Bring your own and self-service support (conversations at SITS13)

I’m not sure how “a few days” has suddenly become “a few months”, but time obviously flies when you start a new job!

In April I talked at the Service Desk and IT Support show (SITS13) about our work on self-service and bring your own device. (I was a bit quicker off the mark posting my slides from the show, which are here: https://bytherye.com/2013/04/25/some-slides/)

I really enjoyed the discussion which followed the presentation, both in the room and also on twitter. It’s encouraging to see that the issues we’re grappling with aren’t just a problem for public sector IT people. It’s always nice to know that you’re not alone and to share ideas and experience!

I find the discussion about byod fascinating. It’s clearly vexing a lot of people and IT finds itself caught between the ever growing anxiety about securing valuable and sensitive information and ballooning user demand for greater flexibility and a more personal IT experience. I don’t think that whether we allow byod is really the issue anymore. I think that the days of IT setting out a defined and limited set of tools for our users to use are rapidly on their way out, so we now need to focus on how we give our users more flexibility without creating unmanaged risks.

This question from @Zeiniz echoes those in the room: how can IT allow more flexible access without compromising information security?

20130617-064741.jpg

A key point for me is that byod does not mean allowing personal devices into our secure network. In fact I think that the opposite is true, I think the answer lies in delivering appropriate information beyond our network and making it available through apps and information services which we can secure as necessary (in much the same way, for example, that Spotify can deliver content to your device and take it away again if you cancel your subscription). The good news is that consumer providers have been doing this for years and there’s lots we can learn from them. In fact, in my view the business IT organisation will increasingly look and feel like a consumer provider delivering business information to our users with a high level of flexibility about which devices can access it. Some of the tools we use may be ones we develop ourselves, but we already have ways of connecting available to us (e.g. ActiveSync for email) which give us capabilities to manage how information is made available and secured across a wide range of devices.

This has big implications for the way that IT manages the relationship with our users and how we share the responsibility to protect information, as well as for how we design our system and information architectures. The old approach where the IT team ‘take care of security’ and users don’t need to worry has reached the end of its shelf life (arguably it didn’t actually work in the first place as I suggested in this post). We can give our users much more flexibility provided they treat information with care and use appropriate tools for more sensitive data — email has never been the right tool for highly confidential or sensitive information. A programme to enable byod will be as much about user training and compliance as it will about technology.

And this shift in the relationship will apply to how we deliver support too. A proliferation of devices and working styles will mean that if we continue our traditional model for providing ICT support, helpdesks will increasingly become overwhelmed and probably less helpful — they just won’t be able to be expert in all the various issues users will want help with.

So this is where self-service comes in. A good start is to build a culture where users are used to getting support through self-service. As online self-service is increasingly the norm in people’s personal lives I’ve seen users showing that they are quite comfortable using an online helpdesk rather than needing to phone or email for support (in fact often they expect to be able to get support this way).

Again, I think that we should be looking to the consumer arena for the way we do this. One of the questions asked at SITS13 was how user-friendly is our self-service helpdesk? And the answer to that is that it’s fairly good, but we need to make sure that we keep making it better. We need to work with our users and challenge ourselves to make more processes available online and simplify processes wherever possible.

As I’ve blogged before (https://bytherye.com/2013/01/05/self-service-making-it-work/), I think the ultimate goal of self-service has to be about more than just providing electronic forms for people to request support from the IT helpdesk. To fully meet the challenge of byod we need to use it to harness the knowledge which our users have and help to share this with other users. Along with prescribing the types of devices people use, I think the days of IT trying to have all the knowledge about how people work with technology are also behind us. I’ll let Denise (@DHL66) have the final word on that!

20130728-144338.jpg

Some slides…

I had the pleasure of attending yesterday’s Service Desk and IT Support show (SITS13), talking about the work we’ve been doing to give our users online self-service access to IT and other support services and enabling bring your own device.

It was great to see how many other people are keen to discuss these subjects, and I enjoyed the conversation which followed. I’ll blog some thoughts on that in the next few days, but in the meantime one attendee asked if I’d be posting my slides here which seemed like a really good idea. So without further ado, here they are:

Slide deck

And here’s a version with a few more detailed notes:

Slide deck with notes

Sharing our digital endeavours

A few weeks ago I attended the first event of what will hopefully become a thriving community of local councils using open source web platforms (Open Councils — Drupal Public Sector Exchange). This was a group of public minded web folk who are passionate about using open source software to deliver better, cheaper local digital services, and it was great to have the opportunity to talk about the work we’re doing at Lambeth to build our new website www.lambeth.coop (which is based on the Drupal open CMS). You can read much more about that here: www.madeinlambeth.co.uk.

