A few days ago, I read an article about the risks presented by IT consumerisation. It rang alarm bells with me because, whilst the premise is sound (there are risks, some serious ones, and they need to be mitigated), the focus seemed to be on controlling data leakage by restricting access to social media and locking down device functionality (restricting USB ports, etc.). Whilst that was once an accepted model, I have to question if UWYT (use what you are told) is really the approach we should be taking in this day and age?
One of the key topics within the overal consumerisation theme is concerned with “bring your own” (BYO) device models. I recently wrote a white paper on this topic (a condensed “insight and opinion” view is also available) but, in summary, BYO offers IT departments an opportunity to provide consumer-like services to their customers – i.e. business end users.
In a recent dialogue on Twitter, one of my contacts was suggesting that Fortune 500 companies won’t go for BYO. But the tide does seem to be turning and there are significant enterprises who are seriously considering it. I’ve been involved in several discussions over recent weeks and I’ve even seen articles in mainstream press about BYO adoption (for example, Qantas has publicly announced plans to allow up to 35,000 employees to connect their own devices to the corporate network). Interestingly, both those links are to Australian publications – maybe we’re just a little more conservative over here?
Of course, there are hurdles to cross (particularly around manageability and security) and it’s not about undoing the work put into managing “standard operating environments” but about recognising how to build flexibility into our infrastructure and open up access to what business end users really need – information!
We need to think about device ownership too and, in particular, about whose data resides where. Indeed, one of the best articles I’ve read on the topic was Art Witmann’s suggestion that a BYO strategy should start with data-centric security, including this memorable quote:
“Understandable or not, if ‘your device is now our device’ is the approach your team is taking, you need to rethink things”
Virtualisation can help with the transition, as can digital rights management. Ultimately we need to re-draw our boundaries and we may find ourselves in a place where the office network is considered “dirty” (just as the coffee shop Wi-Fi is today) and we access services (secured at the application or, better still, at the data layer) rather than concerning ourselves with device or technology-dependant offerings.
Putting myself in a customer’s shoes for a moment, I expect that I’d be asking if Fujitsu is following a BYO model and the answer is both “yes”, and “no”. As a device manufacturer it presents some image problems if our people are using other vendors’ equipment so, here in the UK and Ireland, our PCs are still provided by a central IT function. Having said that, there are some choices with a catalogue to select from (based on defined eligibility criteria [- a choose your own device scheme]). We also operate a BYO scheme for mobile devices, based on [Fujitsu’s] Managed Mobile service.
So we can see that BYO is not an all-or-nothing solution. And, whilst I’ve only scraped the surface here, it does need to be supported with appropriate changes to policies (not just IT policies either – there are legal, financial and human resources issues to address too).
To me it seems that ignoring consumerisation is a perilous path – it’s happening and if senior IT leaders are unable to support it, they may well find themselves bypassed. Of course, not every employee is a “knowledge worker” and there will be groups for whom access to social media (or even access to the Internet) or the ability to use their own device is not appropriate. For many others though, the advantages of “IT as a service” may be significant and far-reaching.