Defining the KPMG Enterprise Mobility Framework
A framework for Responsibly Mobile kpmg.com 2 A framework for Responsibly Mobile © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 A framework for Responsibly Mobile Contents 02 03 04 04 05 06 07 08 10 12 Introduction Common Challenges and Risk Considerations Defining the KPMG Enterprise Mobility Framework Business Transformation Governance and Center of Excellence Strategy Delivery Operations Balancing Opportunity and Risk Conclusion About the authors Martin Sokalski is a Managing Director in the KPMG IT Advisory Services practice. His focus is on mobile enablement and emerging technology risk. Martin has worked with clients across a variety of industries and functions to help establish mobile strategies, target operating and governance models, app development and delivery, and info security, privacy, and compliance related functions and capabilities. Max Hanson is a Manager in KPMG’s IT Advisory practice and provides advisory and attestation related services to clients across various functions and industries. His primary focus has been assisting clients assess and mitigate risk pertaining to emerging technologies, specifically, enterprise mobility. © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 1 2 A framework for Responsibly Mobile Introduction In one of the biggest shifts in corporate IT since the 1960s, consumers’ embrace of mobile technology is forcing companies to rethink their enterprise mobility programs. Increasingly, employees want to engage with “consumer grade”1 technology that they can readily obtain in the marketplace and are familiar with – thus driving the phenomenon dubbed “the consumerization of the enterprise.” As part of this phenomenon, organizations must reconsider how they engage with and disseminate information to employees, how they employ technology within the enterprise (i.e., mobile devices), and how they transform their processes (for example, with “Mobile First”2) to adapt to the new reality. To date, much of the thinking around enterprise mobility has focused on tactical concerns (i.e., calendar, email, and contacts), and other point solutions driven largely by tension between business users and IT – so-called “roadblock issues.”3 Despite these roadblocks, many organizations understand the transformational potential of enterprise mobility and are seeking to accommodate both user and enterprise needs while being “responsibly mobile.” Being responsibly mobile simply means having a sound enterprise mobility program and framework aligned to the business strategy and its guiding principles. More specifically, “responsibly mobile” means building a sound strategy and roadmap for devices and apps, having a delivery method that drives effective and secure mobile app development and user experience design (UX), and establishing an operational structure to manage and govern mobile devices and data. These three cornerstones of enterprise mobility – strategy, delivery, and operations – need to be supported by a proper governance and risk management model. This can help ensure the enterprise maintains an acceptable risk profile, including compliance with privacy and regulatory requirements and protecting data. https://infocus.emc.com/william_schmarzo/the-key-to-creating-great-consumer-grademobile-web-apps/ 1 Mobile First is the idea that web sites should first be designed for mobile devices http://mobilegovwiki.howto.gov/Mobile+First 2 For example, fast-paced demands from the business are typically greater than maturity of the mobile management tools IT needs; costs for the skills and tools IT needs are greater than return on investment (ROI) for initial mobile app or idea; and frustration from the business outpaces IT’s ability to serve business users. 3 http://www.accenture.com/us-en/Pages/insight-mobility-trends-research-2014.aspx 4 If done responsibly – with strategy, governance, and risk management at its core, mobility can enable game changing, business transformational opportunities for the enterprise. Martin Sokalski, Managing Director, Emerging Technology Risk, KPMG LLP Achieving mobile responsibility requires both a strategic, as well as a tactical or solutions-centric approach. With any disruptive technology, questions abound. • How can mobile platforms and apps enable better collaboration, productivity, flexibility, and ease of use? • How can mobility improve talent management and retention, build a stronger culture, and enhance the ability to make better business decisions? • How can mobility help companies engage with their customers better and gain competitive advantage? • There are many benefits to be realized. But how and at what cost? To help answer these questions – and help organizations become responsibly mobile – KPMG developed the KPMG Enterprise Mobility Framework (KEMF). By providing a holistic view of transformational mobility issues, KEMF can help organizations assess – as well as design and implement – their mobility programs. In this document, we describe the KEMF’s key components and highlight considerations that are essential to unlocking potential benefits of enterprise mobility. Mobile