But for enterprises, remaining competitive means a mobile strategy that optimizes productivity and enhances customer services.
Many Hong Kong enterprises started providing mobile phones to employees in the 90s. But with the popularity of smartphones and rising mobile apps and threats, many IT executives find themselves balancing access and management.
The demand for mobile access -- from both internal staff and external customers -- is the driving force for enterprises to enable applications on mobile platforms. According to Gartner, smartphones and tablets will represent over 90% of the net-new growth in device adoption in the next four years.
"We believe the pace of change over the next four years will be breathtaking," said Daryl Plummer, managing VP and Gartner fellow. The popularity in mobile devices is going to produce a domino-effect on apps usage and development.
This trend is already happening in Hong Kong, as a study by Symantec indicated 84% of local enterprises have already deployed or are discussing deployment of custom mobile apps.
It's significantly higher than the global average, where only 56% stated the same. The finding is part of Symantec's global 2012 Stage of Mobility Survey, with 150 Hong Kong enterprises participated. The survey also found more than half of the local respondents have already implemented or are currently implementing custom mobile apps."
CLP and Standard Chartered Hong Kong are early adopters of custom mobile apps. In its fourth generation of iPhone apps, CLP's mobile capabilities for consumers include providing account and billing information, as well as tracking energy efficiency. Another app helps electric-vehicle drivers to locate charging stations.
"Real time access to information via mobility solutions allows our customers to do transactions and queries at their convenience wherever they are," said Andre Blumberg, head of group applications development and support at CLP Group.
Internally, the company is also enabling a bring-your-own-device (BYOD) policy. "The next generation of workers have grown up with mobile consumer devices and will expect seamless computing on any device anywhere," said Blumberg. "At CLP we are keen to continue to capture all the benefits that mobility brings to our work force and our customers to improve efficiency and enhance the customer experience."
The banking sector is often the major spender in technology, but is often also the most conservative in technology adoption. At Standard Chartered, a global initiative is underway to enable mobility for both its customers and internal staff in a more controlled environment.
The bank uses iOS as the standardized platform for its mobile apps development and is standardizing its device support for internal staff to iOS devices. "The Apple-based platform is the right fit for us," said Todd Schofield, global head, enterprise mobility at Standard Chartered. "We can build functionalities into our own custom apps that allow people to do things on the go."
The bank has launched a pool of mobile apps, available for both existing and potential customers to download on the Apple's App Store. Breeze Hong Kong allows local customers to manage bank accounts with their iPhones or iPads. It's available also in three other countries--China, Malaysia and Singapore--each with its dedicated version that fits local currency and regulatory requirements. The bank also offers mortgage and property valuation services through Breeze Home.
"What we are doing with [iOS] is [aimed at] the next generation of banking," said Schofield. San Francisco-based Schofield leads a team to establish the bank's mobility strategies and policies--his team works closely with the Hong Kong IT team to localize Breeze, as well as to test and pilot other mobile apps.
Another app, iNeeds, was piloted and went live in Hong Kong. It's designed for relationship managers in consumer banking to identify and present different banking needs for customers, as well as to provide personalized financial planning services.
Besides serving external customers, Schofield's team also builds apps and set mobility policies for internal staff. While customers can download apps from Apple's App Store, Standard Chartered internal staff can also download internal apps through the SC AppCenter, where apps are posted and updated for employees.
These apps include FX Rate, which provides direct connection with the bank's internal foreign exchange system, to provide real-time and updated foreign exchange rates for traders. The Mobile Trade Port also allows traders to access the bank's trading system and approve transactions on the road.
To encourage its employees to adopt these apps, Standard Chartered has purchased 11,000 iPhones to support the bank's 80,000-plus staff. Schofield agreed the penetration rate is moderate, as they remain cautious in providing mobility. "We take the responsibility as custodians in managing the money of our customers very seriously," he said, "and our mobile services need to reflect that."
Such caution is also shared by many. Symantec's study indicated that 54% of the respondents from Hong Kong view mobility as somewhat to extremely challenging and 37% identified mobile devices as one of the top three IT risks.
This concern is understandable with various reports indicating malware--particularly mobile malware--continue to grow. Juniper Network's 2011 Mobile Threat Report indicated mobile malware across all device platform, increased by 155% last year. The majority (63%) is spyware, which could be stealing data from corporate smartphones without the users' knowledge.