So, how can we best take advantage of collective resources to meet local needs?

I’m cautious about the concept of creating an equivalent of GOV.UK for local government (although I am a huge fan of GOV.UK). Undoubtedly local councils share lots of areas of our work in common, where we operate in the context of national and even European frameworks. But I think that a ‘one site to rule them all’ approach will struggle to reflect the different challenges of urban and rural areas, and the different priorities that have been set by local communities and their elected representatives.

I think that the most promising prospect for shared success lies in learning from the approach behind thriving open source communities such as Drupal and WordPress. These have been used to create myriad web experiences of huge variety, but with a common code base and a vast array of plugins where developers have packaged their code to be used by others. This open economy of shared work has transformed the tasks of making information and services available online for individuals and organisations (even large organisations who have historically invested in expensive proprietary code), and I think we can build on this to create equivalent shared value for local digital services.

Some key areas where we can focus are:

Sharing our code. As well as using open source platforms we can also make our developments open for others to use, adapt and improve as they wish. We have made our code open using GitHub (https://github.com/LambethCouncil) and will share the modules we develop for others to use across the Drupal community.

Sharing our learning. The Government Digital Design Manual (https://www.gov.uk/service-manual) and Digital Monmouthshire’s writing guide (http://digitalmon.wordpress.com/) are both great examples of where valuable learning can be shared even if the code platform is different. This is letting us focus on what matters locally without redoing what is often months of work others have already done.

Sharing our data. I think the council digital service of the future will be based on digital services, not just a website. At Lambeth we are already hearing demand from the community to get access to our data and content through APIs so that it can be reused in other ways — something we are keen to encourage (https://bytherye.com/2012/08/05/a-big-step-forward-in-opening-up-our-data/).

All in all, it feels like there’s a bright digital future for local government. One where we can focus on local priorities, save money and gain pace through sharing and build a thriving open community of innovation and code. Exciting times indeed!

One of my clouds just vanished

I woke up this morning to a flurry of tweets about Google’s announcement that they’ll be killing off Google Reader in a few months time. If you haven’t used it, Reader is a neat tool which brings together feeds from websites which you want to follow into a single place, and it works nicely with apps like Flipboard to create a personalised online magazine of useful information.

Now, this announcement is a pain but not the end of the world. But I do expect that it’ll cause an even bigger flurry of people warning against the perils of cloud services altogether. After all, if the provider can just decide to pull a service which you rely on how can you trust the cloud (and particularly public cloud services) with your business critical functions?

For some time though a host of wiser advisors have been giving straightforward advice about the things to consider when you look to the clouds for your services, and steps you can take to do this safely. And in reality these are much the same as the steps we need to take when planning to buy any sorts of services, whether they’re cloudy or earth-bound.

Making sure that you know how you’ll get your data back and carry on without the service are a key part of planning your strategy. And so is making sure that you understand the business strategy and stability of your provider before you commit to buy from them — especially if the services are for business critical functions.

Reader evaporating is a good reminder of the dangers of cloud naivety. Cloud has lots to offer on a personal and business level. It’s just key to remember that nothing’s perfect and that understanding how you’ll manage risks and continuity is a key part of innovation.

Digital Lambeth

[This first appeared as a guest blogpost on the G-Cloud blog]

At Lambeth we are rebuilding our digital services. This is a key part of our strategy and our goal is to create a completely different online experience for our citizens. Not just providing clear, useful content and excellent transactional services, but also using our new www.lambeth.coop website as a core part of changing the way we interact with citizens and sharing our data openly.

We’re moving fast thanks to a combination of a great team, an agile, delivery focused approach, an open source platform (Drupal) and learning from the excellent work that the Government Digital Service is sharing. You can follow our journey through our blog: www.madeinlambeth.co.uk.

At the heart of this is our in-house team, which includes people who’ve got involved from our local community and through ‘hack day’ events which we’ve run together with a great group called Good For Nothing. But there are also some areas where we need specialist help, and we’ve just completed a purchase through G-Cloud to source Drupal expertise to help us build an online collaboration platform. We plan to use this as one of the ways that we’ll give local people the opportunity to get more closely involved with Lambeth’s work — from helping to shape our plans right through to actually working with us to help deliver excellent local services.

