The

Consumerization of IT ITD Research #1 : July 22, 2011

ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Introduction
The consumerization of IT in short, the adoption of devices and applications driven by user areas is a topic that has crept up on IT leaders over several years. Only IT enthusiasts the geeks initially used the Internet, but the World Wide Web has now developed into a resource used by all. Computer gaming has become bigger than Hollywood. Even your parents are probably on Facebook. IT has become a part of everyones life. Mobile phones are now being used less for calls and more for Internet access and with the advent of social networking, there isnt a single moment when consumers are detached from their online life. This creates new opportunities for organizations ready to take a chance on the next wave of consumer behaviour, but it can also create a number of headaches for the CIO because those tech-aware consumers are also employees. Those employees are now used to technology as a key feature of their personal lives and are asking questions of the IT department in their company. Consumers want new gadgets with the latest functionality. Equally, an individual with their own iPad 2 would not expect their company to use inferior technology. But it (often) happens. And when it does, user frustration kicks in and the sense that IT is not doing its job as well as it should. As well as the worst CIO nightmare: users bypassing IT. But corporate technology departments need to manage several, sometimes thousands of users and often across different geographies. So standards and rules are applied around what equipment can be purchased and maintained. Employees working in IT need the right skills to be able to maintain the hardware and software being used by their colleagues from other departments. The issue is, corporate refresh takes time. If you dare trying to keep desktop systems stable for two years between each refresh, this may seem outrageous to the consumer who changes phone handset twice a year and software almost continuously. So what happens when consumers of technology become employees who challenge the way the CIO runs IT? Its already happening.

an individual with their own iPad 2 would not expect their company to use inferior technology.

2 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Participant Feedback
To explore the issue of consumerization, in this weeks research survey we asked four questions three of which were multiple choice and one designed to promote an open discussion. There were 22 responses from top IT leaders to this weeks research request, with featured responses from 16 different industries: automotive, chemicals, consumer goods, consumer services, education, engineering, food & beverages, insurance, logistics, manufacturing, financial services, media, retail, shipbuilding, paper products & forestry and telecommunications. Question 1: Have you defined a strategy for governance and control in your organization focused on the consumerization of IT?

Not a priority

9.1% 36.4%

In progress 22.7% No 31.8%

Yes 0 1 2 3 4 5 6

The response here is very clear. The IT executives who have responded to our survey have acknowledged that there is an issue. Over two-thirds of our CIOs either have a policy in place for the governance of consumer hardware and software use, or they are in the process of formulating one. These IT leaders are seeing iPads and Android handsets and other devices being brought into work and their teams being asked to support non-company equipment and need to formalize guidelines around how to deal with these developments. Question 2: Why would a strategy to control the governance of IT consumerization be necessary? Again, a very clear response from our group, with over half reflecting concerns of security as the primary driver for any consumer IT control strategy. Its interesting to note that keeping the users ITD #1 Consumerization of same number of responses as retaining more control over the IT happy merited exactly the IT IT landscape. 22 July 2011 - All Rights Reserved Decisions 3

These IT leaders are seeing iPads and Android handsets and other devices being brought into work and their teams being asked to support non-company equipment and need to formalize guidelines around how to deal with these developments. Question 2: Why would a strategy to control the governance of IT consumerization be necessary?

Not a concern

4.5%

To satisfy users

18.2%

As a matter of security

54.5%

To retain control

18.2%

To control cost 0

4.5%

10

12

Again, a very clear response from our group, with over half of them reflecting concerns of security as the primary driver for any consumer IT control strategy. Its interesting to note that keeping the users happy merited exactly the same number of responses as retaining more control over the IT landscape.

4 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Question 3: Since 2007, the oil giant British Petroleum (BP) provides a cash grant to its employees for the purchase of hardware, provided that they are responsible for maintenance and support of their equipment. Would this work for your organization?

It would certainly work

9.1%

It would possibly work

27.3%

Hard to say

31.8%

It would possibly not work

31.8%

It would never work 0

0%

This is a controversial measure. And the example quoted, which gained the headlines quite a few years ago, precedes the general adoption of Software-as-a-Service and cloud tools that make it easier to use any hardware. The research community is rather more split on their answer to this question, however they do fall more on the side of this being a positive move. Not a single IT executive said that the idea would never work in their company. The total number of respondents who have said the BP model would certainly work for them, or would possibly work, totals 36.4%, marginally higher than the 31.8% who concluded that it would be hard to say how this might be put into practice at their organizations.