"To enable security and protection of corporate data, remote lock and wipe capabilities are critical," said Peter Smith, director of Wavelength Consulting, a mobile strategy consulting firm. "Never allow a device to access corporate information without [enabling] remote lock and wipe."
The former CIO of local mobile operator CSL, Smith noted having access to monitor and remotely wipe off data should be a policy that applies to all devices that have access to the corporate internal system, regardless they are corporate-owned or under BYOD policy.
At Standard Chartered, the bank also uses the device's security functions--Schofield said it's mandatory for all iPhone-users to switch on the passcode-lock function (a best practice for all iPhone-owners).
"We use the encryption that's built into iOS devices and use our Exchange servers to force policies to enable remote wipe and allow access to our internal systems," said Schofield. He said VPN connection is also required before employees can access internal corporate systems or mobile apps.
Other precautions for the corporate iPhones: jailbreaking is disallowed, sensitive data is stored in the cloud and users may not install iTunes to download external applications.
Another challenge for enabling mobility is the control of application-performance. Compuware's International CIO study conducted last September surveyed more than 500 IT executives--64% of them stated it is almost impossible to provide support for employee's mobility. The study indicated that reliance on external networks is making it harder for IT to control performance and end-user experience.
Schofield said that performance is particularly critical for custom apps, and his team tackled the issue in the development stage. "FX Rate wasn't as fast as we wanted," he said. "So we worked on the app and the background [infrastructure] to make the packets smaller and do packet shaping, so we get the data to the phone faster and more consistently."
An alternative solution is to rely on the bank's global Wi-Fi network MobiNet--a customized network for the bank's iPhones available across all major Standard Chartered offices and outlets around the world. All the corporate iPhones are enabled, they will automatically switch to connect MobiNet once the phone enters the bank's premises. Schofield said this policy encourages employee to leverage the bank's network of physical premises to access mobile apps with more stable performance and under a secured environment.
Apart from app-performance, businesses are also tasked with providing apps for multiple platforms. Apple's iOS appeared to be the primary and first platform for most local enterprises engaging in mobile apps development. At Standard Chartered, all internal mobile apps are available only via iOS devices--the bank supported mobile access via Blackberry devices for years, but Schofield said they're not building any apps based on that platform.
"Apple's SDK is standardized, which means the apps will be more stable and consistent," he added. But given the diversity of devices in the consumer market, the bank is providing some external apps for their customers using Android devices.
At CLP, iOS was also the primary platform. But now the company must diversify among iOS, Android and Blackberry platforms, said Blumberg.
The emergence of HTML 5--which enables enterprises to build cross-platform mobile apps--provides a more device-agnostic apps development process. While speeding support for various devices and cutting costs in the development process, Smith from Wavelength Consulting said adoption relies on the app requirements.
"Depending on what you are trying to achieve," he said, "if you need performance and a rich user experience and the app needs to be available offline, HTML 5 may not be the answer."
Although it is more costly to develop apps based on a dedicated OS, Smith said that user experience and performance are generally better. The app is built for the platform, providing usability that can better leverage the device features.
With smartphones becoming more affordable and tablets gaining popularity, more internal staff want to access corporate systems with their own devices--the BYOD phenomenon.
While BYOD can help mobile workers be more productive, it can also be a risk if not managed carefully. Compuware said 77% of its International CIO Study respondents indicated that consumerization of IT has become a business risk.
At Standard Chartered, BYOD is available with specific restrictions and the bank has so far enabled 2,000 personal iPads. According to Schofield, only the bank's corporate iPhone users can have their personal iPads enabled to access the corporate systems and apps. They are also restricted by the same rules and policies as other corporate devices when accessing internal systems and apps.
Although different policies can be put in place, augmented by device-management tools that automatically enforce them, Smith said user-education remains the last and most critical line of defense. He added that companies deploying corporate mobile devices require employees to sign documents to ensure they fully understand corporate policies. "It is key for employees to understand the responsible usage and the risk to the company," concluded Smith, "but the education factor is often missed out."
Corporate customers will feel minimal impact of local telcos' access prioritization on unlimited mobile plans, said IDC analyst.
