Making Mobile Device Decisions…

question-1889416_960_720Note: This blog is the eighth in a monthly co-authored series written by Charlotte O’Donnelly, Research Analyst at Blue Hill Research, and Matt Louden, Brand Journalist at MOBI. MOBI is a mobility management platform that enables enterprises to centralize, comprehend, and control their device ecosystems.

As summer winds down, enterprises are preparing themselves for the next round of new device releases. That’s because mobile technology manufacturers like Apple and Google choose to unveil revolutionary gadgets and innovations around this time every year. How can your business be sure it’s choosing the best new IT assets for enabling workforce productivity?

For many companies, evaluating different mobile devices feels a lot like comparing apples and oranges—each vendor’s technology has unique feature sets and capabilities that not everyone finds useful. Without a tried-and-true evaluation plan or strategy in place, it’s easy for enterprise mobility programs to lose focus on what’s most important or be paralyzed by complexity while trying to make a new device decision. If your business needs to pick the perfect new IT asset, pay special attention to these four areas:

1.     Security

New technology has the potential to transform companies and disrupt entire industries, but if it compromises corporate security policies or compliance efforts, nobody will ever adopt it. Remote data wipe capabilities are a must-have in today’s digital business landscape; otherwise, what happens if a mobile device is lost or stolen and ends up in the wrong hands?

In addition to remote wiping, make sure any newly implemented technology securely manages data transfers and enforces adequate encryption controls. Today’s devices consume and communicate more data than ever before, so businesses need to be prepared for never-before-seen security challenges and network traffic levels.

2.     Support

Brand-new technology can also mean big trouble for end-user support efforts, especially when it comes to procurement and device management tasks. Make sure mobile devices align with a mobility program’s strategy and vision before undertaking any implementation process.

Communication is also more essential to enterprise success than ever, so looking for HTML5-compatible technology is a wise use of resources. This platform-agnostic language isn’t just the foundation of the Open Web Platform; it also incorporates standard web technologies to facilitate cross-platform applications that work across almost any device type.

3.     Data Syncing

Not all companies are created equal—some limit device online activity while others couldn’t care less about it. Some new mobile devices remedy this issue by offering online/offline sync capabilities, which allow workers to record data offline, sync a device to a network, and update that network’s records once connectivity is re-enabled.

Data capture requirements can also come into play. Do employee mobile devices need to be able to scan barcodes, capture information with a camera, or perform bulk changes? If the answer is yes, try to remember that not all new technologies have the capabilities required to meet these demands.

4.     Work Environment

A mobile device’s physical qualities certainly influence the outcome of enterprise technology decisions. If a touchscreen display is too small or isn’t intuitive to use, for example, businesses probably won’t choose to use that particular device. However, the working conditions this technology is regularly exposed to must also be considered. Depending on how harsh a company’s work environment is, employees may need nearly indestructible hardware to successfully perform their jobs.

Is Wi-Fi or cellular network coverage always available? When are employees most likely to use this device? Will users repeatedly expose this device to dust, dirt, water, chemicals, or extreme weather conditions? These are just a few questions you need to think about when reviewing and/or adopting new devices.

You’ve put each potential device through a rigorous evaluation process and finally found your program’s perfect fit. So, now what? How can you use this new technology to drive productivity gains?

Focus on Individual Users

It’s easy to overlook individual users when making tech decisions for an entire organization. However, employees that feel like their personal values, strengths, opinions, and ideas are recognized and appreciated at work are more likely to exert extra effort and consistently achieve at the upper end of their potential.

Modern mobile devices not only help companies identify and optimize workers’ natural talents, but also cultivate the skills, experience, and knowledge necessary to actualize a workforce’s full potential. These devices enable people to work non-traditional schedules from anywhere, maximizing individual productivity by allowing employees to work when they’re most motivated and prepared.

Increase Strategy-Oriented Workloads

Employees who see their work make a meaningful difference are much more likely to be committed and engaged. That means the more strategic the workload, the more productive the employee.

Mobile devices ensure constant employee connectivity and communication, giving workers clarity when it comes to enterprise expectations, vision, and goals. By leveraging a Mobility Management Platform (MMP), an organization improves enterprise visibility and decision-making by streamlining mundane tasks, allowing employees to focus exclusively on big-picture responsibilities instead.

Prioritize Employee Education

If managed properly, new technology can lead to increased enterprise productivity. If it isn’t, expect information overload instead. Fortunately, peer coaching, networking, and mentoring is much more likely with mobile devices involved because these devices provide a constant outlet for communication.

These new devices also aid employee education efforts. In addition to monitoring policy compliance and managing end-user behavior, mobile phones can store and access training resources from anywhere at any time—keeping workers accountable, current, and efficient.

The next generation of smartphones is almost upon us; is your business ready to make a decision?

GRC Implementation Success, Part 3: Business Requirement Definition

DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.

Part 3 of this series examines the process of defining business requirements for the software investment and its relationship to the effectiveness of the implementation.

Five years of research into governance, risk, and compliance (GRC) software investment at Blue Hill clearly underlines the connection between effective planning with high levels of satisfaction with the ultimate implementation. To this end, Blue Hill’s Contributors to GRC Implementation Success: Avoiding the Worst-Case Scenario benchmark report observed that the “crucial determining factor” in the outcome of a GRC investment was the organization’s ability to assess how explicitly the implementation accounted for: the intended process change, information consumption needs, and data management practices.