5 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Question 4: How are you dealing with the challenge of ensuring you have the necessary skills in IT to support business areas using new hardware devices or software not supplied (or allowed) by your organization? Some of the most interesting and relevant responses exploring these challenges are grouped together by industry: Automotive Focusing on training Through internal training, pilot projects and partnerships with suppliers in the upskilling of employee knowledge. Chemicals Carrying out work around infrastructure We have only just started the process, so it too soon to give an evaluation. We are preparing the infrastructure and the governance process. I personally like the BP model, but I dont know if my organization will adopt it. Consumer Goods Encouraging the IT team to use new devices Mainly by encouraging the use of new equipment by the ICT team, so that we can also be part of the client audience and also get to know their usage patterns. That way we can raise the safety bars appropriately without prohibiting the use of these devices. Consumer Services Developing security and purchasing policies [Through] the development and adoption of security policies and purchases of information products and services, [which] allows for greater control and standardization of the IT portfolio across the enterprise, providing gains in procurement and cost reduction, as well reduction maintenance costs of obsolete products or those devices outside the usage pattern. Education Creating alternatives when needed We are creating alternatives, when they are really needed. We have relatively strict rules, but we evaluate the specific business needs and create some exceptions but only when necessary. Engineering Determining which technologies are appropriate The consumerization of IT is a new term for something old, so far unnamed, that has existed ever since the first personal computers came about (as far as I remember) and it was characterized by very personal questions from the director or the president of the company such as: I bought this [device] in my trip to the United States. Can you help me to use it? I'm sure about one thing: who defines the needs for business users are the business areas themselves, but who defines the technology to be used is the enterprise IT function. If not, we could eliminate the concerns around the control, security and monitoring of corporate information from our job description. 6 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Having said that, it is also clear that the responsibility for providing the devices employees need in order to achieve their business objectives is also part of the IT job, otherwise how could we take responsibility for something that is not under our control? In order to determine the technologies to be employed as well as to provide and support these devices that will enable its use, corporate IT needs to be in tune with the market. Even then, the IT function should not simply be coerced to act as a consumer, because if they do, the company will lose its control over the indirect costs of their products as well as control of its information. Food & Beverages Adopting a strict approach Our policy is very clear and strict regarding the use of unauthorized software installed on company computers. The levels of user access do not allow any installation or upgrade of software, as IT technicians own this task. The use of devices that allow DVD and USB recording is authorized only to employees approved by the safety committee. Our network is encrypted and has security levels that can only be altered by the network administrator, and even then we keep track of devices that have permission to access the network. Personal devices do not have access to the network, and that policy applies even to our board. The mobile devices provided to employees to perform their functions have kiosk-type of systems that limit the use of the device to the needs of their work (it disables functions of software and hardware such as browsers, web access, downloads, Bluetooth, etc. The company devices may be connected to the network, but the same policy is applied for desktops and laptops. We do not allow the use of personal computers within the company's premises, since the company would be co-responsible for any illegal software installed in these devices. Insurance Establishing a set of approved hardware and software There are procedures and standards in the company that do not allow that user areas acquire equipment or software is not approved or controlled by IT. The infrastructure function is equipped to monitor and address situations of technological needs of the user areas without them becoming a bottleneck. In question 2, I believe that all the above reasons (except "is not a concern") are relevant when it comes to the decision of establishing governance to control acquisition and maintenance of equipment and technology systems. In question 3, I believe that company size and business needs can influence the answer, which gives it a bias. 7 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Financial services Focusing on security We have dealt with this more as a security matter, but without a formal, defined strategy that could make the best out of these new devices. Logistics Handing responsibility over to the user We do not support devices that were not provided by the company. The setup, maintenance and help in terms of use are responsibilities of the owner of the device. Manufacturing Training support to deal with user equipment Global strategies are being defined for use of equipment that is purchased and maintained by users, with rules around use and application of security guidelines to access the corporate network. The support teams are being trained to answer questions, but everything is being controlled in order to provide a "scripted" type of support. Furthermore, the implementation of this strategy is still taking place in a phased manner, occurring initially in the United States with plans for deployment in other countries. I have not seen anyone raising the legal and labor issues associated with this practice, especially in countries with more rigid labor laws (Latin America and Europe). Automotive Creating skills whilst defining strategy Skilling personnel and creating expertise at the same time that we define the governance strategy. These people are also taking part in these discussions. Paper & forest products Raising awareness and monitoring misuse When it comes to unauthorized devices, we have been active around raising awareness as well as audits to monitor any misuse. We also have rules that must be met in accordance with the Code of Ethics of the company. In relation to the devices that are allowed but not provided by the company, the IT department is one step ahead and setting up configuration standards as well as recommended software applications so that these users can use these devices without jeopardizing the safety and performance of the corporate network.

