Technology, IT Performance

Six steps for IT consumerisation adopters to capture benefits without compromising compliance

Blog-post by,
HP Blogger

Establishing a consumerization culture with 6 critical capabilties

In part one of this two-part post, I described how the compliance and cost concerns of a bring-your-own device model and its deeper implications require us to recognise a looming problem. Here in part two, I describe some of the concrete steps I believe you should take to avoid a consumerization backlash by taking a balanced approach designed to mimimises consternation while encouraging innovation.

“You can’t always get what you want, but if you try some time you might find, you get what you need.” Mick Jagger

So how does the CIO determine what an end user really needs without having to sanction every decision themselves? In my blog on the IT service broker I recommended establishing and publishing a service catalog that includes both internal and external services. The central idea here is that most shadow IT occurs when users are not even aware that a similar service is available internally (often as a sunk cost and therefore free when compared to a cloud service).

The same catalog is also useful for basic BYOD deployments.  By helping users choose the right device for their needs, IT  maintains its trusted advisor status and is a huge value add for the less technically inclined. How can you get started?

1). CONSOLIDATE demand. Before you can establish a service catalog, you’ll need to add both your own and third-party services. I find that by allowing your Program Management Office and/or your enterprise architects to capture and classify all existing and requested services into one place and establish a plan for qualifying them. Heads up--you should consider declaring an amnesty for the userrs of unapproved services; however, check with your legal counsel before doing so, especially highly regulated industriess.

2). CLARIFY the rationale behind the rules. The “Hacking Work” authors have a point; the dumb rules that don’t add value or protect you from real material risk cry out to be broken. The problem for your users is they don’t always understand the difference between corporate craziness and compulsory compliance. Equally, I’ve known overly zealous risk and security managers that would gleefully place the business in a hermetically sealed Faraday cage purely out of the well-intentioned desire to minimse risk. However that cure is often more debilitating than the disease. I recommend educating your team on a business oriented risk management methodology (Gartner analyst Paul Proctor’s RVM is but one example, your mileage may vary) in order to better understand the the consequences of small actions in the context of the big picture.

3). SIMPLIFY your catalog. If it looks like something that only airline check-in staff would be able to use (if you’ve ever peeked behind the desk to look at their screens you’ll know what I mean), then you’re making it too hard and they’ll go somewhere else. Think Amazon store and you’re getting closer.

4). MONITOR the actual risks against your model. In a consumerised IT environment, your risk team’s job changes to gathering sufficient intelligence to identify potential patterns. The ability to identify that a large number of low grade risks has suddenly added up to a large scale residual risk for the business is a reason why we built a solution like HP Enterprise View.

5). PUBLISH the actual and subjective experience. The number of people who’ve reached out to me saying they bought a trendy device based on the buzz only to find it’s buggier and harder to use than their corporate supplied PC is staggering. That means continuously assessing and publishing not just costs but also quality and risk. Consider establishing monitoring and log management to gather data on the failure rate of devices, unexpected crashes and service outages that reveal the actual experience of users.

6). LISTEN to your users. If they’re unhappy with the functionality (or cost, quality and performance) of the service, then they’re almost certainly going to stray into the open market. Ignoring them isn’t going to make the problem go away, however your end users might start ignoring corporate IT. Get proactive and use social enabled management software to become a listening organisation.

The alternative? Placing a blanket ban on Bring Your Own anything? In my optinion, that's a step not far removed from turning off the lights as far as innovation is concerned.

I believe that the IT consumerisation trend is here to stay. Enterprise IT’s collective challenge is to refresh outdated policies, accelerate usability initiatives for “on premises” services and finally to educate end-users in the practical risks they introduce if and when they cross the streams of home and office.

What about your experience with IT consumerization? Nightmare or nirvana?  I’d like to hear from you.


(4) (4)

Would you like to comment on this content? Log in or Register.
Joel Shore 20 Points | Wed, 11/26/2014 - 22:48

What's interesting is how the pendulum has swung. We've gone from the days when technology started in corporations or government agencies (NASA, e.g.) and eventually, one mature and economical, flowed down to consumers. Pocket calculators (remember the Bowmar Brain?) are a great example. Today, it's completely the opposite. Technology is developed for the mass market first and is forced into the enterprise by its very ubiquitiesness. It's no so much the consumerization of corporate technology as it is the "corporatization" of consumer technology.

Pearl Zhu 90 Points | Wed, 03/14/2012 - 17:42

Hi, Paul, agree, BYOD and consumerization is not just buzz, it's here to stay, the right trend to build up more productive,  innovative, timeless and borderless working environment, that's why EA need be leveraged as a communication & strategic tools to manage such a business transformation. As far as for MDM, it's all about balance, trust vs. monitor, value vs. cost, short term chaos vs. long term win; guideline vs. freedom of choices. thanks.  

Stefan Danisovsky 0 Points | Wed, 03/14/2012 - 13:54


I fully agree and would just add that the listening activity should take place in step 1 too (i.e. demand consolidation). Before this BYOD thing, some orgs had already been involving their users in some IT decisions, e.g. company cell phone selection. This proactive involvement of users is crucial, I believe, as it can avoid putting in the catalogue something that has no or little adoption. And also it helps to keep users away from saying "I can get no satisfaction" (M.Jagger)


John Dodge 1535 Points | Thu, 03/15/2012 - 12:48

Thing is IT should have always listened...and more often than not didn't. That some were proactive in querying users about what they wanted should have been SOP. Certainly with end users, large divisions of departments should have defined what they needed. Instead everyone got Blackberries. What i hope doesn't happen is that the current crop of smart phones and tablets don't get lassoed in like the PC...then IT goes back into non-listen mode. The PC was a total renegade in the beginning.