Posted by: David Scott
1 year plan
[If you haven’t seen the first part of this article, please click here for Part I.]
According to a recent survey by InfoWorld, approximately one in five “IT-enabled” workers access non-authorized websites, and the same number avail themselves of social networking. Employees also utilize “rogue” software, and engage in blogging; about 15% and 10% respectively.
Frankly, I believe all of these figures to be low.
The “Consumerization of IT” (CoIT) has led to the personal use of devices, apps, processing power, and large data stores formerly available (and affordable) to large organizational environments. But today, users not only enjoy the familiarity and power of their own devices in the workplace (by virtue of BYOD sanction and policy), but are able to capture the power of consumer-oriented sites and services. Think: Self-provisioning; providing to one’s self whatever it is you think you need, from whatever source, in getting your job done and making your job more efficient.
Consider storage: Sites such as Box and DropBox make large data stores possible; wholly external to the enterprise environment. It’s important to build strong Acceptable Use and Security policies in determining whether these sites can be used, and if so, how, and for what sorts of data. IT and business leaders – and associated departments – need to evaluate free services for suitability. For example, Box has enterprise security features, as well as an API that allows integration to internal business solutions. Orgs today need to be careful that they not “reinvent the wheel” when free wheels exist for examination and potential use.
Social networks provide very powerful enablements: Marketing opportunities; job recruiting considerations; lead generation; the creation of intranet communities, and so forth.
Of course, software technologies are available: The organization has to create the discipline for what is allowed as either an adjunct to existing, internal, software – or what can be used in place of internally sanctioned solutions. Ensure that employees are schooled to ask before proceeding down any self-provisioning path. What of an employee who chooses to maintain contact information in the Cloud? Or critical documentation of customer agreements, communications, and support-triggers? Again, define everything allowed, disallowed, and partially sanctioned, by virtue of strong AU and Security policies.
Keep in mind the advantages: Self-provisioning technology has an enormous cost benefit to the organization, both in terms of BYOD and CoIT (the latter term actually encompasses the former, and is becoming a “catch-all”). The organization captures use of a pool of capital resources for which employees have paid; plus, employees have use of devices that they’re familiar with, largely like, and have already self-trained on. An area that any CoIT-enacting (/self-provisioning) org needs to explore is support to employees who use personal devices for sanctioned areas of work. Options for the org include paying some measure of monthly service charges for device use (reimbursement to phone plans for business calls, for example. A custom app could track minutes made against sanctioned phone numbers, as one idea). Orgs can also make partial payment for upgrades or maintenance to personal devices. Orgs also need to survey for unsanctioned apps and services and either 1) Bar them, or 2) Define adn control their use.
Keep this in mind: The ubiquity of personal devices, Cloud apps/services, social networking, large data repositories, and all manner of temptations – means that the organization has to document, document, and document what is allowed, and disallowed. And then?
Train, train, train - for this new environment, and the associated “allowables.” Train all incoming hires; train existing staff on a schedule (whether quarterly, semi-annually, or annually); and train by department when specific exigencies, challenges or changes apply. Install appropriate security and use considerations. Pair up with an appropriate vendor/solutions partner, or survey your existing ones for ability, to service the CoIT issue, and get this issue on your agenda. If you need a provider, I can recommend a few.