Professional Documents
Culture Documents
ITD #1 22072011 | The consumerization of IT
ITD #1 22072011 | The consumerization of IT
Introduction
The
consumerization
of
IT
in
short,
the
adoption
of
devices
and
applications
driven
by
user
areas
is
a
topic
that
has
crept
up
on
IT
leaders
over
several
years.
Only
IT
enthusiasts
the
geeks
initially
used
the
Internet,
but
the
World
Wide
Web
has
now
developed
into
a
resource
used
by
all.
Computer
gaming
has
become
bigger
than
Hollywood.
Even
your
parents
are
probably
on
Facebook.
IT
has
become
a
part
of
everyones
life.
Mobile
phones
are
now
being
used
less
for
calls
and
more
for
Internet
access
and
with
the
advent
of
social
networking,
there
isnt
a
single
moment
when
consumers
are
detached
from
their
online
life.
This
creates
new
opportunities
for
organizations
ready
to
take
a
chance
on
the
next
wave
of
consumer
behaviour,
but
it
can
also
create
a
number
of
headaches
for
the
CIO
because
those
tech-aware
consumers
are
also
employees. Those
employees
are
now
used
to
technology
as
a
key
feature
of
their
personal
lives
and
are
asking
questions
of
the
IT
department
in
their
company.
Consumers
want
new
gadgets
with
the
latest
functionality.
Equally,
an
individual
with
their
own
iPad
2
would
not
expect
their
company
to
use
inferior
technology.
But
it
(often)
happens.
And
when
it
does,
user
frustration
kicks
in
and
the
sense
that
IT
is
not
doing
its
job
as
well
as
it
should.
As
well
as
the
worst
CIO
nightmare:
users
bypassing
IT.
But
corporate
technology
departments
need
to
manage
several,
sometimes
thousands
of
users
and
often
across
different
geographies.
So
standards
and
rules
are
applied
around
what
equipment
can
be
purchased
and
maintained.
Employees
working
in
IT
need
the
right
skills
to
be
able
to
maintain
the
hardware
and
software
being
used
by
their
colleagues
from
other
departments. The
issue
is,
corporate
refresh
takes
time.
If
you
dare
trying
to
keep
desktop
systems
stable
for
two
years
between
each
refresh,
this
may
seem
outrageous
to
the
consumer
who
changes
phone
handset
twice
a
year
and
software
almost
continuously. So
what
happens
when
consumers
of
technology
become
employees
who
challenge
the
way
the
CIO
runs
IT? Its
already
happening.
an individual with their own iPad 2 would not expect their company to use inferior technology.
Participant
Feedback
To
explore
the
issue
of
consumerization,
in
this
weeks
research
survey
we
asked
four
questions
three
of
which
were
multiple
choice
and
one
designed
to
promote
an
open
discussion. There
were
22
responses
from
top
IT
leaders
to
this
weeks
research
request,
with
featured
responses
from
16
different
industries:
automotive,
chemicals,
consumer
goods,
consumer
services,
education,
engineering,
food
&
beverages,
insurance,
logistics,
manufacturing,
financial
services,
media,
retail,
shipbuilding,
paper
products
&
forestry
and
telecommunications.
Question
1:
Have
you
defined
a
strategy
for
governance
and
control
in
your
organization
focused
on
the
consumerization
of
IT?
Not a priority
9.1% 36.4%
Yes 0 1 2 3 4 5 6
The response here is very clear. The IT executives who have responded to our survey have acknowledged that there is an issue. Over two-thirds of our CIOs either have a policy in place for the governance of consumer hardware and software use, or they are in the process of formulating one. These IT leaders are seeing iPads and Android handsets and other devices being brought into work and their teams being asked to support non-company equipment and need to formalize guidelines around how to deal with these developments. Question 2: Why would a strategy to control the governance of IT consumerization be necessary? Again, a very clear response from our group, with over half reflecting concerns of security as the primary driver for any consumer IT control strategy. Its interesting to note that keeping the users ITD #1 Consumerization of same number of responses as retaining more control over the IT happy merited exactly the IT IT landscape. 22 July 2011 - All Rights Reserved Decisions 3
These IT leaders are seeing iPads and Android handsets and other devices being brought into work and their teams being asked to support non-company equipment and need to formalize guidelines around how to deal with these developments. Question 2: Why would a strategy to control the governance of IT consumerization be necessary?
Not a concern
4.5%
To satisfy users
18.2%
As a matter of security
54.5%
To retain control
18.2%
To control cost 0
4.5%
10
12
Again, a very clear response from our group, with over half of them reflecting concerns of security as the primary driver for any consumer IT control strategy. Its interesting to note that keeping the users happy merited exactly the same number of responses as retaining more control over the IT landscape.
Question 3: Since 2007, the oil giant British Petroleum (BP) provides a cash grant to its employees for the purchase of hardware, provided that they are responsible for maintenance and support of their equipment. Would this work for your organization?
9.1%
27.3%
Hard to say
31.8%
31.8%
0%
This is a controversial measure. And the example quoted, which gained the headlines quite a few years ago, precedes the general adoption of Software-as-a-Service and cloud tools that make it easier to use any hardware. The research community is rather more split on their answer to this question, however they do fall more on the side of this being a positive move. Not a single IT executive said that the idea would never work in their company. The total number of respondents who have said the BP model would certainly work for them, or would possibly work, totals 36.4%, marginally higher than the 31.8% who concluded that it would be hard to say how this might be put into practice at their organizations.
Question 4: How are you dealing with the challenge of ensuring you have the necessary skills in IT to support business areas using new hardware devices or software not supplied (or allowed) by your organization? Some of the most interesting and relevant responses exploring these challenges are grouped together by industry: Automotive Focusing on training Through internal training, pilot projects and partnerships with suppliers in the upskilling of employee knowledge. Chemicals Carrying out work around infrastructure We have only just started the process, so it too soon to give an evaluation. We are preparing the infrastructure and the governance process. I personally like the BP model, but I dont know if my organization will adopt it. Consumer Goods Encouraging the IT team to use new devices Mainly by encouraging the use of new equipment by the ICT team, so that we can also be part of the client audience and also get to know their usage patterns. That way we can raise the safety bars appropriately without prohibiting the use of these devices. Consumer Services Developing security and purchasing policies [Through] the development and adoption of security policies and purchases of information products and services, [which] allows for greater control and standardization of the IT portfolio across the enterprise, providing gains in procurement and cost reduction, as well reduction maintenance costs of obsolete products or those devices outside the usage pattern. Education Creating alternatives when needed We are creating alternatives, when they are really needed. We have relatively strict rules, but we evaluate the specific business needs and create some exceptions but only when necessary. Engineering Determining which technologies are appropriate The consumerization of IT is a new term for something old, so far unnamed, that has existed ever since the first personal computers came about (as far as I remember) and it was characterized by very personal questions from the director or the president of the company such as: I bought this [device] in my trip to the United States. Can you help me to use it? I'm sure about one thing: who defines the needs for business users are the business areas themselves, but who defines the technology to be used is the enterprise IT function. If not, we could eliminate the concerns around the control, security and monitoring of corporate information from our job description. 6 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved
Having said that, it is also clear that the responsibility for providing the devices employees need in order to achieve their business objectives is also part of the IT job, otherwise how could we take responsibility for something that is not under our control? In order to determine the technologies to be employed as well as to provide and support these devices that will enable its use, corporate IT needs to be in tune with the market. Even then, the IT function should not simply be coerced to act as a consumer, because if they do, the company will lose its control over the indirect costs of their products as well as control of its information. Food & Beverages Adopting a strict approach Our policy is very clear and strict regarding the use of unauthorized software installed on company computers. The levels of user access do not allow any installation or upgrade of software, as IT technicians own this task. The use of devices that allow DVD and USB recording is authorized only to employees approved by the safety committee. Our network is encrypted and has security levels that can only be altered by the network administrator, and even then we keep track of devices that have permission to access the network. Personal devices do not have access to the network, and that policy applies even to our board. The mobile devices provided to employees to perform their functions have kiosk-type of systems that limit the use of the device to the needs of their work (it disables functions of software and hardware such as browsers, web access, downloads, Bluetooth, etc. The company devices may be connected to the network, but the same policy is applied for desktops and laptops. We do not allow the use of personal computers within the company's premises, since the company would be co-responsible for any illegal software installed in these devices. Insurance Establishing a set of approved hardware and software There are procedures and standards in the company that do not allow that user areas acquire equipment or software is not approved or controlled by IT. The infrastructure function is equipped to monitor and address situations of technological needs of the user areas without them becoming a bottleneck. In question 2, I believe that all the above reasons (except "is not a concern") are relevant when it comes to the decision of establishing governance to control acquisition and maintenance of equipment and technology systems. In question 3, I believe that company size and business needs can influence the answer, which gives it a bias. 7 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved
Financial services Focusing on security We have dealt with this more as a security matter, but without a formal, defined strategy that could make the best out of these new devices. Logistics Handing responsibility over to the user We do not support devices that were not provided by the company. The setup, maintenance and help in terms of use are responsibilities of the owner of the device. Manufacturing Training support to deal with user equipment Global strategies are being defined for use of equipment that is purchased and maintained by users, with rules around use and application of security guidelines to access the corporate network. The support teams are being trained to answer questions, but everything is being controlled in order to provide a "scripted" type of support. Furthermore, the implementation of this strategy is still taking place in a phased manner, occurring initially in the United States with plans for deployment in other countries. I have not seen anyone raising the legal and labor issues associated with this practice, especially in countries with more rigid labor laws (Latin America and Europe). Automotive Creating skills whilst defining strategy Skilling personnel and creating expertise at the same time that we define the governance strategy. These people are also taking part in these discussions. Paper & forest products Raising awareness and monitoring misuse When it comes to unauthorized devices, we have been active around raising awareness as well as audits to monitor any misuse. We also have rules that must be met in accordance with the Code of Ethics of the company. In relation to the devices that are allowed but not provided by the company, the IT department is one step ahead and setting up configuration standards as well as recommended software applications so that these users can use these devices without jeopardizing the safety and performance of the corporate network.