Start with the Business Process

If that sounds like a lot, it is because it is. Truthfully, it is not one factor, but a confluence of considerations that require close attention. It is often easier for organizations (once they identify the investment need) to proceed on assumptions about how the software investment would impact the business. In the same study identified above, Blue Hill observed that organizations experiencing “Worst Case” implementation experiences were more likely to focus on a critical event (such as a regulatory change, increased agency enforcement, or high-profile exposures suffered by peers) or particular solution features and functionality desired.

By contrast, Blue Hill found that Best-Case implementations devoted substantial time to evaluating existing processes and needed changes, based on identified business needs and operational goals prior to considering software functionality in any way. Put another way: Best Case implementations featured extensive efforts to identify and precisely define the business requirements for GRC. This involves reviewing and understanding the processes to be enhanced, the needs of all stakeholders in the solution, and organizational limitations (such as IT infrastructure constraints, budget, and/or appetite for change). As an example of this approach, the table below summarizes how professional services and technology firm KBR, Inc. used business needs to drive technical requirements prior to implementing a SOX controls management platform. (Read the full case study here.)

Table: Requirements of a Controls Management Platform Sourced by Business Need 

Screen Shot 2017-08-14 at 2.55.47 PM

When performed with a realistic eye at the start of investment planning, this process provides a blue print that will guide solution and vendor assessments, as well as in implementation planning. When overlooked, organizations leave themselves open to late discovery of needs, solution limitations, or other factors that result in delay and scope change or otherwise warp and impede the implementation process.

Defining Business Requirements

Blue Hill’s KBR case study benchmarked the organization’s implementation of a SOX controls management platform among the most successful Blue Hill has ever studied.

Analysis of KBR’s experiences clearly reinforces the importance of business requirements definition. Before exploring software functionality, KBR dedicated approximately one month to a systematic review of SOX test and review processes and related reporting needs. This resulted in a list of approximately 75 business and technical requirements for its new GRC platform, with fifteen prioritized as “key requirements.”

These requirements became KBR’s primary tool for solution selection as well as implementation planning. In the former, the organization’s requirements document helped to define its RFP questionnaire as well as its demo evaluation framework. In defining the solution itself, the requirements document influenced the shape of KBR’s configuration specifications as well as its UAT test plans. The requirements document even assisted in KBR’s efforts at user role definition, workflow design, and data property models . . . all factors that are often left to deployment stages and can substantially slow the implementation.

Tempered by the business objectives set for the investment, this sort of thoroughness enables organizations to identify not just the functionality it needs as well as the non-functional architectural and delivery methods that would permit it to effectively achieve its goals. This clarity of purpose translates into the ability to quickly identify and prioritize investment needs and to adhere to a clear deployment cycle. The impact of this step on subsequent activities cannot be overemphasized, particularly when organizations take the time to understand how these requirements relate to its ability to execute on implementation plans.

The first, and starkest, example of the difference this makes will appear in the vendor evaluation and selection process.

Next, we look at: the ‘show me’ approach to vendor evaluation

Before, we discussed:    Why implementation success is investment success

GRC’s role and value contributions to the business

GRC Implementation Success, Part 2: GRC’s Place in the Business

DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.

Part 2 of this series looks to the common business role and objectives that underlie the various use cases for GRC. Part 1 examined why GRC implementation success is critical to the success of the overall GRC investment.

“Governance, Risk, and Compliance” (or GRC) can refer to a wide variety of business processes and software capabilities. Each letter in GRC itself refers to a broad swath of operations that can occur across several operational contexts within the organization. We might see GRC in the IT department, in finance, in multiple legal mitigation and compliance strategies, or even as larger roll-up of enterprise risk.

Because this particularized need often drives the software purchase, it can be difficult to divorce GRC’s larger business role from the various specialized uses it might place across an enterprise. Unsurprisingly, the GRC market itself is fragmented and diverse, with many vendors offering similar sets of capabilities to serve various, specialized sets of use cases. As a result, we can break GRC into seemingly endless sub-markets based on function (internal audit, compliance, quality, supplier / vendor governance, etc.) or standards framework (FERC, SOX, KYC, HIPAA, anti-bribery, FDA, etc.).

Essential Elements of GRC

Across these various business use cases, we generally see the same core set of software functionality implemented in some form. Blue Hill has previously identified these core capabilities as:

-        Centralized risk data management

-        Process and controls management

-        Workflow management

-        Automated monitoring and alerting

-        Automated reporting

In most cases, some combination of these capabilities will be found in a GRC implementation, while the real differences tend to emerge in the content libraries and workflows used.

Figure: Core Functionality Supported by GRC

Screen Shot 2017-08-14 at 1.39.45 PM

Nonetheless, the host of specializations and use-case-based nuances can obscure the underlying commonalities. Investment decisions relating to GRC thus tend to focus on the instigating point problem (“We need a solution for SOX”). That’s not bad in and of itself, but it often prevents the organization’s understanding of larger business objectives to proceed beyond good intention and assumption. While there are reasons good and bad for this (often the point need is real), it often leaves the organization with a lack of clarity that will hamper its ability to scope and plan the implementation . . . or to accurately assess the total business value.

