Give workers a say in corporate IT

There can be little doubt that the personal and domestic use of technology has had an impact on the way IT is used in a business context.

This arguably started when the PC used at home typically became more up-to-date and of a higher spec than the equipment used in the workplace. The same has happened more recently with mobile devices. Extremely advanced mobile tech is accessible to anyone in the high street, making the standard issue corporate mobile look pretty lame in comparison.

Then we have the advent of social media and the evolution of the web in general. Whether it’s blogging, personal networking, content sharing, conferencing or even online application services, people have become used to sophisticated capability being available over the wire.

From a business perspective, these developments can be viewed positively. They enhance the general adaptability of employees and their willingness and ability to embrace new ideas and capabilities.

However, tech savvy users solving their own IT needs can also create problems for the IT department such as elevated security risks and increased support costs.

With this in mind, the topic of ’consumerisation’ comes into focus. By this we mean the trend towards users having a significant say in the technology that is used in the workplace – whether by buying business tools with their own money or choosing their own kit and expensing it.

If you don’t see this happening in your organisation, then you’re probably not looking hard enough. The key question is how to deal with it.

There are some lessons we can learn from progressive CIOs who embraced consumerisation long before it became a prominent phenomenon. We at Freeform Dynamics spoke with some of these IT leaders as part of the research for our book The Technology Garden. Through these conversations and subsequent research, it is clear that while no hard and fast formulas exist, a number of principles have emerged that are worth considering as part of any business’ response to the trend.

The first and most obvious is to acknowledge that consumerisation is unstoppable, so the sooner you accept this and start to figure out how to deal with it, the better. Experience has shown that if you try to suppress consumerisation, it will just go underground, which makes any challenges even more difficult to deal with. Locking down the infrastructure and policing bans on certain activities is in itself expensive anyway.

The next principle is to establish clarity on what constitutes core activity, to which a set of non-negotiable constraints and policies will apply, and what constitutes peripheral activity, within which you can accommodate some personal preference.

As an example, you might define the execution of ERP and CRM-related transactions as core, but provide some freedom on how those transactions are invoked. In practical terms, this could translate to an SOA back-end infrastructure that exposes transaction-related services for assembly in a portal interface, or provides access via any other suitable front end, whether browser, PC or mobile device.

The key in dealing with consumerisation is to acknowledge the difference between flexibility and anarchy. Even within the domain of peripheral activity, it makes sense to define some basic ground rules and guidelines around issues such as security, compliance, integrity and supportability.

IT leaders would do well to meet users half way by agreeing to accommodate some preferences, but not to the extent of creating negative consequences such as security risks or extra management expense. For example, business could allow personal equipment to be hooked up to the network provided it meets certain criteria in terms of spec, security and ability to receive electronic policies.

One more important principle is visibility – making sure you have sight, as far as is practical, of all activity on the corporate network. This can include automated discovery of devices and software through asset management and monitoring of network activity to track websites and online services being accessed. The trick is to watch, rather than block, by default, and act when certain scenarios arise.

For instance, IT leaders may notice the spread of a public video conferencing service, then step in to either support what’s being used or provide a more suitable alternative that meets the same need.

Or they may see employees leaking corporate information on social networks, in which case a combination of policy enforcement and education might be in order.

Businesses can do a lot to manage, even leverage, the consumerisation trend. It is far better to roll with it than resist it, otherwise you risk losing control and missing opportunities.