technologies are increasingly maturing as disruptors. These foundations will remain vitally important to further technology progress and will remain a source of enabling innovation. The biggest factors holding back mobile’s influence is a persistent challenge – security and privacy concerns. Source: KPMG LLP, The Changing Landscape of Disruptive Technologies. Global Technology Innovation Insights - Fall 2014 © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 A framework for Responsibly Mobile Common Challenges and Risk Considerations We have had the opportunity to work with organizations of various sizes, complexities, strategies and guiding principles, business models, industries, and risk profiles and appetites. We have also observed organizations with varying levels of capabilities and maturity in guiding and governing people, processes, and technology. Some of these organizations have embraced mobile programs proactively, aligning with guiding principles (i.e., talent management/retention, efficiency/ productivity, competitive advantage, etc.), strategic planning (business process enablement, executive reporting, field enablement, etc.), and their technology capabilities. Others have been reactive, succumbing to pressures of employees or executives or trying to establish a layer of control over mobile devices that have snuck in through the back door. Regardless of how mobility becomes a topic of discussion at the board, executive, or management level – and regardless of a typically comprehensive understanding of opportunities and potential benefits – organizations regularly struggle to answer the following questions: • Strategy and target operating model/roadmap – How do we ensure that our mobile program is aligned with the business strategy and operates in a way to maximize value to our stakeholders? • Governance and compliance – How do we help ensure that our mobile program is effectively governed and designed to adequately consider legal, HR, privacy, and regulatory nuances? • Information security – How do we adequately protect corporate data on mobile devices? • Operations – How do we manage mobile devices from procurement through disposition? • Use cases and business transformation – What solutions do we deploy to the mobile devices that will have the greatest impact and benefit to the business? • User experience – How do we create an engaging user experience while maintaining a proper security profile and required performance levels? Many attempt to address these challenges, but their efforts are often siloed and fragmented. For example, some will focus all efforts on securing data on mobile devices, but fail to consider business use cases, user experience, or alignment to a broader enterprise strategy. Others focus on supporting every mobile platform available or attempt to deliver all content to the mobile device without enough consideration for information security risks. It is also common for organizations to roll out mobile solutions, but pay too little attention to HR, legal, privacy, and regulatory matters. Lacking in these examples is a comprehensive and integrated mobile strategy and the right balance between managing risk while optimizing potential rewards of mobility. © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 3 A framework for Responsibly Mobile Defining the KPMG Enterprise Mobility Framework MANAGEM ENT GRAM O R P Apps Roa dm ap es vic STRATEGY E RY nt pm e De S vel o I AT y ac riv e y, P nc urit lia S e c Co mp ON DE LIV OPER GOVERNANCE & CENTER OF EXCELLENCE nce Design perie r Ex Use KEMF provides an integrated view of tools, governance, and oversight, not just technology; encompasses demand management, app governance, content delivery, and compliance; and ultimately facilitates alignment of an enterprise mobility program with business strategy. KEMF can also be used to perform a current state assessment – including current capabilities and maturity and gap analysis – and facilitates the development of an integrated enterprise mobility strategy, target operating model, and roadmap. Figure 1: KPMG Enterprise Mobility Framework (KEMF) De KPMG developed the KPMG Enterprise Mobility Framework (KEMF) based on this common set of challenges. KEMF can help organizations develop and implement their mobility programs and strike the right balance between risks and rewards. Analytics & Optimization 4 & BU Business Transformation According to a 2014 survey by KPMG,5 a vast majority of companies are in some phase of transforming their business model. These transformations are often driven and enabled by technology, including the proliferation of mobile devices. As mobility continues to expand the range of possibilities within functional process layers (i.e., making critical information available in real time), organizations are rethinking how to best maximize such benefits. Even though technology is often the enabler of business transformation, for such transformation to be successful, there needs to be a myriad of well-planned and designed considerations around strategy, people and change, processes, risk, and technology. M o M ana ge d b ilit y S erv ic e