GRC’s Role in the Business

GRC is used to enhance an organization’s ability to complete one or a combination of the following processes: risk analysis, controls process management, and the generation of reports to serve a variety of business stakeholders. Often, the use of a GRC platform is a replacement for manual processes and spreadsheet-based information management. In these contexts, GRC is correcting for the time-intensive nature of manual activities or the version control and silos that emerge in manual data management environments.

To see how these dynamics reoccur in GRC implementations, we can review several GRC business cases that Blue Hill has examined in its research:

-        Regional North American Utilities Provider: With risk management efforts distributed among line of business management in a decentralized model, the organization needed a platform for the consolidation of risk data to support enterprise risk analysis at executive and board of directors levels. The organization needed to be able to normalize multiple types of risk, facilitate information collection from an “effectively endless” array of reporters, and permit two dedicated staff to meet standard reporting intervals as well as provide real-time insight on request.

-        United States Pharmaceutical Manufacturer: The organization’s quality assurance management efforts were dominated by spreadsheets, manual processes, and a “disaster of a file share platform.” As a result, quality reporting suffered from significant wasted effort and FDA and customer audit requests that created significant business interruptions. The organization sought a solution that could integrate with existing knowledge repositories, provide centralized control of documents and versions, and support the management of core processes.

-        Global Metals Mining and Manufacturing Company: Spreadsheets served as the organization’s primary mechanism for modeling and reporting on financial risk. Distributed business units used managed local financial risks through manual risk registers in spreadsheets or local ERP solutions with no common risk analysis or reporting framework. After identifying the potential for error generated by manual processes and divergent methodologies, the organization implemented a global enterprise risk platform to provide a centralized source of truth and standardized risk methodology.

-        Large European Commercial Bank: Regular vulnerability scans performed by the organization resulted in over 60,000 lines of data that could not be effectively analyzed within the organization’s vulnerability scanners. As a result, the organization exported vulnerability data to spreadsheets to conduct manual categorization and risk analysis. This resulted in lags in time to act on information and opportunities for error, while consuming roughly three days of employee time to compile each report. The organization required a platform to consolidate, categorize, and format data for business reporting.

-        Large International Financial Holding Company: A regulatory agency identified the need to implement an automated system for tracking, managing, and reporting on risk within 90 days to resolve an issue. The organization possessed a legacy GRC platform on an outdated version. To upgrade the solution and obtain the required automation would result in failure to meet the terms of the resolution. As such, the organization identified a replacement solution from another vendor that provided the needed functionality and could be implemented within the required cycle.

Essential Business Drivers of GRC

In each of the cases identified above, we can see the same organizational needs at work. From these, we can distill two basic business objectives for GRC investment:

  • Reduce operational burdens: Often the objective is to reduce the time and labor associated with performing risk, compliance, and governance tasks. This can involve either (or both) dedicated risk and compliance teams or other business stakeholders that are responsible for supplying information to these teams. Blue Hill finds that the most common area of focus for this objective is in the generation of standard and ad hoc reports for enterprise consumption. In response, Blue Hill’s The Hidden Costs of Spreadsheets in Compliance and Risk Management study found that the adoption of GRC results in between 25% and 30% in time saved in compliance and risk activities. The business can consume the benefits associated with labor reductions in terms of an FTE (full-time equivalent) reduction. However, more often Blue Hill sees these benefits translate into increased labor quality, with time traditionally associated with rote tasks transferred to business-critical and strategic activities.
  • Understand or reduce enterprise risk: Improved information centralization as well as standardization and automation in reporting provide improved visibility into the scope and nature of the risks facing the organization. It also reduces the time lag between what is reported and the present business state. The organization thus becomes empowered to act with greater understanding of its needs and becomes more responsive to emerging issues. These factors can help to reduce overall risk exposure. While significant, these benefits are tied closely to the organization’s ability to avoid the occurrence of business-adverse events. Accordingly, it can be difficult to estimate the impact of GRC in these areas.

In most cases examined by Blue Hill, both of these objectives are present to one degree or another. Often, because the second factor is commonly tied to indirect benefits, organizations often focus the business cases justifying investment on the potential labor impact. The risk impact thus tends to become an added benefit that does not need to be tracked to demonstrate the “success” of the investment.

For organizations planning GRC investments and implementations, these dynamics play a crucial scoping role. Application costs, implementation project scope, and related factors should be tethered to the short-term operational upside the organization believes it can obtain. Without these boundaries, the organization can easily fall in the trap of over-engineering its solution or failing to give enough attention to factors that can cause an implementation to extend indefinitely.

As we’ll see in Part 3, precision in business requirements is the single most important factor in obtaining this balance.

Next, we look at: defining business requirements for GRC.

Before this, we discussed: why implementation success is investment success.

GRC Implementation Success, Part 1: Implementation Success is GRC Success

DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.

Part 1 of this series examines why implementation success is a key factor in the overall success or failure of an organization’s GRC investment.

Any enterprise software purchase is a risk. At the most basic level, it is a bet that the money spent on new tools and capabilities will result in a payoff in the ability to do something better, faster, or cheaper. In most business cases, this bet is articulated in simple terms: “If we start using X, then we will get benefit Y.”

