Voting in Chicago

by Brian Katz on September 24, 2012 · 2 comments

Last week was a pretty big week for any one who is an iPhone fan. Apple released iOS 6 on Wednesday and then released the iPhone 5 on Friday. They had over 2 million preorders for the phone and delivered a heck of a lot of those on Friday. There were lots of unboxing videos and plenty of articles on both talking about the high points of the launch and the low (we aren’t going to talk about the maps issue). A lot of people though forgot the one population that is immensely effected by the release of a new version of iOS and a new device, the Enterprise.

It is well known that almost every Fortune 500 company has a program that either allows or is in the process of allowing iOS devices, whether they be iPhone or iPads, into the enterprise. With so many companies out there using these devices in order to conduct business, the question that was on many of their minds was whether to allow their users to upgrade their current devices or to force them to wait until the new OS had been fully tested.

I was lucky enough to have a bunch of discussions with many of my counterparts in the enterprise to find out what they were doing and how they were approaching the upgrade. One of the main things in common between many of these enterprises was the fact that many were woefully unprepared. In the #mobilebiz tweet chat I moderated on Friday with Benjamin Robbins we had a lot of people assume that an enterprise could block the update if they wanted to. People also fell on both ends of the spectrum on upgrading, many felt the company should control when users were allowed to upgrade and then there was the other side, that users should be able to upgrade themselves whenever they were ready.

Let’s start with the facts; it is impossible to stop a user from upgrading their iOS device if they want to do that. As Apple is a consumer tech company, they have always allowed users to make the decision on whether they updated or not. It doesn’t matter whether the company is using any type of management software, this is not one of the pieces that Apple allows outside companies to regulate. It isn’t much different on the Android side although there are a few variants where it can be controlled. What a company can do, if they are using device or application management products is deliver consequences if the device is upgraded before they are ready for it. The three biggest consequences that a company can perform on a prematurely upgraded device are to shut off email, remove corporate apps, and wipe the device. All these are what I like to call the stick method.

What is a company to do when they are faced with an upgrade? As many people in the chat agreed upon, if it is a BYOD (Bring your own device) user, then they should be allowed to upgrade whenever they want, as they own the device. If it is a corporate device though, people were split on whether IT should control the upgrade or let users just go ahead.

The issue with both of these approaches is that they are just plain wrong. It is never a question of do we allow our users to upgrade or not. It’s a question of how do we go about the process of helping the users upgrade themselves while continuing to support the business and enabling the users to get their work done. There are many valid reasons not to upgrade your device immediately if you use it for work. The simplest reason is that the apps you may need to do your work may not work properly on the upgraded OS. This can be a problem, as the user can’t actually get their work done. A second issue could be that the apps that the user needs to use are regulated, whether by the FDA, the SEC or some other organization. They may need to be certified that they work properly on the new OS before they can be used. A third issue is that the new OS or device may not work properly with the management software that the company uses, this could cause untold issues for either side. The good news is that these are all issues that can be solved and in most cases very quickly.

In the case of iOS, the latest version has been in beta for the last three months and has been readily available to any company that wanted to pay the small fee to be a part of the developer program. This means that there is no excuse for any internal apps not to be updated by the release day. It also means that companies should have been talking with their external vendors for the last three months to insure that they were doing everything possible to get their apps certified and ready to go at launch. Any company that woke up last Wednesday and had no idea if their apps worked or if they were going to have any issues really deserved any issues that they ended up with. There is no excuse for being the ostrich and sticking your head in the sand. There is no one to blame but the company itself for not doing its due diligence.

The real question here is what do you do as a company when faced with this sort of issue when you really don’t have a lot of control of the user situation. The answer is simple. You communicate and you are transparent. You start by working with the business to make sure that you know what they are doing with their devices and what apps their users are using for business. If you have a management console you can use that to determine what apps people are using for work. You then work with the business and all of their internal app developers to make sure that they are aware of the new OS and that they have a platform which they can use to run tests on. You help the business talk to their external partners to makes sure that testing starts and that you can help the business nail down when the required apps will be updated. Then you spend all of your time communicating. It isn’t just IT communicating with the users; it is IT in partnership with the business that is doing the communication. You have to remember that communication is a lot like voting in Chicago, do it early and do it often. If you were smart, you brought in users and allowed them to help you focus your message. You let them know that you are working on allowing them to update as soon as possible. As soon as you figure out the earliest date you want them to upgrade, you tell them. If they shouldn’t update the day that the OS comes out let them know, and tell them why. If it means that a regulated app can’t be used yet and will need to be removed, it could make the difference for them if they need it to do their job. Presenting the facts to your users while allowing them to help craft the message means you are much more likely to get the outcome that you want.

What you don’t do is forget about the business and focus on it as an IT problem. You don’t wait until the day of the upgrade to start sending notes to the users. You don’t send out three different messages from three different parts of the company saying three different things. Those types of messages tend to get ignored and you are too late already, the horse has already left the barn. Your users, especially the tech savvy ones, started updating the second the update hit the Internet.

A strategy that involves the business, the end users, Security and IT that starts early and works in a transparent mode will be part of what leads businesses to be successful when they need to upgrade their users. It’s never about disabling users, but rather enabling them that makes everyone successful.

{ 2 comments… read them below or add one }

Christian September 25, 2012 at 10:25 am

Brian, isn’t the fundamental issue people have not understood the consumerization of IT in general and of the endpoint device in particular. Yes many of us talk about BYOD, but do we understand this means the endpoint device is now outside our control. So, our thinking should be focused on how we can secure the enterprise assets that transit through the device rather than trying to get the device under control. One of my customers was talking about securing his datacenters starting from the fact that everything outside is unsecure by nature. So, every information leaving the datacenter needs to be secured, every message entering the datacenter needs to be checked. This applies both to networks and endpoint devices. It’s a different way of thinking, but an interesting one.


Brian Katz September 25, 2012 at 10:56 am


Now you’ve been reading my older stuff. Yes, it all comes down to securing the data and it’s not just phones and tablets, you have to secure all enterprise data before it leaves the datacenter (I would say you need to secure it in the datacenter).
In the world of MIM, Policy and security follows the data, not the device, the device just has the power to enforce the policy and respect the security.


Leave a Comment

Previous post:

Next post: