If someone chooses to enter an Oracle expense report from the local car wash on whatever machine happens to be sitting there, we're going to allow it while making sure they come in with the right user name and password.
This really isn't a device conversation but a role-based conversation, recognizing that an individual has one set of access rights across the environment based on that person's role within the company. The different devices they use should be an afterthought.
Is this one of your BYOD secrets?
Fawcett: You have to remember that an IT organization is a service provider. It's all about our employees. You want to give them a great user experience. And this means giving them the ability to get to the right data and the right applications. You really have to know your use cases. You have to keep your users at the forefront, defining the current state before trying to shape the future.
Believing that your environment today is locked down and secure and that you don't already have tablets and smartphones in your environment would be a misnomer. Discovering what's out there is your best path to sanity-that is, understanding what you're up against before you kick off the project.
It's really one of the secrets: You can't attack something that you don't understand.
Speaking of user experience, what do you lose by not building native apps for specific devices?
Fawcett: Most of the enterprise applications are coming ready these days to be run on just about any browser. For the external customer, we develop for just about any browser you can think of. For the internal applications, we've found that most apps running on Internet Explorer also will run on Safari, as well as some on Firefox. We've limited it down but try not to exclude.
I think that goes with employee user satisfaction because, again, they get to use what they want to use and what they're familiar with.
How does access to the Web app work?
Fawcett: We have a product called Webthority, which allows you to publish applications to the user interface. It lets us serve up only those applications based on their network login and password. It then acts as a single sign-on going forward-a portal to all applications-so the person doesn't need to remember their Oracle user login. No VPN is needed.
Are you concerned about data leakage to the local device?
Fawcett: I'd be lying if I said no to that one, but there are different ways to mitigate risk.
With Web apps that are mostly transaction-based, you're not pulling anything down onto the device. Most people using tablets don't pull data down and work on content. They are getting email, which we can cut off and wipe as long as they have connectivity.