CSL, SmarTone, and 3 Hong Kong announced in late February that they will continue to offer unlimited local data service plans to customers in Hong Kong, but will apply network priority management in real time to ensure fair network access. The announcements were responses to Office of Telecommunications Authority's mandatory fair usage policy (FUP) issued in November last year. It aimed to ensure users have a fair opportunity to enjoy their services and to prevent a small number of users to abuses the network.
According to the operators, under their new policies, customers on unlimited plans who reach 5GB of local data fair usage within a single billing period will be given lower priority to access the network for the remainder of that billing period. Individual consumer subscribers will continue to have unlimited access to the network without any additional charges, without speed throttling, or switching off of their service, the operators noted.
For the corporate customers, Alex Chau, senior research manager, mobile services and technologies at IDC Asia/Pacific, said the impact will be even minimal. Many corporate customers have already had bundled offerings from telcos to make sure there is enough bandwidth for their employees. The use of Blackberry servers for e-mails by corporations also helps minimize the FUP impact, he added.
"This ceiling [of 5GB] is reasonable. Most users won't use more than that in a month unless they watch more than one hour of movies daily and do BT download often," said Chau. "Even when you cross the [lower priority] threshold, you still have 128k of speed for mobile data access--this is good enough except for high definition videos."
According to Chau, operators take various measures for the new policy. "CSL has already upgraded its infrastructure, now having a fiber-connected network, while PCCW Mobile--having dropped its unlimited data plans-- has deployed more than 9,500 hotspots for Wi-Fi offload," he said. "Their customers hopefully will see the least impact on their data access."
+++
For CLP the drive to be mobile has been happening for some time with use of mobile devices for field engineers for at least ten years. But as the use of smartphones, iPads and other devices grown, the ability to standardize has been made much more difficult for the IT organization at CLP.
This trend has challenged IT to find ways to support more than just one device or platform. "We have had to become more flexible to support different devices and our security and management platforms now need to be much more device agnostic and support different platforms today," said Andre Blumberg, head of group applications development and support at CLP Group.
The company distinguishes between what platforms are supported for external customer applications and services versus what is supported internally.
CLP is now in its fourth generation iPhone app for customers that provides access to company information and allows customers to track things like energy efficiency as well as to check their own statements and accounts.
Interesting new features include the ability to trigger a relocation order when moving as well as a function to locate the closest electric vehicle charging points. 'We started with iPhone given the popularity of the platform but we are now also moving this to Android," Blumberg added. He noted that CLP was initially hesitant on Android support for internal use due to security and the issue of too many variations of the Android OS, each with its own management and usability challenges.
Windows Phone is also being looked at but Blumberg admitted that CLP would wait and see for greater adoption and wider application development support before widening support for that platform.
Internally, iPhone and Android are supported, but Blumberg admitted it's not easy determining which platforms to support. "It's easy to say in Hong Kong that at first we will support just iPhone but you look at India for example and it's almost all Blackberry there," he noted. "Also it's very hard to get a clear technology roadmap from Apple, Google, and even Microsoft these days--almost everyone is focusing on the consumer first and enterprise a distant second."
CLP also operates a bring-your-own-device (BYOD) policy, where staff can request to have their personal device connected to the corporate systems such as e-mail and have IT support the management of that device.
There is a comprehensive mobile device management platform that applies security and policies to all devices that connect to the corporate network depending on risk levels and functionality. All users have to agree to a baseline level of security requirements which are applied to the devices.
These include agreeing to IT being allowed to remote wipe the device if required, as well as re-boot devices and remote monitoring. "BYOD is a good option for staff that are not given a company device and allows them to leverage their personal device for work while getting IT to secure, support and back up their data," Blumberg said.
The planning for this was exhaustive and included HR, finance and senior leadership input to address Issue, such as governance around downloading of apps--in what circumstances is that application a work-related task versus for personal? Do all apps need to be corporate-approved? Can users claim expense on downloading apps?
Plus there are the risks of users having content that breach intellectual property rights. "All these scenarios need to be thought through and the resulting guidelines need to be carefully communicated to staff and signed off before devices are supported," said Blumberg.
Additional reporting by Chee-Sing Chan and Teresa Leung