8 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Media Reinforcing staff accountability Regarding the third question, it depends a lot on company culture. IBM works very well this way for over 10 years. In relation to question 4, also culture is a decisive factor. We have reinforced the accountability of staff in relation to information security for some years now and our collaboration platform is Google Apps, which natively provides tight integration with the key devices (tablets and smartphones) available in the market. In some situations, we authorize a virtual private network (VPN) for special access. Retail Limiting provision of resources to users We only provide Internet access; both maintenance and support are responsibilities of the user. Telecommunications Creating a staff handbook We have some policies regarding access to the network and we are creating a handbook that explains what users are allowed to do with devices that do not belong to the organization. Retail Creating a collaborative strategy Promoting a discussion that involves all staff, so these implications can be defined and disseminated throughout the organization. Shipbuilding Getting closer to users We are still addressing the matter with the focus that it deserves. I understand that this initiative should start immediately with the aim of allowing [IT] to be more in tune with users.

ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Conclusion & Executive Summary

In short, there is an issue. This is no surprise, but our survey has focused specifically on IT decision makers in Brazil, but spread across a wide variety of industries the issues mentioned in shipbuilding are similar to those in media and insurance. Users prefer their own equipment and will subvert the IT rules so they can use it. Over two-thirds of the participants of this research cycle already have governance in place to control the consumerization of IT, or they are in the process of creating it. Governance is needed primarily for security over half of our CIOs reported security as their primary reason for trying to control this issue. 36.4% of participants said it might, or certainly would, work if they paid users to look after their own support, with a further 31.8% not sure one way or the other if such a scheme could work. The general view is the security is essential, and while the IT department is expected to remain responsible for control, risk, and monitoring network use, it is only fair that the department has some control over the devices used. As the IT executive in engineering said: who defines the needs for business users are the business areas themselves, but who defines the technology to be used is the enterprise IT function. But there are opposing voices. One media CIO noted that they use Google Apps as a collaboration tool, with all document sharing taking place in the cloud. And a key advantage of that strategy is that Google has very good integration with almost all current consumer devices. One retail CIO said that the company just provides the connection to the Internet. The equipment used and the support of that equipment is entirely the responsibility of the user. This issue does not appear to have broken down along the lines of highly regulated and low- regulation industries we had responses from CIOs in sixteen very different industries and all with a view on the subject. IT Decisions believes that with the continued strong demand for tablet devices and smartphones in Brazil, employees will increase the pressure on CIOs to allow more flexibility in how they operate. It is pointless to ban Facebook on the corporate network when almost all employees can use social networks on a 3G device anyway.

10 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

Where organizations are not so strictly regulated that there is little room to maneuver, it seems that the smart move is to explore cloud-based collaboration tools with secure Internet connectivity offered to employees, regardless of device. The self-support model may not work in all cases, but it does explore a more pragmatic approach to enterprise support accepting that these days standard enterprise tools can no longer be cutting edge. To read a case study on how the CIO at Oxfam, one of the biggest charity organizations in the world, is dealing with the consumerization of IT, please check: www.itdecs.com.

ITD #1 Consumerization of IT
IT Decisions 22 July 2011 - All Rights Reserved

11

IT Decisions Research
IT Decisions produces a report like this every Friday, based on what CIOs told us that same week. It is fast and relevant knowledge from your peers, it is only available to the CIOs in the research network, and it is free. What is the catch? You pay by participating. Every week, we will send you four simple questions that will take no more than five minutes to answer. The more participants, the better the quality of the research. So please do invite your colleagues to join! Do you want to direct the research and define the topics alongside our board of founder members? We also offer Platinum memberships that allow you to steer the process, as well as other benefits including comprehensive reports, face-to-face focus sessions and more. Get in touch for more details at contact@itdecs.com. The IT Decisions FutureSkills fund is a charitable, transparent fund focused on improving IT education and training in Brazil. If you recommend a Platinum member to the network, we will donate R$500 to the fund in your name and Platinum members will get to choose which organization gets the money at the end of the year. Please contact us for more details.

12 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved

About IT Decisions
IT Decisions is the premier source of insight into the technology and high-tech service industry in Brazil. The company creates English-language news and insight for a CIO audience with regular features and analysis that cannot be found elsewhere. We focus on decision-makers and influencers the buy-side. Reproducing the sales pitch or adverts of suppliers is not our thing; we focus on those buying the systems. IT Decisions was founded in 2011 by Mark Hillary and Angelica Mari, two of the most respected business and technology writers in Europe - with a collection of best-selling books and industry awards between them. The IT Decisions research network is an invitation-only group of CIOs in Brazil who work together to produce a new research report every week. Take a moment to connect with the IT Decisions management on LinkedIn and take a look at some of their books, other media, blogs, and publications: Mark Hillary, Chief Executive Officer Angelica Mari, Publishing Director

Photo Credits: Daniel Bogan; http://www.flickr.com/photos/wafer/5533140316/ Jeff Howard; http://www.flickr.com/photos/jeffhoward/5371977045/ Christian Guthier; http://www.flickr.com/photos/wheatfields/1311933675/

13 ITD #1 Consumerization of IT IT Decisions 22 July 2011 - All Rights Reserved