The reality, of course, is less cut and dry. A wide variety of factors contribute to the value an organization realizes (or fails to realize) from a technology investment. The most significant factor is also the most obvious: how much did it cost the organization to put the technology in place.  An investment with relatively little impact can be a success if the cost is low enough, just as a huge benefit can be negated if the cost to implement it was high enough. This is why return on investment (ROI) is such a potent indicator of success.

Charting Implementation Success and Failure

This is as true of investments in governance, risk, and compliance platforms (GRC) as it is any other enterprise technology. However, the degree to which GRC investment is based on indirect value propositions means that the cost and difficulty of implementation possess enhanced importance in determining organizational value and satisfaction. To this end: Blue Hill’s Contributors to GRC Implementation Success: Avoiding the Worst-Case Scenario benchmark report showed a clear correlation between shorter, less expensive implementation cycles (“the best case”) with ultimate business and user impact than those benchmarked as the most costly and time-sensitive.

Table: Profiles of Best Case and Worst Case Implementations

Screen Shot 2017-08-14 at 1.23.23 PM

As with all enterprise application investments, GRC implementation is complex. It can require significant process change, integration with the existing enterprise ecosystem, and solution tailoring to fit organizational needs. Where these factors are poorly managed, the consequences can be dramatic. In just a few failed implementations examined by Blue Hill, those consequences have included:

  • Implementation cycles that run a year or more over schedule
  • Budgets that ballooned multiple times over the initial estimate (often due to unforeseen consulting labor)
  • Abandonment of the investment mid-implementation

Even where the implementation project is completed, poor planning and management can result in user abandonment due to gaps in the solution or inflexibility in the environment that fails to accommodate inevitable changes in standards or business processes.

Planning and preparation make the critical difference to implementation success. To this end, Blue Hill found that factors such as solution architecture, data model, and vendor pricing and service strategies (while factors) were not strongly correlated to the length and cost of an implementation. The failure to assess, consider, or plan for these factors was much more important. By contrast, a recent case study involving KBR, Inc.’s implementation of DoubleCheck GRC for SOX compliance management demonstrates how a well-considered evaluation of business requirements that drives solution evaluation and implementation from the beginning can yield a complex GRC rollout, completed in under eight months from inception to rollout.

The Relationship Between Implementation Success and Investment Success

These differences in implementation experience can result in tremendous differences to the time-to-value, overall lifetime value, and ROI, where the impact of the investment is otherwise the same.

To illustrate this point, assume that a GRC investment contributes $125,000 in savings for every quarter that the organization uses the platform ($500,000 annually). Now, compare the first three years of that investment under Blue Hill’s Worst Case scenario with a Best Case scenario. Using the mid-point values in Blue Hill’s data, the Worst Case scenario costs the organization $637,500 and takes 13.5 months to deploy. The Best Case scenario takes 3.5 months to deploy and costs $127,500. Ignoring maintenance fees and other factors for simplicity, we can map the differences in experiences. At the end of the three year cycle, the Best Case scenario has yielded $1.2 million dollars in value, while the Worst Case scenario has yielded $300,000 (a difference of 308%).

Figure: Impact of GRC Over Three Years in Best Case and Worst Case Scenarios 

Screen Shot 2017-08-14 at 1.24.40 PM

While a simple illustration, the difference between these two scenarios works to show the range of experiences that can follow a GRC implementation, based on the implementation. As this series continues, we’ll look at the primary factors that Blue Hill’s research has found to influence the time and effort involved in the implementation process itself.

Next, we look at: GRC’s role and value contributions to the business.

Rapid7 Acquires Komand to Automate IT Security

ITSecurity

On July 18, Rapid7 announced its acquisition of Boston-based security and automation startup, Komand, including the company’s twelve Boston employees. Komand provides IT security tools to automate and accelerate incident detection, response, and resolution by leveraging over 150 platform plugins to integrate with a company’s existing IT solutions and security tools. With the acquisition, Rapid7 furthers its goal of making IT teams more productive through faster issue response and resolution, and strengthens its ability to support customers with more complex IT workflows by enabling these customers to deploy fewer internal resources. Komand provides an additional proof point in demonstrating Rapid7’s ability to address and manage the IT lifecycle by providing enhanced automation – a capability that is especially important in next generation enterprise IT environments such as those that support the Internet of Things (IoT).

Fast incident response is crucial in Internet of Things (IoT) environments, where attacks can quickly escalate and compromise business security and operations. The platform capabilities gained through the acquisition of Komand will allow Rapid7 to further automate and orchestrate within its data collection and analytics solutions, especially for processes that traditionally require human support, such as monitoring operations and managing risks. As part of Rapid7’s broader strategy of building IT security and functionality throughout the IT lifecycle, automated incident detection and response will free up IT resources to pursue long-term strategic and security planning rather than allocating resources to repetitive processes associated with the day-to-day maintenance of IT security and operations.

The Komand acquisition will expand Rapid7’s Insight platform to automatically identify risks, respond to incidents, and resolve issues faster and without human intervention through automated risk mediation and patching, malware investigation and containment, and routine IT response. These capabilities are particularly important for lean IT teams that are resource- and time-strained (read: most modern enterprise IT departments).

