Slashdot Mirror
What 'Consumerization of IT' Really Means For IT
snydeq writes "Nathan Clevenger examines the impact that the 'consumerization' of information technology will have on IT organizations, a trend fueled in large part by employee interest in the latest mobile devices, notably the iPhone and iPad. The growing practice of introducing new technologies into consumer markets before industrial markets stands to cause a sea change in the IT/user relationship, Clevenger writes, adding that this will likely involve 'painful changes in the status quo of corporate IT,' including the need to 'shed our arrogance' to give the underlying technology a chance to succeed. 'Although the debate around the impact of consumerization will no doubt continue for some time, the adoption of mobile technologies and enterprise applications is moving forward, whether or not IT departments are on board,' Clevenger writes, in large part because the trend provides companies with a strong opportunity to improve efficiency, productivity, and profit."
'Nuff Said.
"As perceptive CIOs seek to transform their rigid, legacy ridden infrastructures into agile, efficient, service-driven delivery mechanisms, they must adopt a pragmatic approach to managing the risks of consumer IT while embracing the benefits.
I stopped reading right there.
I don't think you understand what "underlying technology" means.
This isn't about the wireless standards that the phones adhere too.
Or any of the other REAL technologies.
This is about security and accountability.
Who is responsible for the data on your iPad when it is stolen?
What is the process AFTER it is stolen?
MIDS are going to march into corporate I.T. like a storm. A huge sea change in the way we develop and deploy solutions is coming. We are seeing the beginning of the end of MS as the corporate go-to solution, at least their current offerings. Sure people will still use MS infrastructure crap for decades, but the desktop as we know it is going to die. Your computer is going to be a MID that docks when you get to your desk and then syncs to the cloud storage (intra/inter-net). When it docks up it will be much like a traditional desktop you see now.
Good-bye
I stopped reading when I saw snydeq's name in the byline. He's their corporate communications shill who handles most of the pay-for-press astro-turfing InfoWorld does on slashdot.
The funny part is that InfoWorld is paying for what has been sold as Upper IT Management eyeballs and credibility within the slashdot audience, but the days when slashdot reached that crowd are long gone. These days slashdot readers are predominantly the young gadgeteers, hobbyists, and geek wannabes who most likely don't have any idea why an iPad or iPhone would be a threat to their IT Department. Most probably didn't even know their high school HAD an IT Department...
in large part because the trend provides companies with a strong opportunity to improve efficiency, productivity, and profit.
That's the most management-speak heavy way of saying, "we can make the poor fuckers work EVERY MINUTE of the day" I've ever seen! Somebody call the Bobs! ;)
From TFA:
There is a HUGE difference between ordering a pizza and keeping confidential documents on your iPhone.
The best part is that the Best Buy CTO cannot identify his own advances. He has to reference a PIZZA VENDOR.
And that is a WEBSITE. What does that have to do with an iPhone? You could do the same thing with a desktop or a laptop.
Next thing you know, IT departments are going to have to get rid of their IBM 360 mainframes and DEC PDP-11s, and start supporting those new-fangled "personal computers."
"National Security is the chief cause of national insecurity." - Celine's First Law
Didn't you get the memo? IT is "legacy" now. It's all about empowering the end-users to develop their end-user creativity without the restrictions of the IT way.
If keeping un-encrypted documents on an un-managed device without a password helps that end-user be more "productive" then who are YOU to say no?
IT didn't forget to remind anyone. This is about taking IT out of the loop. Because IT is holding back the end-users and their iPads.
In this case there was a time when programmers had to smart. Super smart. They programed bare metal, which was inefficient for may purposes, so as computer became more powerful, more abstract languages were created, APIs were developed, and not almost anyone can program. Did businesses die because we had more programmers. No, in fact they prospered as software costs fell.
There was a time when if you wanted something done on the computer you had to go and beg the administrator to so do. Later on you had a terminal so you could complete simple tasks, but to do anything real you still had to beg. Then we started getting Apple and Compaq computer in corporate. OMFG, the user has the ability to do work without the approval of god. The world is going to end. Of course it didn't, and of course the control freaks standardized on MS/Intel machines because otherwise someone might acutally be allowed to get real work done and really innovate, but the overal point remains valid. Firms prospered. At least those that found the right balance between control and innovation.
