[ComputerWorld Canada]: With so much focus on BYOD in the enterprise, it seems that the issue of employees who do not use mobile devices is being overlooked. How do you think companies should train employees who don’t own smart phones themselves, yet require them for work?
[John Wei]: You raised a very important question. This is something that should be thoughtfully managed as part of the business readiness process. I have a few recommendations:
1. Establishing/maintaining guidelines around the platforms and devices enterprise will support, to make sure the devices your employees buy have the computing power necessary to run the enterprise mobile infrastructure and mobile applications effectively.
2. Providing platform (e.g., iOS/Android) level trainings through video, user groups, blog sites, ideally establishing departmental-level mobile device gurus for easy access and ready help. These gurus may be viewed as super-users.
3. Designing mobile applications with intuitive use case flow and screen transitions. If your users actually have to read a user manual to understand your application, you already have failed in U/I design. The company should develop a consistent design language.
4. Incorporating mobile device and mobile applications into your existing sustain/run operating model.
[ComputerWorld Canada]: Would you say that a non-smart phone user would be easier to educate about security risks and policies versus someone who already owns a device for personal use?
[John Wei]: Not necessarily. I believe security should be inherent and built into the IT operating environment across all layers, from application to infrastructure. It is very important that users receive regular security policy training. At the same time, the right security is the kind that is built in and seamless from the end-user perspective across all channels, including mobile.
Even in companies where IT will retain ultimate control, user communities are increasingly having a direct say in the final decisions.
[ComputerWorld Canada]: In industries that require tighter security (again, that would have traditionally used BlackBerrys), do you think that more companies will be attracted to the idea of creating their own secure mobile OS (for example, I’ve heard of some firms are creating secure versions of Android)?
[John Wei]: Developing a secure mobile platform at the OS level remains relative rare, as the OS choice also implies the choice of eco-systems available to the user. Today, users are routinely using the same device for work and personal productivity. The line between a personal vs. a work device is blurred. Many companies will invest in security frameworks sitting between the OS and Application layer to automate the security enforcement and retain agility in application development.