Much of enterprise IT is moving to be automated, or even outsourced. IT time is scarce, enterprises need to support more complex environments (such as those driven by IoT and networked assets), and the need for security has become more pronounced with recent attacks at both consumer and enterprise scale. I have previously written extensively about the move to IT-as-a-Service and the need to reallocate IT time to strategic and profit generating activities through a greater focus on simplicity, security, and automation within enterprise technology environments.

Rapid7’s Insight platform is currently processing 56 billion events and monitoring millions of assets daily. Back in November, I wrote about Rapid7’s expansion of its consulting and assessment services to include securing the Internet of Things (IoT). At the time, I observed that Rapid7’s approach of incorporating security within the design phase of IoT products offers the potential to entwine security with product architecture, creating a security solution that targets greater touchpoints throughout the entire IoT stack. Once the product design and security stage is complete, Rapid7 works with the enterprise to perform security testing across the entire IoT ecosystem: from mobile app, to cloud APIs, communication protocols, and hardware and firmware.

With its acquisition of Komand, Rapid7 will be able to automate more of its security testing and monitoring on the backend to free up customers’ IT resources to pursue more strategic uses of technology and long-term security planning. With the complexity and multiple entry points associated with IoT, attacks can be launched across the IoT technology stack and throughout the IT lifecycle. Enterprises must pursue a broader IT strategy that takes a view of the entire IoT ecosystem and focuses on long-term evolution and strategic uses of IT as not only a driver of operations but also a center of profit. Rapid7 continues to be an interesting firm to observe from an end-to-end IT security and management standpoint, and its investments in automation demonstrate that the company clearly understands the dynamics of its customers and the direction in which the IT and security markets are moving.

The Unified Endpoint Management Mindset: How to Prepare for the Future of IT

UnifiedEndpointManagement

Note: This blog is the seventh in a monthly co-authored series written by Charlotte O’Donnelly, Research Analyst at Blue Hill Research, and Matt Louden, Brand Journalist at MOBI. MOBI is a mobility management platform that enables enterprises to centralize, comprehend, and control their device ecosystems.

Unified Endpoint Management (UEM) has the potential to revolutionize the way enterprises approach the complex problem of managing not only traditional wireless assets such as tablets and mobile devices, but also laptops, desktops, and next-generation IT categories such as wearables, sensors, and Internet of Things (IoT)-networked devices. As such, UEM has earned its place as a noteworthy enterprise mobility buzzword.

What does UEM encompass, and how can your organization seek out a solution that uses automation and a technology-first, software approach to support the future of enterprise IT? In this blog, we break down the buzzwords to explain the core value that is delivered when organizations manage their IT assets with a unified, comprehensive strategy rather than taking a siloed or departmental approach.

What is UEM?

Simply put, UEM unites all IT assets and endpoints within a common, centralized, and software-driven management platform that uses technology and automation to track, manage, and optimize an enterprise’s entire IT portfolio. UEM platforms help unify and support an enterprise’s program resources, policies, and technologies, and address the need for a single source of truth by bringing a wide range of IT assets into a centralized platform. Through Application Programming Interfaces (APIs) and Software Development Kits (SDKs), UEM platforms integrate with a wide range of management tools, existing enterprise software systems, and third-party technical platforms to better control and drive value from IT assets. At its core, UEM is about viewing all IT assets as part of a broader business strategy, rather than a separate technology category.

The UEM Benefit

Adopting a Unified Endpoint Management (UEM) platform provides numerous key benefits, including:

  • Single-solution architecture: A single, software-based platform creates a high degree of corporate visibility and enables employees to access corporate IT usage, expense, and optimization data.
  • Ease of onboarding: A UEM platform allows organizations to push out device requirements, policies, applications, and environments, meaning devices go from out of the box to in use faster and with greater standardization.
  • Security: Similar to onboarding, UEM platforms enable organizations to provision corporate security policies such as encryption, multifactor authentication, applications, and security credentials remotely and before the device is in the hands of the employee.
  • Visibility and improved management: Through a centralized platform for all IT endpoints, enterprises have a single source of truth for monitoring inventory, usage, expenses, security, and potential points of failure. This visibility provides not only opportunities for cost savings, but also the ability to troubleshoot, diagnose, and resolve issues remotely.
  • Prepare for the future of mobility: As IT evolves and organizations increase both the volume and scope of devices under their management portfolios, UEM platforms offer the benefit of complete IT lifecycle automation by addressing the ongoing break/fix, replacement, and upgrade needs of IT technologies.
  • Unified corporate IT environment: All prior UEM benefits mentioned deliver the single greatest advantage of this approach when combined: the creation of a unified corporate environment in which experiences are standardized, managed, and optimized across the organization both on corporate networks and remote devices.

Transitioning to a UEM Mindset

Framing UEM as a new way to think about IT strategy can benefit all organizations, regardless of whether they decide to adopt a UEM technology solution or not. For those organizations that prefer a higher degree of human support and service rather than technology automation, a UEM “mindset” can still provide value – even if there is no UEM platform being leveraged. The UEM approach is simply a move toward creating a more standardized and comprehensive IT environment that is managed and optimized across the organization. It better prepares enterprises for next-generation devices and technology-enabled processes.

In the early days of enterprise mobility, organizations generally took a siloed and departmental approach to procuring, managing, and replacing devices and services within the enterprise. Companies quickly realized, however, that there are cost savings and efficiency gains to be had from approaching mobility at an organization-wide level. The same is now being seen across all of IT.