s SIN ESS TR & n g nce Testi ssura A y Q u a li t A NSFOR M AT SOURCE: KPMG ION PROBLEM: RESULT: Too focused on technology, not integrated with other functions • Missed opportunity to transform and drive business value • Tactical and point solutions • Poor user experience and unrealized benefits PROBLEM: RESULT: Managing mobility as a series of independent projects • Operational inefficiencies • Information security and privacy lapses • Compliance and reputational exposures http://www.kpmg.com/US/en/IssuesAndInsights/ArticlesPublications/Documents/ BusinessTransformationandtheCorporateAgendaDec13.pdf 5 © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 A framework for Responsibly Mobile Governance and Center of Excellence Mobile governance defines the standards, methods, approaches, and guiding principles of an enterprise mobility program. If designed appropriately, it can be very effective at breaking down traditional organizational roadblocks that can prevent programs from achieving their goals and objectives as the organization progresses down the mobile path. In many organizations, adoption of mobile technology has followed a series of back-and-forth interactions between the business and IT as shown below. Figure 2: The mobile journey6 A mobility center of excellence (MCoE) can enable and facilitate an integrated and coordinated approach to decisions related to business and technology matters, including use cases, legal and HR compliance requirements, technical platforms and architectures, and awareness and training. While governance is the “what” that is decided, defined and documented, an MCoE is the “how” to put it in action. GOVERNANCE MODEL AND MOBILE COE Mobile as an ongoing enabler of business transformation APP PIPELINE BUSINESS REQUIREMENTS & DESIRES − Suite of LoB apps − Mobile access to business systems − Mobile enabled workflow INDUSTRIALIZE MOBILITY FIRST MOBILE APP ENABLE THE BUSINESS − Customer-facing − Internal LoB enablement ACCESS TO CONTENT ACCESS TO THE ENTERPRISE − Documents − Reports − Sales decks − Collateral − Native vs. Web − App containers − Back-end integration − MAM/distribution − Apps security − Privacy policies − MDM+ − Mobile VPN − Cloud storage − Third party apps GETTING STARTED − Email, contacts & calendar − BYOD − Standards − Code re-use − Mobile analytics − Data mgmt − Methodology − Alliance mgmt − Additional tools IT TOOLS, PROCESSES, DECISION & PROJECTS SECURE DEVICES − MDM − Email container − Policies − Security tools − CYOD programs 6 LoB: line of business MAM: mobile application management MDM: mobile device management CYOD: choose your own device Mobile VPN: mobile virtual private network BYOD: bring your own device © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 5 6 A framework for Responsibly Mobile Strategy A mobile strategy is a prerequisite for the delivery and operations of a mobile program, but organizations often struggle even to articulate one. Mobility may reside under a broader IT strategy or not exist at all. We find mobile strategies in various stages of development as organizations wait to see how to respond to changes in consumer markets, including vendors, providers, platforms, and technologies. Organizations must ensure that mobile programs are well aligned with the broader IT and business guiding principles and strategy. This alignment will provide an effective framework for the organization to consider all of the major issues, highlight interdependencies, and facilitate decision making when there are conflicting tradeoffs. It will also facilitate a cohesive and integrated approach supported by a well designed operating model, governance structure, and a roadmap. The following are some examples and key considerations for both device and application strategies: Devices Deciding which devices, platforms, and carriers the organization should deploy or support is paramount to the success of any mobile strategy. Each device strategy presents different risks to different organizations. There is no “one-size-fits-all” approach. The decision should not be based strictly on infrastructure, security, or cost, though these are important factors. Devices should be continuously reevaluated to ensure that supported devices align with strategic objectives, user expectations, information security requirements, regulatory requirements, and a rapidly changing device landscape. For any enterprise mobile deployment, a device strategy is the foundation that anchors mobile apps and operations activities, and ties mobile initiatives to business requirements and goals. Knowing what devices the organization is supporting influences how it defines, designs, and builds applications. Key decision makers for devices and supporting infrastructure should be part of the governance and/or MCoE functions. Apps Apps, both internally and externally developed, offer increased mobile functionality and opportunities for business process enablement. Many organizations wrestle with a heavy demand for apps but lack an effective process for evaluating and qualifying these demands. They may jump head first into mobile and wind up with redundant functionality