We’re moving really fast with the project and we want to get the first iteration of this part live by the beginning of March. G-Cloud has been the perfect way to buy the services we need to make this happen. The process of selection is simple, and we’ve found it very easy to short list suppliers, clarify where needed and then commit to buy quickly.

This is our second purchase through G-Cloud (the first was mobile device management — see my earlier post on this blog), and while we expect that we may have to use other procurement routes to meet some of our needs (we’ll judge each case by its merits) we are committed to using G-Cloud as the first place we look for cloud services, whether large or small.

To make this simple, we’ve worked closely with colleagues in our legal and procurement teams to update our local procurement rules so that they now fully recognise G-Cloud. By putting the effort in up front to complete this last autumn we’ve addressed all their questions and made sure that we can easily buy through the Cloudstore. I’ve been really pleased with the support we’ve had from our colleagues and we’ve also found the G-Cloud team extremely helpful in working through any concerns which might have caused problems.

Our positive experience so far makes us confident that G-Cloud will play a big part in our ambitious plans for the future.

Footnote: if you’re interested in getting involved with our exciting digital project we’d love to hear from you! In particular we’re recruiting for Drupal web developers, find out more here.

Self-service: making it work

I recently had a great conversation with one of our suppliers discussing our work to make self-service a core part of the way we interact with and support our users. Providing online access to the helpdesk is only part of the challenge, and achieving a genuine shift in the way that people access our services needs more than just a website.

While I wouldn’t want to claim that we have all the answers nor that what we’ve done is perfect (it’s not! — yet…), we are really pleased with the progress we have made. And more importantly, it now gives us a foundation which we can use to make a real change in the way that we engage with our users — supporting our work to change the traditional customer | supplier relationship between ‘the business’ and IT to one of partnership, where we are working together effectively to support common goals. (see this previous post for my thoughts on how this can play a key role in making Bring Your Own Device a success)

Since we launched our DIY online helpdesk in the autumn of 2010 we’ve seen a real explosion in uptake. We deliberately started slowly and rolled out in phases over six months. Now, two years after we first launched, over 68% of user requests are submitted online and DIY has become a core tool for the organisation. Because people are used to using it, it’s now a platform we can use as part of driving a real change in the way that users interact with IT and other key services.

20130122-220753.jpg

The ICT homepage on DIY

So, what have we done so far to make this happen?

  • we started by focusing on getting the basics right: we prioritised the stability and performance of the platform as we needed our users to trust it before we extended its use. This took a little time, but was essential to make sure we had people’s confidence.
  • we made it a priority: key resources were allocated to the work, and we complemented their effort with real focus across other teams (particularly the helpdesk team) to make sure that work progressed fast, and that we redesigned processes with self-service in mind.
  • we took a bold approach: after the first six months ‘bedding in’ we switched off email as a way for almost all of our c 4000 users to report requests (making exceptions for a very small group of users with very particular needs). This was the big step which moved us from less than 10% of requests being reported online, to over 40% — and we were surprised at how readily people took to the change.
  • we are thinking holistically about the role of self-service in our overall service delivery: we have baked self-service into our business model, and even ‘internally focused’ work such as managing the process of making changes to our systems is being designed with the impact on self-service in mind (e.g. automating the process of providing users with information about planned work etc).
  • a key part of this success has been thinking wider than just IT: DIY is becoming the place to go for online access to internal services, including facilities management and communications support. This has allowed us to adopt a genuinely user focused approach to service delivery and contributed significantly to the number of people who use self-service. It’s also allowing us to join up processes with the user in mind, for example letting managers request building access for new starters at the same time that they request IT access. This needs to be something that we do more and more of…
  • and the most important thing we’ve done is taking an iterative approach: we’ve carefully aligned our work to link in with organisational priorities, and released improvements rapidly over time. This has avoided getting caught in the trap of excessive complexity, which was a real issue for us the first time we tried to deliver self-service four years earlier.

Bring your own helpdesk?

The consumerisation of IT is changing the way we support our users. In the ‘good old days’ IT were the experts. We knew our standard builds and applications inside out, we knew the idiosyncrasies, and we could provide the fixes and work-arounds needed to help our users do their work. (and often we even managed to do that quite well!)

Now that’s all changed.

In just the last month we’ve seen the arrival of new new iPads, smaller iPads, Windows 8, RT, Surface, another slew of Android devices, and it’s probable that within a couple of months BlackBerry 10 will arrive on the scene. After years of working to standardise and simplify the device landscape, consumer power and a technology explosion has given us a more complex scenario than we’ve seen for a generation.

