is where I think things are going to be heading, especially when you start getting into applications; i.e. the app stores and so on. There are “Thousands of apps,” and some of those apps are going to be controlled by the enterprise; some are going to be controlled by the consumers. The question is, where are those apps and where is the information that they control? You just reorganize that so that is not open or available as part of the device. That has always been our problem.

Samantha Kane: Art, it's Samantha – how would you comment to Andy’s earlier suggestion of where do you head off consumer versus enterprise, the demark point?

Art Rosenberg: Well that’s a question of addressing, if you think about it. In other words, you are talking to in one case, a business user who has some kind of responsibility, whatever the title is and so on. It's not just a name. And then there’s the same person who has the same name, but different – a lot of it is going to be entertainment. Look, what’s going on for mobile devices, they are talking about TV and everything else. So you have to separate – the user is going to be wearing two hats, one for his personal needs whatever they may be and the business responsibilities, whatever they may be and they are coming from two different sources. You don’t address both needs with one name, you have to come in with an address that is different.

Marty Parker: Let’s not assume that none of these problems are being solved.

Art Rosenberg: Oh no, that’s our challenge.

Marty Parker: If you look at it, they are being solved. RIM has a client for the Blackberry that can distinguish phone calls and distinguish directories and so forth between the user’s personal directories and the enterprise directories. There are similar types of clients available from Avaya, from Cisco, from Siemens, Mitel, basically allowing you to load the client on the device – it can be a thin client, as Art points out you don’t have to load the corporate directory on the device or if you do, you can melt it if the device is lost or stolen. But you then allow the user to make five-digit dials, and you will be able to also make the calls and make the communications through the enterprise infrastructure, so you have all the security compliance, logging and control, as well as the economics of the enterprise procurement process. So these problems are being solved and let’s not assume they’re not.

Andy Zmolek: I think it's worth pointing out that if anything, what we suffer from is having too many solutions in the marketplace that aren’t necessarily equivalent – I will give you an example for what I would call the “enterprise sandbox problem.” You can apply virtualization and there are two different types of virtualization; there is a type one and a type two. There is an API-based solution where you write your enterprise apps to a special API that will then encrypt and send things back through the enterprise over a VPN or private network of some sort. There are some HTML5-based approaches that basically involve running enterprise applications within a special sandbox. Now the problem with those are that the realtime applications aren’t really compatible with HTML5 environments, they are asynchronous in nature whereas you need to have fully synchronous communications for UC apps to work, but these are all out there. There are differences in terms of does the app needs to be rewritten in order to work in the enterprise environment? Does it work well with UC or is it challenging to UC? As you go through each of these potential solutions, what you find is that there really isn’t any one ideal solution. My sense is that in terms of the benefit versus the costs involved and the need to get application developers to rewrite things, there are some very interesting possibilities with virtualization in the sense that if the enterprise controls the OS that is used for the business side and the applications that are distributed onto that OS and the networking that goes back through on the other side.... then you use some tricks with APMs on the back end with a carrier, there seems to be a nice neat little line of demarcation there that could be exploited to allow the enterprise to say, “okay here’s what I am delivering to you; here’s what disappears when you leave the company, and when I wipe my part of the device, it's not going to affect your personal side.” An operator can charge the enterprise separately. There are by no means all of the solutions out there and there are some aspects of virtualization that have yet to be proven.

But the point here is that if anything, there are too many technology possibilities and it is very difficult for an individual, much less an enterprise,  to wade through all the possibilities and make an informed choice today, as so many of them are immature to boot.

Jim Burton: Thank you all for your time today. It was a good podcast and I look forward to talking to you all again next week.