nito - Fotolia

It’s high time support staff relinquished control

There’s no reversing the widespread BYOD trend, so IT must adopt new ways of delivering applications to employees

It is not uncommon for employees to bring their smartphone to work and within seconds connect the device to the company Wi-Fi or Exchange Server – without any consent from IT. In many ways, the bring your own device (BYOD) trend is forcing IT departments to rethink their role. While it may have begun with people wishing to use their iPhones at work, the focus has broadened to cover the entire computing environment.

“Endpoint support staff must rethink the workspace and work with suppliers to rearchitect and re-cost standards,” says Ken Dulaney, vice-president and distinguished analyst at Gartner.

In the past, the IT department would have managed and deployed a set of standard Windows images across the business, managing a small number of hardware and software configurations that could be applied to all employees. Thanks to the prevalence of software as a service (SaaS) and the cloud, users are no longer limited to Windows running on a standard PC. SaaS can be accessed via a URL or an app store. Gartner believes that over time, less than 30% of applications will be tied to a specific platform; most will run in the back end, accessed via a browser or mobile app.

“From an IT perspective, Windows 10 and the move of applications to the back end will dramatically change how those applications are delivered to employees,” says Dulaney. “Updates will be more frequent, more incremental and less obvious to the user. Software vendors and internal IT have much to do to adapt to this new model and move away from the image-management model for the PCs of today.”

In the Forrester paper, Build A Corporate App Store Into Your Corporate Mobility Strategy, analyst Christian Kane notes that corporate app stores enable IT teams to change how they support and deliver apps. IT infrastructure and operations teams can give users a self-service option and an intuitive interface to access corporate-approved mobile applications. IT professionals are happy because they gain some ability to control mobile apps and manage access policies. Employees can also use the app store as a portal for accessing the tools they need to do their jobs, he says.

 The app store

The helpdesk is an obvious app for IT, but as Barclay Rae, CEO of IT service management body ITSMF, says, some organisations have found it difficult moving away from on-premise service management to cloud-based tools, which tend to have better support for user self-service. “Enterprises are biased towards running such tools on-premise, which means they run older tools rather than modern cloud-based tools,” says Rae. In his experience, businesses can get mired in tackling an issue like providing single sign-on, which is a challenge for an on-premise tool but fairly straightforward in a cloud-based tool, which can offer self-service password resets.

Rae explains that cloud-based service management products are being sold to areas of the business outside of IT. One example is Aylesbury Vale District Council (AVDC). In April 2012, the council began plans to move from multiple offices in the district to a single location on the outskirts of Aylesbury town centre. It also decided to deploy cloud-based infrastructure, allowing council staff to access services from any location. AVDC deployed Hornbill’s cloud-based Service Manager IT service management tool to enable the IT support team to work collaboratively and secure expert assistance within the organisation, providing faster resolution to issues.

There are many other parts of the business that lend themselves particularly well to SaaS-based apps for employee self-service. Quocirca principal analyst Rob Bamforth says: “The routine and regular processes for dealing with simple updates and viewing of key private information such as payroll, without going through a human connection in HR or accounts, is a common and effective place to start.”

Read more about employee self service

Unlike most IT initiatives, there is more to collaboration than deploying a platform and training

Introducing self-service IT can improve efficiency and hand control to the employee – so long as it’s done right

The IT industry talks about software-defined infrastructure replacing physical servers, storage and networks with virtual appliances. This is an IT-centric perspective, where virtualisation is an evolution of the physical datacentre. An entirely different perspective comes from the likes of Amazon Web Services (AWS) and Microsoft Azure. While these can indeed be used to mirror physical datacentre hardware through infrastructure as a service (IaaS), there are compelling reasons for businesses to take advantage of the platform services built into these public clouds.

Modern applications – the cloud-native applications – are based on a set of distributed cloud services or microservices. A private cloud enables the IT department to provide similar services internally, which can be accessed without IT having to get involved.

OpenStack, for instance, promises to enable organisations to create AWS-like experiences for private clouds, to support new digital business initiatives. Applications can be deployed quickly and safely in a private cloud by the developers themselves.

For a CIO who subscribes to the notion of bimodal IT, a catalogue of internal cloud services provides a way to expose systems of record to business users. The catalogue provides business managers with open application programming interfaces (APIs), internal cloud services and data in a manner that can still be governed effectively by IT. Whether the business chooses to develop new applications internally or hire a third party, these internal services can then be used within the formal project specification.

For the bimodal CIO, a private cloud with a catalogue of approved services that developers can access via a self-service portal solves two problems. First, it avoids the data loss risks and potential costs of developers spinning up their own virtual machines (VMs) in public clouds such as AWS. Second, IT can concentrate on delivering a set of core services to the business, rather than attempting to meet every single business requirement.


For employee self-service to become viable in business, IT needs to address how to ensure that people are only given access to the software and IT resources they are authorised to use.

Gartner estimates that by year-end 2017, about 50% of organisations will choose cloud-based services as the delivery option for new or refreshed user authentication implementations. The analyst defined the authentication market as on-premise software/hardware or a cloud-based service that makes real-time authentication decisions for users who are using an arbitrary endpoint device (that is, not just Windows PCs) to access one or more applications, systems or services in a variety of use cases. Where appropriate to the authentication methods supported, a vendor in this market also delivers client-side software or hardware that users utilise to make those real-time
authentication decisions.

Companies that Gartner identifies as leaders in user authentication include SafeNet, TeleSign and EMC. Companies such as CA Technologies and Entrust are considered “visionaries”, while Microsoft is rated as more “niche”.

According to Microsoft, Azure Active Directory (AD) provides an affordable, easy-to-use system to give employees and business partners single sign-on (SSO) access to thousands of cloud SaaS applications such as Office365,, Dropbox and Concur. From a self-service perspective, cloud-based authentication needs to provide a single sign-on for users, giving them direct access to public cloud applications and internal, cloud-hosted applications.

Microsoft is hoping many organisations will make use of Azure AD, since on-premise AD is common in Windows-based corporate environments. But as ITSMF’s Rae points out, there is still a reluctance in some businesses to move IT systems into the cloud, regardless of the potential benefits.

The idea of self-service is about giving control back to the business, says Mark Ridley, CTO of “It’s a careful balancing act; if a salesperson needs a better presentation tool, it should not be IT’s call.” He says the idea of a service catalogue for SaaS products would be very compelling for business. For instance, an HR manager could provision the IT that a new joiner needed rather than having to request it from IT.

The online recruiter has replaced its SAP expense-management system with Concur and has deployed OneLogin, the cloud-based identity and access-management tool for single sign-on.

The shift of power

Self-service is most effective for applications that run in the cloud. CIOs can help shift the mindset of IT by giving some of the day-to-day IT tasks back to the business. No one needs to raise a helpdesk ticket in their personal life to reset a password on their favourite e-commerce site, so why do they need to at work?

Similarly, as Ridley observes, the business is often better placed to give staff the software they need to do their jobs. BYOD was just the beginning; passing some of this IT control back to the business and even staff themselves paves the way to a new era in IT management.

Read more on Mobile software