And at the same time IT budgets are still under pressure and the drive to achieve ‘more for less’ has continued unabated.

So what do we do about it?

I think that the answer lies in the same forces that have created this conundrum, and actually has the potential to change the relationship between IT and our users. Along with consumerising IT we also need to consumerise support.

IT service managers have long worried about Knowledge Management, but I was struck by a recent tweet suggesting we should shift our focus to knowledge curation. By sharing the responsibility for identifying useful information, encouraging users to collaborate with each other (and with us), and making this a core part of our service delivery rather than a sideline, we might be able to harness the power of our user communities to meet the challenge of bring your own device. We’ll spend a bit less time writing up knowledge articles and a lot more time encouraging users to share their knowledge and helping other users find the advice they need.

This isn’t new. Most offices have someone who their colleagues turn to for help with IT, the internet has become a fantastic source for practical advice, and Cisco have been using this approach to support their byod programme.

Some steps we’re taking.

We realise that making this shift isn’t going to be a simple exercise. Gartner’s research into the ‘social organisation’ clearly demonstrates that successfully using collaboration for business benefit takes careful management and a focused approach.

Our key steps will be:

building on our existing success with self-service: over 60% of our helpdesk transactions are already online, which gives us a good start as people are used to dealing with IT issues through the web.

making it as easy as possible for users to access our online helpdesk service: providing access from any device, anywhere, any time.

giving more prominence to search of useful information: to encourage self-help, and make sure that knowledge (whether ‘official’ or user generated) is easy to find.

using a ‘gamification’ approach: to give users who contribute their knowledge to help colleagues the maximum sense of reward.

Previous tentative efforts have shown that this isn’t going to be easy, but the challenge of byod makes it essential that we succeed. And the rewards may extend well beyond providing more effective IT support, by helping to build a sense of connectedness and collaboration that could contribute towards more effective working generally.

Some thoughts on BYOD (part two of two): so, how can we do it?

In my last post I explained why I think that bring your own device needs to be taken seriously. In this post I’ve tried to bring together some thoughts to suggest how we can go about enabling bring your own in a way that strikes a balance between appropriate security and real benefits for the workforce.

To start with, I thought that it was worth putting down a few things which I think ‘bring your own’ is probably not:

  • securing personal devices in the way we would corporate devices: who’d want to subject their shiny new iPhone 5 or Galaxy S3 to becoming a pseudo-corporate device and have large parts of key functionality switched off to meet security rules? I don’t think that this is necessary, nor is it likely to be very successful.
  • delivering a virtualised Windows desktop to a smartphone or tablet: which can be a fairly painful user experience even for patient people. In my view, this is definitely a last resort where legacy applications aren’t ready for delivery to mobile devices.
  • something that will only work if the user is online: even in central London there are plenty of spaces where consistently reliable mobile internet connectivity is still a dream — and when you step outside of the city it can be even further off…
  • a way to save lots of money: I’m unconvinced that bring your own will replace the need to provide core tools for many (/ most) users for a good while yet, and savings from device costs are quite likely to be swallowed up by the investment required to provide a more flexible infrastructure. And then there’s the support for this new diversity of devices to consider too…

I think that there are a number of practical ways to bring bring your own to life, specifically:

  • take it one step at a time: there are many commentators who make the (valid) point that simply delivering email to personal devices isn’t really achieving bring your own. But given how important a role email plays in people’s working lives, it’s still a good place to start, and personal experience suggests that this is still a Big Thing. In my view we should focus on practical measures to move appropriate access for corporate systems and data beyond the private network, and keep iterating.
  • don’t forget that people have personal computers too: most of the bring your own debate focuses on mobile devices, but virtualised desktops or access to corporate apps via the web using personal PCs is still a great way to make it easy for people to work from home. Indeed, I’ve lost track of how many times I’ve been asked “why can’t I get to that using my home PC?” — not everyone likes lugging a laptop to and from home everyday…
  • policy and training are every bit as important as technology: as I’ve highlighted before, unwise user behaviour is still the #1 cause of security breaches.
  • if you’re doing it encourage it: we’re looking hard to see how we can use employee purchase schemes to encourage wider use of new devices (without cost to our organisation) and maximise the exploitation of the technology change we’re delivering. The Guardian have a great video showing what they’ve achieved with this here.
  • the real hard work will be liberating our information and making it available on any device: this is going to require effort to deliver mobile application management and ultimately mobile information management (Brian Madden gives a useful summary of these terms here), and for me the goal is to provide effective APIs to corporate data — where information security is built into the API — and apps that work with those APIs. This isn’t a trivial exercise though, and isn’t simply about bring your own (actually I think that the real justification for this effort is in mobilising the workforce, better online services and open data). So, as I’ve suggested above, it makes sense to look for the quick wins that can give users a real benefit while the harder work takes place.