and the daunting task of supporting and updating apps to stay current with mobile OS releases. In some cases, key business apps are not supported through new OS releases, preventing users from updating and exposing the organization to security vulnerabilities. Apps strategy needs to include the prioritization of app ideas and opportunities. The focus should be on relevant and useful apps – those that will optimize business processes – rather than “apps for apps sake.” An app strategy should also be part of a larger mobile strategy. Enterprise application management cannot be effective unless it is appropriately aligned with mobile device and infrastructure management to maximize return on mobility investment. For example, app decisions should consider existing back-end systems and security layers. Assessing the organization’s risk profile relative to mobile is key to ensuring apps appropriately safeguard the organization from security breach. © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 A framework for Responsibly Mobile Delivery It’s time the enterprise learned to become more consumer grade. Joel Osman, Managing Director, Digital and Mobile, KPMG LLP Key questions – such as what type of data is permitted for distribution in mobile apps, what data must be retained for legal purposes, and what data can be stored offline – all must be considered in a successful mobile strategy. Roadmap A mobile strategy roadmap combines all the components of enterprise mobile enablement into an actionable plan and an operating model. This plan is based on where the enterprise is and what is required to reap the real benefits of mobile in a designated timeframe with milestones and deliverables. A roadmap strategy evaluates an organization’s mobile maturity, device and data management needs, potential and existing mobile solutions, mobile requirements, governance, and user experience. The outcome is a defined approach and timeline to guide how the enterprise should invest its focus, time, money, and resources. Some of the benefits of a mobile roadmap include an improved ROI on mobile implementations (due to upfront planning around mobile governance), identification and solution analysis of highest impact opportunities, and improved quality and reduced inefficiency (through evaluation and planning of how, when, and where resources should be invested). The delivery of an enterprise mobility program consists of app development, user experience design, and testing/quality assurance. Development As enterprise mobility programs continue to evolve and mature, so do the use cases and applications that are being developed within the enterprise. The mobile workforce continues to push not only for more data content and processing on mobile platforms, but as importantly, for better experience in engaging with that content. Whether it is executive reporting, field enablement, utility, productivity, or collaboration use cases, the user expects there to be “an app for that.” As a Forrester report put it, “The denizens of this new world are empowered digital natives, brazenly challenging business conventions for where and how work gets done, and challenging IT to find new ways to deliver security and freedom.”7 Furthermore, there is a direct correlation between an organization’s ability to recruit and retain talent and employees’ positive experience interacting with the enterprise data and technology. 8 Many organizations decide to take the development challenge head-on and turn use cases into tangible mobile apps in-house; others outsource the task to third parties. Whichever approach an organization chooses, it must be supported by clearly defined governance, requirements, and risk and usability considerations. Specifically, apps must be developed according to clearly articulated use cases and business and technical specifications and built using secure coding practices, while taking into account user experience. Whereas mobile apps for consumers are designed primarily to be easy to use and visually pleasing, enterprise apps must balance user experience with appropriate controls to protect sensitive data and resources. A common challenge that organizations face is to embed seamless security controls while maintaining this positive user experience. Unless the app is easy to use, no one will use it, and the benefits to the organization will be lost. Should the organization support every device, carrier, and OS available in the market through a “bring your own device” (BYOD) program? Or should it support only one device, OS, and carrier in the form of a fully managed, company-owned and -operated model? David K. Johnson and Michele Pelino – Forrester 2013 7 8 http://www.ere.net/2014/02/20/it-policies-can-affect-recruiting-and-retention/ © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 7 8 A framework for Responsibly Mobile Unless the app is easy to use, no one will use it, and the benefits to the organization will be lost. User Experience Design Expectations of employees are always changing, fueled by the knowledge economy and the consumerization of the enterprise. Businesses must adapt to changing market conditions