8 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved
Media Reinforcing staff accountability Regarding the third question, it depends a lot on company culture. IBM works very well this way for over 10 years. In relation to question 4, also culture is a decisive factor. We have reinforced the accountability of staff in relation to information security for some years now and our collaboration platform is Google Apps, which natively provides tight integration with the key devices (tablets and smartphones) available in the market. In some situations, we authorize a virtual private network (VPN) for special access. Retail Limiting provision of resources to users We only provide Internet access; both maintenance and support are responsibilities of the user. Telecommunications Creating a staff handbook We have some policies regarding access to the network and we are creating a handbook that explains what users are allowed to do with devices that do not belong to the organization. Retail Creating a collaborative strategy Promoting a discussion that involves all staff, so these implications can be defined and disseminated throughout the organization. Shipbuilding Getting closer to users We are still addressing the matter with the focus that it deserves. I understand that this initiative should start immediately with the aim of allowing [IT] to be more in tune with users.
Where organizations are not so strictly regulated that there is little room to maneuver, it seems that the smart move is to explore cloud-based collaboration tools with secure Internet connectivity offered to employees, regardless of device. The self-support model may not work in all cases, but it does explore a more pragmatic approach to enterprise support accepting that these days standard enterprise tools can no longer be cutting edge. To read a case study on how the CIO at Oxfam, one of the biggest charity organizations in the world, is dealing with the consumerization of IT, please check: www.itdecs.com.
ITD #1 Consumerization of IT
IT Decisions 22 July 2011 - All Rights Reserved
11
IT
Decisions
Research
IT
Decisions
produces
a
report
like
this
every
Friday,
based
on
what
CIOs
told
us
that
same
week.
It
is
fast
and
relevant
knowledge
from
your
peers,
it
is
only
available
to
the
CIOs
in
the
research
network,
and
it
is
free.
What
is
the
catch?
You
pay
by
participating.
Every
week,
we
will
send
you
four
simple
questions
that
will
take
no
more
than
five
minutes
to
answer.
The
more
participants,
the
better
the
quality
of
the
research.
So
please
do
invite
your
colleagues
to
join! Do
you
want
to
direct
the
research
and
define
the
topics
alongside
our
board
of
founder
members?
We
also
offer
Platinum
memberships
that
allow
you
to
steer
the
process,
as
well
as
other
benefits
including
comprehensive
reports,
face-to-face
focus
sessions
and
more.
Get
in
touch
for
more
details
at
contact@itdecs.com. The
IT
Decisions
FutureSkills
fund
is
a
charitable,
transparent
fund
focused
on
improving
IT
education
and
training
in
Brazil.
If
you
recommend
a
Platinum
member
to
the
network,
we
will
donate
R$500
to
the
fund
in
your
name
and
Platinum
members
will
get
to
choose
which
organization
gets
the
money
at
the
end
of
the
year.
Please
contact
us
for
more
details.
About
IT
Decisions
IT
Decisions
is
the
premier
source
of
insight
into
the
technology
and
high-tech
service
industry
in
Brazil.
The
company
creates
English-language
news
and
insight
for
a
CIO
audience
with
regular
features
and
analysis
that
cannot
be
found
elsewhere.
We
focus
on
decision-makers
and
influencers
the
buy-side.
Reproducing
the
sales
pitch
or
adverts
of
suppliers
is
not
our
thing;
we
focus
on
those
buying
the
systems. IT
Decisions
was
founded
in
2011
by
Mark
Hillary
and
Angelica
Mari,
two
of
the
most
respected
business
and
technology
writers
in
Europe
-
with
a
collection
of
best-selling
books
and
industry
awards
between
them.
The
IT
Decisions
research
network
is
an
invitation-only
group
of
CIOs
in
Brazil
who
work
together
to
produce
a
new
research
report
every
week. Take
a
moment
to
connect
with
the
IT
Decisions
management
on
LinkedIn
and
take
a
look
at
some
of
their
books,
other
media,
blogs,
and
publications: Mark
Hillary,
Chief
Executive
Officer Angelica
Mari,
Publishing
Director
Photo Credits: Daniel Bogan; http://www.flickr.com/photos/wafer/5533140316/ Jeff Howard; http://www.flickr.com/photos/jeffhoward/5371977045/ Christian Guthier; http://www.flickr.com/photos/wheatfields/1311933675/