Some thoughts on BYOD (part one of two): why does all this matter?

Bring your own device seems to crop up everywhere these days, and I’ve been struck by the wide range of attitudes and approaches to this trend. For some BYOD seems to be an unmanageable threat which has to be resisted at all costs, to others it’s a distraction from the core job of delivering IT to the business. And then there are others who are evangelising BYOD as a new IT nirvana.

So, the question I keep asking myself is how do we go about sifting the wheat from the chaff, how do we figure out what role (if any) personal devices have within the work environment, and how we can use the undoubted potential presented by the explosion in personal and mobile computing power to deliver big results for our organisations?

There are a few key reasons why in my view, BYOD (and the wider ‘consumerisation of IT’ in general) is something which has to be taken seriously:

  • the days when corporate IT could afford to provide the best IT tools are long gone: consumer devices are now changing at a phenomenal rate, with a refresh cycle of 1–2 years which very few IT organisations can afford to match. And even if we could, the ‘best practice’ model of standardised business devices will inevitably alienate a significant proportion of the workforce who prefer a different platform (the battle rages across my team between the iOS obsessives and the Android fanatics, and I’m sure it will get even more confusing if Windows RT is a success).
  • many people don’t actually want to carry separate devices around with them: and while there are still some traditionalists who want to maintain completely separate work and personal lives, there are more and more people who would relish the ability to work more flexibly but who don’t want yet another device to lug around (even if we could afford to provide it to them — which often we can’t!).
  • delivering our services is increasingly involving collaboration with a wider range of people than ever before: and in many cases it will be hard to persuade someone to contribute their time to help us provide services to the community if we then force them to use our systems in a way that they find inconvenient.
  • the way people consume IT in general is changing beyond recognition: with more and more ‘cloud’ services which let users bring their own app, meaning that they can use whatever device they like anyway!

Given all this, it seems to me that the role of IT is increasingly becoming one where we need to focus less and less on devices, and more and more on information — helping to free our users to make their own choices about the way they connect to systems, and using our energies to protect the information which matters and equally importantly help our users to work and collaborate as productively as possible.

In my next post I’ll try to set out some of the steps which I think will be important to successfully moving from the traditional IT role of supply and control, to a new way of operating where we are enabling the organisation to work more flexibly and productively than ever before.

Getting the right perspective

For many years now our focus in public sector ICT has been hugely on securing the information which we’re responsible for. There are good reasons for this, and plenty of examples which demonstrate the importance of taking care of the information people trust us with (not that they always do this by choice of course!).

But are we seeing the full picture? In my view there’s a real risk that some other equally important considerations get lost if we only look at technical security measures:

  • Behaviour matters as much as technology: a quick review of fines from the Information Commissioner’s Office shows that a disproportionate number of breaches are due to people’s behaviours with email, faxes and online information.
  • Paper can be as much (or even more) of a risk as electronic information: again, significant fines have been levied in response to lost paper records (which can’t be password protected, encrypted or wiped remotely in the event that they’re lost).
  • We risk focusing on security at the expense of productivity: with a result that business performance is held back and customers lose out in terms of the timeliness and quality of services they receive.
  • We need to be sensible about where we draw the line: there’s a significant difference in my view between critical business information and ‘user-generated information’ such as meeting notes etc. The latter have historically been kept in notebooks and loose paper, and if these haven’t been subject to strict controls before we need to think carefully before we lock them down simply because they’re being taken electronically.

The right approach will depend on what the information is and the context (it’s easy to forget that many private enterprises are every bit as concerned to protect intellectual property and trade secrets as government organisations are to protect public information).

Technology can play a part in changing the balance though, and I’m very drawn to the concept (put forward by Brian Katz and others) that we look afresh at security and move to an approach where we can reliably and securely work with untrusted devices, and instead focus on securing apps and information. My light summer reading has included the useful book APIs: a Strategy Guide, and this has really got me thinking about the potential for successfully using APIs to enforce business controls, and securely unlock information to balance the needs of a productive workforce with our responsibility to keep information safe.