Lessons from managing 12,500 iPads

The majority of corporations has adopted iPads to some degree, but most are piloting the devices and/or allowing informal use by employees. SAP is not one of those companies. The ERP giant was an early believer in the iPad concept and now has more than 12,500 in use — both those issued by the company and those brought in by employees. Even for a company as large as SAP, that’s a huge pool.

I met recently with SAP CIO Oliver Bussmann, and we chatted for more than an hour on his company’s use of iPads and other mobile technologies, as well as the issues that arise when you adopt post-PC technology. Much of what SAP does is unsurprising — it uses policy-based mobile device management (MDM) to ensure access security and monitor usage — but the company did surprise me in its open-mindedness and flexible approach to new technology.

[ Learn about consumerization of IT in person March 4-6, 2012, at IDG’s CITE conference in San Francisco. | Get expert advice about planning and implementing your BYOD strategy with InfoWorld’s 29-page “Mobile and BYOD Deep Dive” PDF special report. | Keep up on key mobile developments and insights with the Mobilize newsletter. ]

Before I get into those nonobvious approaches and views, it’s important to go back to February 2010. Within days of Apple announcing the iPad, SAP chairman Hasso Plattner told his executives — Bussmann in particular — that he believed the iPad would be a huge factor in business and SAP should be a first mover on the use of and support for the device. This was before anyone actually had touched an iPad, when the reaction from most pundits — certainly most corporate and IT leaders — was that at best the new Apple device would be a media tablet (Gartner still calls it that, in fact) suited for watching videos and couch surfing; it would never be a business device.

It’s also important to remember that Apple had not yet brought in mobile security and management into iOS; that didn’t happen until iOS 4 was released in July 2010. Today, Bussmann estimates that half of all iPads sold are used in business. But at the time, the notion of a business-oriented vendor supporting the iPad was just weird. Even Apple had no expectations, or even interest, in the iPad’s use by business, Bussmann recalls.

An open mind leads to value creation As SAP got its hands on iPads, it began exploring what it could do with the devices in terms of using them both for running SAP apps, such as ERP dashboards, and as general-purpose computer replacements or supplements. Employees bought the devices themselves and brought them in unofficially.

SAP did not try to determine an ROI or use case upfront for iPads, as Bussmann and others believed experimental usage by employees — as well as by IT — in various areas would reveal where the iPad had utility. SAP also figured employees would work with them anyway, so why not augment, support, and learn from that behavior rather than try to circumscribe it? The principle was to not get in the users’ way but instead facilitate them.

Today, SAP has more than 12,500 iPads at work across all departments and functions. Bussmann notes that for many employees, the iPad has largely replaced their laptops, though he believes it will be some years before tablets can completely substitute for the laptop of today.

The iPad is reinventing user expectations of IT Bussmann senses that user expectations for quality experience — as well as the nature of that quality — are fast changing. That’s a big challenge for developers, especially IT developers who’ve not been historically charged with worrying about user experience. That challenge is compounded by the simultaneous migration to faster development methods like agile programming. SAP’s own customer tracking surveys show that user experience is increasingly an important concern among enterprise buyers and users, therefore requiring significant investment to satisfy both internally and its its commercial development. However, Bussmann was not overly concerned about an insurmountable user-experience skills gap, given attention to such issues in colleges and in the overall mobile application developer market.

Bussmann is a big fan of design thinking, as he says the mobile experience is different even for things that can be done on a PC. He notes that people seem to grok and explore data more on an iPad than a PC, even when it’s the same Web service underlying it. He notes that PCs tend to be used for deep exploration, while a tablet is used for snapshot trend analysis. He compares email usage on a PC to email usage on a BlackBerry, the latter being quicker and more of the moment. If mobile apps were designed explicitly for the different mentality used on a tablet, Bussmann believes that the benefits of using iPads and other tablets would be even stronger.

I routinely hear fears from IT pros as to the support burden of iPads and other mobile devices. As I’ve written, that support burden need not be onerous. But I was struck by a comment Bussmann made as to the kinds of issues his support staff deals with when it comes to mobile applications: the public networks. Users have gotten accustomed to nearly seamless interaction on corporate and home networks when using apps and websites, so when they’re out and about and using a 3G network or public Wi-Fi hotspot, they get confused when responsiveness slows. They think the app is not working, when in fact it’s simply latency introduced by the network connection.

IT can’t fix this issue, but it can help users understand that mobile usage sometimes requires patience due to the realities of public networks. And, Bussmann notes, in-house developers have to plan for such latency in their apps, both in the processing and in the UI, such as to help users understand the app is waiting, too.

Assuming, while verifying, trust When mobile device management tools became available, SAP adopted one, for more formal management. But it has not adopted technologies such as data loss prevention (DLP) to monitor the flow of information to and from these devices. Bussmann believes the better approach is a form of digital rights management (DRM), where the security is intrinsic to the information itself. DLP and other perimeter approaches all require determination on the fly of what is secret, which means there are too many opportunities to calculate incorrectly or too late, much less act. Plus, false positives hinder employees from doing their work.

Today, DRM isn’t able to work seamlessly across devices and OSes, but Bussmann expects Windows 8 and later iOS to adopt a form of the technology. He notes that iOS 5 now supports S/MIME, an encrypted email format that is sort of a DRM for email, and he expects PGP support at some point.

The principles SAP takes to managing iPads and other mobile devices is one grounded in trust. SAP doesn’t block users from, for example, copying email text — which some MDM tools can do — because that would interfere with employee productivity. It would also push employees to find other ways to access the information that could be less secure or monitorable, as well as create a culture that characterizes employees as untrustworthy and even encourage rogue activity as a result.

Instead, Bussmann prefers to use policies to map access to levels of trust, and he can foresee using analytics tools to create finer-grained policies based on the level of trust derived from monitoring employees’ actual behavior. Those who act more responsibly get more trust, and thus more access and capability. Because mobile devices are so strongly monitored, Bussmann is confident that SAP can use a behavioral approach to tune permissions and access on an individual level, not just on predefined groups — essentially, a trust engine.

There are also practical issues to not being invasive in its management techniques, Bussmann notes: European privacy laws give employees the right to opt out at any time unilaterally from having their personal devices and the information on them made accessible to the company, such as to manage the device and its apps. Thus, Bussmann looks for security approaches that focus on the data itself.

Although DRM isn’t an option now in the mobile arena, Bussmann uses other techniques to keep data accessible but secure. For example, Web and mobile apps that access internal SAP data typically leave the data on the server, so the mobile device doesn’t actually store it. In cases where offline access is needed, SAP takes advantage of iOS’s ability to create secure containers for local data that can be wiped remotely or wiped by the app upon activity completion.

This article, “Lessons from managing 12,500 iPads,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen’s mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.