If you haven’t figured out what BYOD means, you probably have not been reading the digital press lately. The term “bring your own device” is at the center of many conversations. It’s the latest incarnation of the consumerization of IT. You know these new gadgets are so simple to use, why has IT never been able to come up with something that simple? That’s actually a good question. But simplicity has not been at the heart of IT’s criteria to create or acquire an application. It’s always been security, richness of functionality, customization capabilities, management, financial strength of the supplier etc.
So, when redid what they had done in the 90’s with Microsoft Excel, bypassing IT to get what they wanted, the temptation from IT has been to block them from doing it. And there are actually good reasons why you may want to take a hard look at “shadow-IT”, as it may fundamentally put you at risk of breaching compliance.
But blocking service access is probably not a wise thing to do. As Chris Anderson, chief editor of Wired Magazine, told the audience at a keynote at HP Discover, “if IT wants to tackle shadow-IT, IT better be competitive”, and I would add “and popular”. Blocking services does not really help when you become popular. So, what should we do?
In my mind, IT’s strategy should be centered around two things, educate the users on the implications of “shadow-IT” and improvement of IT’s own services. Let me describe those two in a little more details.
Talking to business users, I’m often flabbergasted how little they know of the potential risks encountered by putting information in the public cloud. Things happened over the years. Many of us received several e-mails from loyalty programs when a company, called Epsilon, got a security breach. I did not suffer any damage, but many others did. Interestingly enough, there is NO legal obligation today for companies to make security breaches public. The EU wants to change that, but it’s not a done deal yet.
How many of your users are aware of this? How many know about Data Protection Acts and other data related negotiation? Do they have that in mind when sharing information using DropBox, Skydrive, LinkedIn, Facebook or another tool.
Education is of the essence, not to scare them, but to point out the importance of being careful when using open internet services. The second element to take into account is BYOD. App stores have hundreds of thousands of applications. What are those actually doing? Who is making sure none of them collects information on behalf of hackers or criminals. That is doomed to happen if not yet.
IT consumerization pushes us to use the same device to play “Angry Birds” and access our e-mail and enterprise systems. We want full control over that device, so don’t limit the use. But make people aware of the associated risks.
In that case, what services should I propose them? Here is where the other aspect comes in.
Propose your users to subscribe to your services, but make sure they are competitive. So, there is homework to do. Where should you start? Typically the first thing users look for is tools to help them in their day to day work, make it easier for them to share this large file, giving them the opportunity to have a video conference with their colleagues from other parts of the world etc. So, why don’t we make sure we provide them an outstanding user experience, so they use IT’s services rather than looking outside.
But this implies we have a good understanding of what they are looking for. Here is where governance comes in. Work with representatives of the business to understand what they are looking for.
And then communicate about the availability of the service, ensure all members of the organization are fully aware of the fact this is now offered internally. Listen, deliver, and communicate.
If you are interested in reading the original blog post and understand why I choose the title I choose, read the CloudSource blog entry.