Time has become an increasingly scarce IT resource, and thus increasingly more valuable. Organizations seek to assign IT time to higher value tasks than sorting through bills or providing generic helpdesk services. Just as organizations have done with mobility, viewing IT as a strategic differentiator or a means of generating value (and even profit) for the organization can enable an enterprise to achieve synergies, efficiencies, and long-term evolution in its technology strategy.

Organizations that approach IT asset management through the lens of UEM are better able to plan for long-term, strategic uses of technology and transition to new business models driven by Machine-to-Machine (M2M) or the Internet of Things (IoT) technologies.

From expense management to managed mobility services to UEM, enterprise mobility now includes a much broader range of devices and services than past definitions. Regardless of whether your enterprise utilizes a single software platform to manage all IT devices and endpoints or a combination of in-house and third-party solutions, a UEM mindset can prepare your business for the next generation of technology enablement and create a culture in which technology strategy is synonymous with business strategy.

In Praise of (Data) Transparency - Part #2

InPraiseOfDataTransparency2bIn my previous blog on data transparency, I posited my admittedly idealistic vision that—within reason—the more that an enterprise fosters the free flow of data through an enterprise, the better. In this follow-up, I’ll look at some of the organizational blockers to data workflows, and how to get around them.

I’ll start with the basic underlying ideal: More data is better. If I work in marketing, I need to be able to see marketing data. And sales data. And financial data. And product management data. And…I could go on, but you get the point.

The problem, the challenge, really, is that in far too many organizations, that glorious cross-functional data just doesn’t flow across the enterprise, or I should say, over or through its silos, be they functional, architectural, or process-based. Perhaps it’s naive of me to ask, but why on earth does this obstinate hindrance to progress still persist?

Data blockages—institutional or human-created—lead to data-hoarding. (Know any data hoarders in your enterprise? Am I the only one who thinks “Data Hoarders” would make for a great reality show?)Let’s look at some of the organizational contributors to data blockage. Any of these data-hoarding characteristics hit close to home?

  • Provincialism: “It’s my data. I own it. Only I get to derive value from it. Plus, I may be able to use it against those who anger me.”
  • Trust (or more specifically, the lack thereof): “This data is proprietary, and must remain confidential. I don’t know who you hire over there in [other department that's not mine], therefore, I cannot trust you with this information.”
  • Change is a threat: “We’ve always done it this way. We’ve never shared before, and we’re not about to change for your benefit.”
  • Incompatibility: “You’re the one who chose that marketing automation solution. It’s not my fault it doesn’t easily integrate with my CRM.”
  • Misplaced or missing incentives: “What benefit will I see if I share data with you? It will cost me time/money to share, and could even be a risk…one I’m not willing to take.”

The inefficient flow of information in an enterprise so often boils down to organizational dysfunction. How willing are you and your colleagues to work together to share data? Would you share your team’s data with someone in your enterprise you don’t like? Does sharing your team’s data with another group deliver tangible benefits to your team?

Defeating the data-hoarders requires a corporate commitment to the free flow of data over, under, and through the enterprise. That’s an organizational behavior and leadership challenge that should be addressed at the C-suite level.

Moving towards data transparency requires more than just progressive leadership. Effective data integration is a prerequisite. Technology helps, on both the data management and data consumption sides of the equation. For example, Informatica frames its data-management capabilities around its Enterprise Information Catalog, or EIC for short. The EIC is Informatica’s data catalog solution, a technology that leverages machine learning to catalog, classify, and map relationships between enterprise data assets. The end user (typically a data scientist or even a business user) can get at her or his data assets via a search interface. That new process delivers benefits: Discovery is convenient, access is accelerated, and perhaps most importantly, the data is trustworthy.

The data-workflow approach championed by Informatica and other data-integration and data-cataloging vendors works, and delivers all the tangible benefits the vendors’ respective marketing materials trumpet. But no technology by itself can overcome myopic, office-politics-driven data-hoarding. To reap the benefits of true enterprise data transparency, you’re going to have to come to agreement with your peers—even the ones who drive you crazy—on five simple words: “We’re all in this together.”

Virtual Assistants at Work

VirtualAssistantNote: This blog is the sixth in a monthly co-authored series written by Charlotte O’Donnelly, Research Analyst at Blue Hill Research, and Matt Louden, Brand Journalist at MOBI. MOBI is a mobility management platform that enables enterprises to centralize, comprehend, and control their device ecosystems.

For business owners, good help used to be hard to come by—today it can be found in employees’ pockets. Virtual assistants and Artificial Intelligence (AI) are revolutionizing the way work gets done. By 2021, almost two billion employees will depend on virtual assistants every day.

This trend’s humble beginnings can be traced back to 2011 when Apple debuted the iPhone 4S and its integrated Siri technology. While the original version did little more than set calendar appointments and surf the web, its context-based knowledge repository sparked the interest of other innovators and dawned the current digital age.

Age of the Virtual Assistant

While Siri retains its title as one of the most ubiquitous virtual assistants, there has never been more competition in this increasingly crowded marketplace. Google, Amazon, Microsoft, and a handful of other tech titans now fight for control over the future of virtual enterprise assistance.