and continue to be agile in how they deliver tools and solutions to their users. Employees are more vocal about the technology they want to interact with, expect consistency in design and functionality, and look for easier ways to get work done. In this environment of expectations and demands, enterprises are challenged to adapt quickly enough to keep employees engaged in their jobs. As a result, enterprises attempt to re-create experiences and levels of engagement common to consumer apps, effectively setting a new “bar” for enterprise app design called “consumer grade.” Organizations are beginning to understand this concept, and user experience design continues to move up the priority list. Testing/QA Whether mobile application development takes place internally or is sourced to third-party vendors, it is important to set and maintain a level of governance, quality, and security over the development process. To ensure successful execution and proper risk mitigation, development efforts should align closely with the enterprise development methodology. Proper consideration should be given to the integration of mobile apps and secure back end of enterprise systems (i.e., ERP, CRM, legacy systems, etc.). This requirement poses a challenge for many application development functions not only around user experience, but also security, functionality, integration, and data management. To mitigate risks associated with mobile applications, a rigorous application development methodology should be utilized supported by secure coding practices, as well as an effective quality assurance (QA) function and issue resolution process. An organization must develop a sound mobile application testing and monitoring strategy not only for development, deployment, and management of internal applications, but also to determine what external applications are to be allowed on enterprise devices to minimize security and privacy exposures. Operations The operations of an enterprise mobility program represent the ongoing management and maintenance of the program once it has been deployed. It consists of Managed Mobility Services (MMS); security, privacy and compliance; and analytics and optimization. Managed Mobility Services MMS represents the core of the operations function, which is the management of the physical devices, application, data, and all supporting processes. MMS considers business and financial operations associated with device management and helps determine operational staffing needs, roles, and responsibilities, as well as a variety of policies and processes. The MMS component of the KEMF consists of a number of process elements, which may vary by organization or deployment model (see Figure 3). The effectiveness and efficiency of many enterprise mobility programs are directly affected by the design and implementation of the MMS processes. For example, we found that many organizations are not able to realize their ROI due to ineffective processes around device procurement, provisioning, and poor financial management (i.e., carrier plan contracting and user reimbursement plans). The key is to define enterprise-wide mobile policies and processes that are conducive to enabling a broader IT and business strategy with governance and risk management at the foundation. Security, Privacy & Compliance In this new environment, vital business data now transcends the bounds of the corporate network, presenting new challenges not only to deliver relevant data to decision makers but also to ensure that same data is available only to its intended recipients. Mobile devices and apps now exist in a much more unbounded and “mobile” state. Evolving mobile malware, combined with relatively low user awareness of mobile risks, can have a significant impact on an enterprise’s information protection profile. Furthermore, depending on the nature of mobile app use cases and data, there may be regulatory compliance implications, including Health Insurance Portability and Accountability Act (HIPAA), Financial Industry Regulatory Authority (FINRA), Securities and Exchange Commission (SEC), or other privacy regulations or laws. © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 A framework for Responsibly Mobile MANAGEM ENT GRAM PRO Figure 3: MMS process elements De Apps Roa dm ap es vic es e nt LIV De ve l S op m DE I AT Configuration & Deployment ON E RY Analytics & Optimization GOVERNANCE & CENTER OF EXCELLENCE OPER Sales & Procurement d g e ic n a er v Maility S Mob Provisioning & Activation erience r Exp Use Design STRATEGY S ec BU u ri Comty, Privacy & p li a n c e SIN ESS TR & n g anc TestiAssur Q u a l it y AN SFOR M ATIO e N Mobile Device Management End-of-life/ Recycle MANAGED MOBILITY SERVICES Mobile Application Management Replacement Mobile Financial Management Repair Service Desk Enterprise mobility is not just technology, but a comprehensive program spanning people, processes, and technology. Likewise, data security controls can’t be applied just to the device; they must also be applied to applications, data, network, people, and processes through an integrated security governance program. Furthermore, when device