Even though the iPad has been around for two years at this point and has proven itself in a vast array of business settings, there are companies that haven’t yet needed to consider how to support or even officially allow iPads on their networks.
If you’re a IT professional at one of those companies, it’s pretty likely that you’ll eventually need to formulate a strategy – and after last week’s record breaking launch of the newest iPad, you’ll most likely need to come up with a plan sooner rather than later. You may already have new iPad owners lining up outside your office wanting to use their new latest and greatest iPad at work.
It can be a daunting prospect to figure out to integrate the new iPad (or even the original iPad or iPad 2) into your environment, especially if you’re under the gun to get the iPad into service as quickly as possible. Breaking that integration down into immediate needs and eventual goals is the best way to get started and it often starts with these five questions.
Can I just say no to the iPad?
Not really. Simply telling users that they can’t use their iPads in the workplace may seem like a viable option, even if only as a temporary stop-gap until you can figure out a real strategy.
But the truth is, iPads will still be brought into your company and used. You can go so far as to lock down your corporate network to prevent users connecting to it from their devices, but that may not accomplish much. If they have a new LTE iPad (or a 3G original iPad or iPad 2), they’ll be able to get online and use their iPad effectively without your network or they may be able to tether their iPad to another device.
Even if a user doesn’t connect to the Internet from his or her iPad during business hours, he or she may email work to a personal email account, put files into Dropbox or Google Docs or any of a dozen other personal cloud services, of simply copy items to a USB flash drive before leaving for the day and copy them to a home computer and then to the iPad.
Simply saying no and thinking the problem is solved isn’t facing reality. Setting roadblocks in the path of iPad owners may seem like a proactive approach, but most users will find ways around them like the ones I just mentioned. More importantly, they’ll begin to see IT as people to be avoided and limits to be worked around. That means if there are security breaches, lost devices with business data, or other problems, you won’t even know about them – to say nothing about being able to resolve them.
That means your best option is to say “yes” and find a way to deliver what users need/want from the iPad in the office while still maintaining an effective level of security and functionality. It means looking at the iPad owners as partners rather than as the enemy. That’s a big cultural shift for IT but it’s the reality of technology in the 21st century workplace.
The good news is that if you follow this approach, you can educate users about security issues and best practices. Every user may not always follow your suggested practices, but the majority will and that’ll be a much better situation than if they’re actively working around you and not learning how to keep business information and resources safe.
Can I immediately offer some level of network/service integration?
Yes. And the sooner you get some integration happening, the better because it will build a stronger rapport with iPad users if they see that you’re working on supporting them from the outset.
Out of the box, iOS provides integration with several key business technologies that you’re likely to have in place.
The biggest of these is Exchange. iOS supports Exchange ActiveSync for corporate email, the global address list as well as personal contacts, and shared calendar functionality. It also supports some ActiveSync security features like remote wipe (by the user or by an Exchange admin) and passcode policies. There’s also support for LDAP and CardDav contacts servers as well as CalDAV calendaring systems and support for .ics event invitations or calendars. For secure remote access, iOS also supports a broad range of VPN technologies including Cisco AnyConnect, IPSec (Cisco), L2TP, PPTP, Juniper and F5 SSL, and RSA SecurID authentication tokens.
iPads and other iOS devices can also be provisioned with various security certificates (including self-signed certificates) and credentials.
All of these can be manually configured on-device by the user (or by an IT staffer for the user) as well as through automated management systems.
Of course, you can also use a variety of publicly available apps to grant access to additional enterprise systems. Most vendors produce iOS apps that are freely available and included in volume or site licensing agreements.
Do I need to manage or lock down the device?
This one is really up to you. Over the past couple of years, there have been an emphasis on mobile device management (MDM) as a solution to securing and managing iPads and iOS devices as well as other mobile platforms like Android, BlackBerry, and Windows Phone. In the case of iOS, all MDM vendors have access to the same set of frameworks that Apple introduced in iOS 4 and expanded in iOS 5. Vendors differentiate themselves with licensing models, support for other platforms, and additional features. There’s also the new Apple Configurator tool, the more long-stranding iPhone Configuration Utility (which manages iPads and iPod touches as well as iPhones), and the Profile Manager feature of Lion Server.
You can use these tools to lock down many iOS features, monitor devices and their usage, and to try to harden the device as much as possible. You can also use them simply as a way of pre-configuring iPads and other devices with enterprise details (Exchange server, Wi-Fi networks, suggested apps, and so forth) while still allowing user changes.
Over the past several months, as BYOD programs have expanded and as more consumer technology has made its way into the workplace, there’s been a growing consensus that IT is better off securing data on devices rather than limiting usability by locking down most features. This is lighter data-centric approach is certainly a better fit for devices that are personally owned and makes users more likely to work with rather than against IT as it doesn’t require them to give up control of a device that cost hundreds of dollars of their own money.
Vendors like Good, Bitzer Mobile, Accellion, and Quickoffice offer the ability to secure specific data without limiting the device itself. They also support remote wipe of just the secured business data from a device in the event it is lost or the user leaves the company.
Will I need to purchase or install additional systems/services to support the iPad?
Most likely. This really depends on what your eventual goals are for supporting the iPad and other iOS devices in your organization. Overall, iPad users can be effective with just the basics that I’ve outlined in this piece. However, additional systems can automate the iPad setup process in your organization, can be used for mobile device management, can be used to create secure on-device storage that can be remotely deleted, and can provide a range of device and service monitoring capabilities.
If you plan to curate apps for iPads and other devices, you’ll find many tools can accomplish that – either by creating a private app store or by directly installing apps. You can register for Apple’s volume purchase plan if you want to distribute iOS apps and have your company handle payment instead of iPad users. You may also find it helpful to join the iOS developer program both to develop enterprise apps for your users and to have access to beta releases of future iOS versions, which you can use for pre-release testing.
Will there be increased cost associated with supporting the iPad?
Yes, but you have a lot of say in the amount of that increased cost. Any new technology tends to come with increased costs for IT. However, among the range of solutions to help you manage the iPad and other iOS devices, there are several that are free or low-cost. As I noted earlier, many core enterprise capabilities can be implemented out of the box with no additional cost. There are even free basic MDM solutions out there from Centrify and Amtel as well as free enterprise app store options from App47.
This means that you have ample options and can develop an approach that uses just one product or a selection of tools to meet your needs and those of your new iPad-toting users. Similarly the level of actual user support and support mechanisms are things that you can choose based on your organization, the technical proficiency of your users, and your existing systems. That means you have a lot of choice in terms just support systems, and how much they will add to your budget.
At the end of the day, you’ll probably need to get started supporting the iPad in short order, but if you focus first on the basics and then on creating the right selection of options for longer term support and/or expansion, you can get your organization up to speed pretty quickly. One thing to keep in mind is that mobile technology is shifting at an incredible pace – don’t get so married to any one part of the puzzle that you’re not willing to make changes. The willingness and ability to adapt quickly are now paramount for IT departments in every industry.