Like any other product, increased competition has created more efficient and effective technology. By combining AI with cloud and cutting-edge software, virtual assistants are rapidly becoming better equipped for business capabilities. Digital helpers are not only processing information and making decisions faster than ever before—they’re doing so with a greater similarity to human language and behaviors, and are increasingly becoming more indistinguishable from humans as the technology improves.

Coupled with an ever-growing mobile workforce, the global adoption of smart mobile devices and applications is only accelerating the need for virtual assistants. In the next few years, Blue Hill estimates that increasingly more of the touchpoints through which consumers and employees interact with their devices will be replaced or supplemented by AI technology. Currently, almost 63% of Americans have already used virtual assistants.

Business Benefits

  • Increased Productivity – Employees are frequently overwhelmed by mundane tasks that bog down daily schedules and that have the potential to derail big-picture project deadlines. Virtual assistants use natural language to take responsibilities like scheduling meetings and managing analytics off workers’ plates, letting them focus instead on core capabilities and satisfying customers. Virtual assistants work whenever their users need them, not just from 9am to 5pm.
  • Optimized Growth – Virtual assistants don’t just help employees; they also benefit a company’s bottom line. Rather than paying salary, insurance premiums, and other miscellaneous expenses required for human employees, a digital aid comes free with most modern mobile devices. That means labor savings can instead be invested back into the business.
  • Simplified Processes – It can be difficult for workers to keep track of multiple meetings and employees’ contact information. Coordinating this information through an administrative assistant or office administrator adds an extra layer of complexity and can make tasks even more time-consuming. A virtual assistant streamlines these processes with an easy-to-navigate interface and instant requests made in natural speech.

A Few Considerations

While virtual assistants don’t change the physical device inventory accessing internal corporate networks, they do add new technology into a mobility program’s mix nonetheless. Like any other product, unknown security exploits and vulnerabilities will inevitably follow this innovation’s enterprise implementation—it is important that corporate IT policies are updated to include and account for any relevant fixes.

If successfully adopted, virtual assistants have the potential to transform an enterprise and guide future workplace automation efforts. With AI and machine learning technology, employee preferences and behaviors are learned by the virtual assistant to provide more personalized, contextual experiences. Your most productive workplace relationship may just be virtual.

In Praise of (Data) Transparency - Part #1

Silos!

Silos!

In speaking with colleagues, enterprises, and data technology vendors, I often tell this cautionary tale: At a prior company, I led a marketing operations revamp. The effort included a comprehensive, redesign, re-architect, and rebuild of the corporate website, with particular focus on scaling to support the online sale of thousands of SKUs. Coupled with that ambitious agenda, my team and I worked to develop data-driven operations, using integrated marketing automation software to collect and analyze opportunities along a sales-funnel-mapped customer journey.

We succeeded in building our idealized technology solution (a month early and under budget, I might add rather egotistically), along with associated delineated business processes. But the value delivery—in insight, process automation, and strengthened customer relationships—stopped at the door to the marketing department. The sales team had little interest in and even less commitment to improving its own data discipline, so integration with an archaic CRM was out of the question. Worse, the finance team protected financial information to such an extent that seeing live revenue data—even when generated by the website we’d developed—required written (on paper, no less) permission.

I look back on this experience with some nostalgia but more than a little frustration. The result of our herculean development efforts? Effective data-driven marketing. Hampered by duplicated processes across divisions. And ultimately, the realization that corporate myopia limited us to no more than a functional silo of data-driven success. (Read what I really think of silo isolationism here.)

What would have made it more successful? Several things. C-suite-level buy-in in other departments. A shared commitment to creating a data-driven enterprise that extended beyond just the realm of marketing. And perhaps most essentially, a willingness to share data across the enterprise.

I shared this anecdote with a fellow analyst at a recent tradeshow. The analyst (one whom I respect and acknowledge is oh-so-much smarter than me) posited the argument that my call for open data transparency across the organization is unrealistic. The analyst’s practical view was that individual departments in an enterpirse will remain protective of their data, and that it’s not reasonable to expect the finance lead to share data with the marketing lead, or customer service lead, or R&D lead, etc. My not-so-implicit take: Silos aren’t going away, and given that fact, we should build/deploy data technology solutions in and around them.

Neither of us is right or wrong here. I know I suffer from pie-in-the-sky idealism when it comes to eradicating enterprise silo culture. (“Never gonna happen,” said a F1000 high-tech consulting-client VP to me once when I proposed collaborating with another VP in another functional silo to achieve shared efficiencies.) And the other analyst’s point is a good one—You can aim for the sky, but if you’re going to get anything done, you’d better start work down here on earth.

I still cling to that free-movement-of-data-is-a-good-thing idealism, something that I actually encounter every now and then in the real world (though, admittedly, typically in smaller, newer, often-SaaS-based companies). In an upcoming blog post I’ll discuss the types of enterprise blockers to data transparency. But in the meantime, here’s my ask of those of you who have read this far: Is my idealism out of touch? Or is the free flow of data in an enterprise something still for which we should strive? Email me your data transparency/opacity success/horror stories at tophw@bluehillresearch.com, or DM me at @TophW47.