security, network security, and app security are not properly aligned and coordinated, they will all come “crashing down” on the user experience. As a starting point, some key questions need to be answered: • How will the company protect the devices and data against unauthorized use and access? Analytics and Optimization As part of the trend of enterprise consumerization, organizations typically track downloads, usage, adoption, engagement, and uptake of consumer mobile apps. Similar metrics are required for enterprise apps in order to understand their value and ultimate ROI within the organization. These metrics can help the organization meet and exceed its strategic priorities and drive measureable and continuous improvement – and thereby improve adoption, employee engagement, technological advances, process improvement, and efficiency. • How will the company ensure compliance with regulatory and privacy requirements? • What data is to be protected at the device and mobile application level? • How will the devices be managed, monitored, and wiped if necessary? • What governance, policies, and acceptable use and awareness programs do we have in place? • What is the impact to the organization if the data on these devices were lost or stolen? • Does the organization have a process to help ensure continued compliance with existing or new regulations and security requirements? © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 9 10 A framework for Responsibly Mobile Balancing Opportunity and Risk Various stakeholders view mobility device risks and opportunities differently. Ultimately, they will agree that mobility is here to stay and that it is transforming the way the organization does business and how it engages with its work force and customers. Understanding the risks and opportunities from the point of view of each stakeholder is critical to a successful and cohesive mobile strategy and risk management. Among the executive suite, CIO, CISO, OGC, audit executive, risk officer, compliance, functional business leader like HR, engineering, or marketing, and users, points of view will differ. For example: Common Benefits User/Consumer Engagement and Behavior, Improved Efficiency and Accuracy, Cost Management, Collaboration, Productivity, Process Automation, and Embracing Disruptive Technology and Innovation Executive • Shorter return on investment • Defined competitive advantage • Easy access to key business information and performance metrics • Business transformation and new value channel • Business Intelligence driven by data and analytics • Enhanced user and customer satisfaction and engagement • Talent management (recruiting, retention, and satisfaction) • Anywhere engagement with customers • Enhanced customer satisfaction and engagement Customers • On-demand access to information • Customer service/help desk automation • Key client reports and metrics available anytime/anywhere Ops and IT • ”Mobile First“ or streamlined development, delivery, and presentation of content • Streamlined processes and lower infrastructure and device costs • Driving value through ease of use and ubiquitous access • Ability to manage and govern mobile devices and apps • Shorter return on investment • Ability to protect information at network, device, application, and data layers • Simplify remote access needs for knowledge workers Legal/Risk/HR/Compliance • Maintaining employee privacy • Ability to protect information at network, device, application and data layers • Ability to govern and monitor compliance • Comprehensive view of mobile risk • End-user licensing agreements • Ability to comply with regulatory, legal and HR obligations • Stronger security and reputational posture through use of secure coding, testing, and monitoring of apps Business Functions and Users • Variety of use cases and streamlined business processes • Business Intelligence driven by data and analytics • Ubiquitous connectivity and access • Talent management (recruiting, retention and satisfaction) • Field and sales force enablement • Enhanced staff engagement and productivity • Flexible work environment • Improved organizational culture and capabilities • Enhanced engagement through intrinsic motivational design © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 A framework for Responsibly Mobile Common Risk Considerations User/Consumer Engagement and Behavior, Efficiency and Accuracy, Cost Management, Collaboration, Productivity, Process Automation, and Disruptive Technology and Innovation Executive • Financial and ROI cycles • Mobile strategy (mis)alignment with business strategy • Regulatory compliance • User and consumer engagement • Organizational Reputation • ”Missing the opportunity“ • Keeping up with pace of change • Governance and organization Customers • Privacy- PII and client confidential data • Poor user experience • Inability to obtain key reports anytime/anywhere • Poor customer satisfaction and engagement • Inability to access information in consumable format Ops and IT • Tool/vendor selection • Addressing the ”trust gap“ • Usability and experience • Apps built/delivered as point solutions • Maintenance and