Use mobile BPM to link people and processes anytime, anywhere

Editor’s Note: In this Q & A, Steve Weissman, principal analyst for the Holly Group, speaks with ebizQ’s Peter Schooff about the benefits and challenges of keeping mobile users connected to critical business processes. Here, in Part I, Weissman provides an overview of mobile BPM. In Part II, he describes mobile BPM pitfalls—and shares a surprising success story. This interview, excerpted from a longer podcast, has been edited for length, clarity and editorial style.

ebizQ: In a recent quote, Forrester's Alan Weintraub describes the future as a “work-anywhere future, which will be a world in which work is something you do, not a place you go,” which is pretty much the essence of mobile. How do you think BPM will have to adapt to this future?

First and foremost, it's the people, more than the technology, that have to do the adapting. The good news—and perhaps the bad news—of both is: That's happening.

Every new graduate from college, every new middle-schooler moving up…these folks are already used to thinking this way. They live and die by their smartphones and their tablets. They think nothing about doing whatever they need to do from wherever they are. As they enter the workforce, that same mentality comes with them. So for organizations looking at BPM—especially as I do, as a business practice rather than a technology stack—really have to begin taking that into account in a very serious way.

From the technology side, what it means is there needs to be a lot more intersection with more collaborative tools than perhaps BPM has provided historically. It’s no longer just “Take this, do that, do the other thing and we’re all done,” because there may well be discussion points along the way.

Yes, the rote approvals—that’s all still part of it. But as the workforce becomes more comfortable and more accustomed and more habitual about working with other people, BPM is going to have to get a little fuzzier around the edges than it may already be. From a process-design standpoint, people really have to begin thinking about [issues such as] how long these discussions are going to run and who’s going to moderate them and the security protections of collaborative software in a much more mainstream way.

ebizQ: What are some other challenges about dealing with mobile BPM?

I'll come back to my answer du jour, which is the psychology of it—taking a half-step to the side, maybe. What BPM is particularly good at is not just managing processes internally, but linking in people and processes externally as well.

The complicating factor is that now we're talking about people and access devices that aren't tethered and they may be popping up in all kinds of different places. So the psychology changes a bit, too. [For instance,] even in this podcast you and I are doing, it doesn't really much matter where either of us is at the time we set it up or at the time we're doing the podcast.

But there are security aspects to that. Psychologically, corporate culture has to start to start thinking about “us” rather than “them.” You may be embracing people more easily now than you used to be able to do. They’re not behind firewalls the way they used to be. There are so many moving parts now. There’s so much more information available. There’s so much more uncontrolled, ungoverned interaction between all kinds of feet on the street…There are all kinds of choices, and the processes that you put in place really have to accommodate that; you have to change your viewpoint and just acknowledge reality as it is: It’s the wild, wild West.

We still need to be able to define and control and manage processes in the way we always have. But you just can't build a wall and say “We’re done,” because there are new encroachments coming from new directions every single day.

ebizQ: In terms of security and technology, what’s one takeaway, one key for doing mobile BPM right?

The mobile question is greatly complicated by the fact that there is no such thing as "the mobile.” You have lots of different kinds of devices and you have to figure out a way to support those devices and secure them. And it's not just a function of Android versus iPhone versus whatever else, or of iPad versus Nexus [tablets] versus who knows what else.

First of all, within each of those product lines, you have different models. Second, even within those product lines, you're running different operating systems. Being able to put your arms around those and integrate them and their users into some kind of a business process by itself is complicated. [It involves] making sure the software is updated, making sure the security holes are closed, making sure that you've got some kind of authentication system in place.

So there are multiple points of potential security failure there, too, starting with the devices: They get lost, they get forgotten, they get stepped on. Mechanisms to secure the information they may contain in the event of loss, that's one thing. Mechanisms to ensure the authentications of the user and their identification of the use, that's another. The third is the fact that most mobile users are connected to the back office by networks that the back office doesn't control; most typically, it's the cell-phone carrier.

So you begin establishing a tunnel that certainly works, that's certainly within reach, but [involves] more overhead. Then we're back to my original problem, which is making sure that the devices that are being used are properly equipped to do that.

And we haven't even talked about securing and protecting the actual information that's being moved by this process. This isn’t a new issue, but it takes on new depth when you start thinking about the client device. Again, you can be anywhere, connecting from anyplace; you may be connecting it over an insecure line.

So there are a lot of moving parts here that go beyond the appropriate mapping out of your process. That’s just one thing. This [involves] a whole layer that's much deeper than it used to be, just because these are devices that, by definition, have feet and roam around.

Editor’s Note: In Part II of this Q & A, Weissman describes mobile BPM pitfalls—and shares a surprising success story.

About the Author

Peter Schooff is a former contributing editor for ebizQ, where he also managed the ebizQ Forum for several years. Previously, Peter managed the database operations for a major cigar company, served as writer/editor of an early Internet entertainment site and developed a computer accounting system for several retail stores. Peter can be reached at

More by Peter Schooff

About ebizQ

ebizQ is the insider’s guide to next-generation business process management. We offer a growing collection of independent editorial articles on BPM trends, issues, challenges and solutions, all targeted to business and IT BPM professionals.

We cover BPM standards, governance, technology and continuous process improvement, as well as process discovery, modeling, simulation and optimization, among many other areas. We follow case management, decision management, business rules management, operational intelligence, complex event processing and other related topics. We closely track important trends such as the rise of social BPM, mobile BPM and BPM in the cloud. We also explore BPM’s use in functional areas, such as supply chain and customer management, and in key verticals, such as financial services, health care, insurance and government.

ebizQ's other BPM-oriented content includes podcasts, webcasts, webinars, white papers, a variety of expert blogs, a lively online forum and much more.