Blue Hill Research Communications Lifecycle Management Highlights: June 2017

CLMH-Background

Note: To support questions from enterprise buyers and private investors that are looking at Telecom Expense Management and the greater Communications Lifecycle Management world, Blue Hill is starting a monthly review of the key announcements made in this space from companies including, but not limited to: 2-markets, 4telecomhelp, ACCOUNTabill, Advantix, AMI Strategies, Asentinel, Avotus, Calero, Cass Information Systems (NASDAQ: CASS), Cimpl (formerly Etelesolv), Comview, EZwim, GSGTelco, IBM Global Services (NYSE: IBM), ICOMM, MDSL, mindWireless, MOBI, Mobichord, Mobile Solutions Services, MobilSense, MTS (NASDAQ: MTSL), Nebula, NetPlus, Network Control, One Source Communications, Softeligent, Tangoe (NASDAQ: TNGO), Telesoft, TNX, Valicom, vCom, and Visage.

Communications Lifecycle Management news items that have gotten Blue Hill’s attention in June 2017 include announcements from Calero, Ezwim, Nebula, Tangoe, Telesoft, and vCom.

Calero

Calero Brings A Fresh New User Experience and Enhanced Analytics Tools to the Telecom Expense Management Market With Calero VeraSMART v12

On June 22, Calero announced the release of Calero VeraSMART v12 with updated features and functionality to improve usability and productivity within the platform. VeraSMART v12 includes not only an updated user interface but also Calero’s guided analytics solution, InSight Analytics, for dispute management, inventory management, and invoice management within a visualization and scenario planning environment.

Calero’s platform updates are aimed at enabling greater visibility and control over IT, cloud, and communications usage and costs for the “increasingly complex communications environment.”

Blue Hill has previously observed that the Telecom Expense Management (TEM) industry is expanding to include additional IT categories, and this trend is only continuing as the scope of IT assets and services under management is broadening. Calero’s continued platform updates more effectively prepare the company to offer solutions and services geared toward the future needs of IT rather than simply the TEM demands of the past.

Ezwim

Ezwim Aced The ISO27001 Surveillance Audit Successfully Again

On June 22, Ezwim announced that the company has again passed its annual external audit to achieve ISO27001 certification. Ezwim commented that the company will continue to prioritize and develop its security frameworks to provide multiple lines of defense against security threats.

Blue Hill believes that ISO27001 certification provides a key differentiator through Ezwim’s global support of enterprise mobility data. Ezwim’s long-held history with this certification speaks to its qualifications in understanding the data residency and governance issues that are important to consider in managing both personally-identifiable information and sensitive corporate data.

Nebula

Nebula boosts business efficiency with OneView cloud-based TEM Integration Hub

On June 12, Nebula announced the launch of its Telecom Expense and Lifecycle Management Integration Hub, which allows clients to integrate third party IT and business applications within a single cloud platform.

Nebula’s cloud-based OneView platform is powered by always-on Microsoft Azure cloud services and offers a single portal for IT lifecycle management. The Integration Hub creates a single source of truth that can be accessed throughout the enterprise and brings together telecom, IT, and application data.

As TEM evolves to include additional management categories such as cloud and software licenses and next generation devices, a centralized platform that can serve as a single source of truth for the enterprise becomes necessary. Blue Hill notes that Nebula is preparing its platform to support the future of TEM by offering integration with third party IT applications and business services.

Tangoe

Marlin Equity Partners Completes Take-Private Acquisition of Tangoe, Inc. and Combination with Asentinel, LLC

On June 16, Tangoe announced that Marlin Equity Partners has completed its take-private acquisition of Tangoe. Marlin Equity Partners currently owns Asentinel and will merge the two TEM companies to create a global superpower for technology lifecycle management.

Blue Hill covered this acquisition in greater detail in a recent report, in which we commented that Tangoe and Asentinel are immediately positioned as a leading global power in TEM. The combined company’s assets position Marlin Equity Partners to address the next generation of TEM, which Blue Hill calls IT Enterprise Management.

Telesoft

Daman Wood Joins Telesoft as Chief Operating Officer

On June 27, Telesoft announced the appointment of Daman Wood to the company as Chief Operating Officer. Wood joins the firm with more than 20 years experience in technology services and telecommunications, most recently operating as Vice President of Service Delivery at Vonage. Telesoft commented that Wood’s appointment will enable the company to improve its managed services offerings.

Blue Hill notes that Telesoft’s investments in managed services and support speak to the larger trend for TEM vendors to offer high-touch service within a unified mobility platform. Blue Hill will be curious to see how Wood’s vision plays out over the latter half of this year as Telesoft continues to scale its business and invest in its customer relationships.

vCom

vCom Releases Software Enhancements  

On June 8, vCom announced the release of vManager 7.1, an update to the company’s cloud-based software platform. The release provides additional functionality for planning and procurement, operations, and financial management. vCom has also created a Software Adoption Team to provide dedicated support and training for vManager.

Version 7.1 includes a rebuilt Document Center to help IT and finance better manage contracts, documents, and project planning. Blue Hill notes that this capability will be important as IT is increasingly seeking to manage cloud and software licenses and contracts within an existing TEM platform.

Additionally, version 7.1 includes an updated Dashboard to provide a comprehensive analysis of IT spend for wireline, mobile collaboration, and cloud expenses. Blue Hill notes that a focus on bringing cloud into vCom’s existing software platform demonstrates that the company is evolving to support the next generation of TEM.