support • Privacy and security • Functionality delivered not aligned with organizational goals • Managed services and service levels • Device, app, and user governance and controls • Implementation/management cost • Non-company-sanctioned apps (i.e. rogue apps) Legal/Risk/HR/Compliance • Use of non-sanctioned devices • Ineffective monitoring and policy enforcement • Inconsistencies in mobile platforms and security capabilities • No segregation of corporate and personal data • Enforcement of acceptable user policies • Country- and region-specific laws and regulations • Lack of data loss prevention (DLP) on mobile devices • E-discovery, data leakage, compensation, and acceptable use • Device loss/theft • Internal policies and procedures • Secure coding practices • Program governance and lines of defense • Mobile app management and governance Business Functions and Users • Intellectual property • Addressing the ”trust gap“ • Exposure of sensitive data • Change enablement and adoption rates • Policies and procedures • Inefficiency and poor user experience • Acceptable use © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 11 12 A framework for Responsibly Mobile Conclusion The innovation rate in mobile devices, social software and cloud computing is accelerating faster than the enterprise adoption rate, and consumer mobile applications are setting the standard for enterprise apps. IT organizations that fail to adapt to this new reality may lose their relevance in the era of pervasive mobility. Organizations that continue down the path of tactical solutions may be exposing themselves to risk, but more importantly, are simply missing an important opportunity. Your organization may already have a mobile strategy of sorts, but if it is overly segmented, not aligned with business strategy, or blind to key requirements or risks, it will likely not be successful. Mobile devices are already transforming organizations and entire industries. Companies are adopting reasonable approaches that aim to mitigating risks of mobile while seizing its opportunities. It all begins with a framework – such as the KEMF. An effective enterprise mobility program should consist of all the elements contained within KEMF. At the same time, an organization’s mobile program will be based on its business strategy, industry, risk appetite, and current capabilities and maturity. That’s why a current state assessment and a gap analysis utilizing the KEMF is the place to start. The findings can drive an effective target operating model and implementation roadmap. Becoming responsibly mobile in three steps Using the KEMF, conduct an assessment of your mobility program to determine your level of capabilities and maturity and alignment with your business goals Build out your mobility program and roadmap by addressing all the elements of the KEMF and using the insights gained from your assessment Adopt the “consumer grade” standard for all mobile apps About KPMG KPMG’s Emerging Technology Risk Services can help organizations become responsibly mobile, social, and in the cloud. We work with organizations to analyze emerging technology risks and issues – including IT strategy, operating models, privacy, security, governance, regulatory and compliance. We focus on the business impact of technology, and we are not tied to any hardware or software suppliers. As a result, our advice is objective and geared to the specific needs of each client. KPMG’s IT Advisory team is a trusted advisor to the Boards of some of the world’s largest multinational organizations. We operate in the developed markets and in the key emerging economies of Central and Eastern Europe, Central and South America and Asia Pacific. We offer the following services to help your organization become more responsibly mobile: • Assessment of enterprise mobility operating model using the KEMF • Mobile benchmarking and capability and maturity assessments • Risk services relating to mobile program and device enablement (security, privacy and compliance, device management, program governance/MCoE, etc.) • Risk services relating to mobile applications (secure development, security, privacy and compliance testing, app portfolio management and governance) • Mobile tools and solution design and implementation (BYOD/ CYOD, MDM, MAM, etc.) • Design and implementation of enterprise managed mobility processes and services from device procurement through disposition • Design and development of mobile apps © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 A framework for Responsibly Mobile © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. NDPPS 322792 13 KPMG would like to thank the following contributors: Phillip Lageschulte, and Joel Osman. Contact us Phillip Lageschulte Global Leader Emerging Technology Risk T: 312-665-5380 E: [email protected] Martin Sokalski Managing Director Emerging Technology Risk T: 312-665-4937 E: [email protected] Joel Osman Managing Director Digital and Mobile T: 312-665-2166 E: [email protected] kpmg.com Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2015 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. NDPPS 322792
© Copyright 2024