Business IT is undergoing fundamental changes right now – changes that are as fundamental and far-reaching as when your company first connected to the Internet back in the 90s. What’s more, these changes are probably not part of your existing IT strategy, but they’re happening all the same.
In a series of blog posts, we’re going to look at what these changes are, why they are occurring, what they mean for organisations – and how they can manage and process these changes to enable their business, while maintaining control of data flows and intellectual property.
The big change is the transition to a ‘mobile first’ model. Of course, it’s been happening for over 5 years and, like previous major transitions in business IT (the introduction of PCs, the Internet revolution), it is changing the way users behave, disrupting enterprise architecture and opening opportunities for innovation. The lines that used to separate the mobile and non-mobile world are becoming increasingly blurred and that eventually, all the capabilities and technologies that end-users and employees use will be mobile-driven, or mobile enabled in some form.
There are a couple of below-the-waterline reasons why this is happening. It started with the introduction of new mobile operating system architectures in iOS and Android. How operating systems work now looks very different to how they worked not that long ago, particularly from a security standpoint. For example, operating systems used to have an open-file system, which meant that applications could access each other’s data and system-level processes. This made them vulnerable to attack and left the kernel unprotected – which is why Internet worms and malware could be so disruptive in the late 90s and early 2000s.
With the launch of mobile operating systems and individuals – both consumers and employees – using more and more apps, this way of operating became unfeasible. So we moved from an open-file system to a sandboxed system, and from an unprotected kernel to a protected kernel. This is far more secure and partly why you don’t see much malware on iOS. Gartner recently predicted that the security and management architectures being used on smartphones now will be the dominant models in the entire endpoint computing environment by 2020, and that the notion of a traditional system image will all but disappear. And about time too.
A matter of trust
Alongside these architectural changes is the evolution in the notion of trust. Trust is no longer just based on the user, and it’s not enough to know that your user is trustworthy. Trust now depends on the device, the application, the repository and the file, as well as the user. Not all of these will matter all of the time, but in any case, companies need to make access decisions based on this more complex, fluid and dynamic trust model.
The final change we want to discuss in this blog is the role of the end user. Previously the security model was centred on the device – now it’s focused on the individual.
In the traditional Wintel PC environment of a decade ago, all that mattered was having security on the endpoint, so that malware couldn’t be introduced to the network. The user made do with whichever applications the IT team provisioned for them – and these were typically severely locked down as well. The rise of smaller, portable computing devices started to change that, and now mobile has swept it away. Thanks to the new user experience that focuses on making things easy and convenient, users care about three things only: choice, experience and privacy.
Employees expect enterprise apps to deliver the same level of user experience that they've had with consumer apps, and even use similar technologies too. As we discussed in a recent blog, this creates privacy and data security issues for employers. Curiously, it is the cultural change that is sometimes the hardest part to address.
These fundamental changes in architecture and the role of the end user have major implications for the way in which organisations need manage their technology – which means fundamental changes to their IT strategy. Companies need to look at how they can modernise their processes to unlock and enable the full potential of mobility, and in the next blog we’ll be looking at how they might do this.