Mainframes and low level programming still have a place, but the GPC is a stand alone machine coded predominately through APIs, with very little else. Firms that are going to remain profitable without huge subsidies are going to have to leverage the current tech into their overall strategy, and minimize the power of those that are afraid of losing their cushy jobs due to change. That is what change is, and where savings come from. Firing people that were needed under the old tech. It is heartless, but reality. We can't keep an aristocracy just for the sake of nostalgia.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Consumer devices lack a lot of the safety features that are required in most corporate environments. For instance, the iDevices world make it difficult to make sure that the user locks their machines, and since they won't want to have to enter passwords/etc to get to their mail or important documents, it leaves the door wide open to anyone who swipes the device to retrieve the data. All because the user was too lazy to set a lock password.
One of our employees rushed us to finish the configuration of a brand-new iPad for them to take on a trip... and promptly left it in the seat pocket of the plane. Didn't have ownership of it for more than 6 hours.
It's gotten better recently with iDevices, and Blackberry has always been a bit better, but we're getting tickets such as "My manager just got a brand new droid and wants it hooked up to the mail system." They're not understanding the steps that are put in place to protect them, seeing them only as inconveniences. They'll disable them if they can half the time. We deal with a lot of confidential information and it's difficult from a security standpoint to let them out into the wild.
Why do the Slashdot editors keep posting InfoWorld links? The submitter's name is even linked to the InfoWorld homepage, so they're just giving free traffic away to the site.
The parent post demonstrates many of the problems with modern IT departments.
Firstly, note the unnecessary and repetitive use of derogatory terms for customers and general profanity. Hardly professional.
Second, complaints that the users are undermining IT perfect systems by buying devices or installing software. Basic economics tells us that users are investing money and time in these thing because they deliver value. Value that It is not delivering to a demand from their user base.
Thirdly, complaints about having to troubleshoot problems. Isn't that what the business pays you for? In the case of a downed DSL service, a competent network engineer could diagnose that in minutes. I'm sorry it took you three weeks, but transferring your aggression to others is not productive.
Fourthly, assuming that when users ask for something new that they must be dumb. Why should my phone and PC use the same email password? Basic key separation suggests distinct keys are superior. Note also, that a phone is not a PC. It may be difficult or impossible to respond to a mandated password change from a phone using systems that assume a PC interface, so usability is served by having different mechanisms and perhaps different password change policies. Now, I understand that the software you are currently using may not be sophisticated enough to meet evolving user demands. But that is not a user issue.
Fifth, the wireless access point anecdote highlights appalling sysadmin practices. One point of access into the network and the bad guy was able to destroy critical infrastructure. Way to put all your eggs in one basket. The sysadmin of that network was incompetent, negligent, or both. Yes, the user did something stupid. But the real fool was the the person who did not design for defense in depth.
It seems that many IT departments see themselves as a law unto themselves, dictating to users what they can and can't do. We've seen this cycle before. It was last at its peak during the mainframe/mini era, and those IT cathedrals were obsoleted by the PC. My advice? Pay attention to your customers and give them what they want. That way, you'll always have great job prospects.
a while back I was working sales in a dev shop. My mantra was: our apps should be so easy to use that your mom should be able to use them. Not you, not me, not your GF... your mom. And I'm not talking about that ubercool geeky mom, I'm talking about the one who gets lost because an icon moved 2 inches to the left...
I regularly got shot down for dumbing things down too much... I still sure I was right, though.
The Cloud - because you don't care if your apps and data are up in the air.
who has accidentally occupied a desk at the offices of Infoworld for some time now. It all started 2 years ago when Nathan was formally accepted to 'synergy leverage monthly,' a publication of no real relevance to anyone but managers who have reached a point in management where they no longer speak in real sentences. That isnt to say the sentences are poorly structured or in an indeterminate language, its just to conclude rightly that these sentences are devoid of any logical meaning.
Anyhow, Nathans expertise (synergistic strategization of pinged leverage potentials and service driven design paradigms in the web 2.0 echelon of modern business dynamics) while perfectly natural in the publication of SL monthly, serves poorly for infoworld. Infoworld staffers understand this, and try to cope with Nathan as best they can through the common medium of corporate lunch at the local diner or the occasional holiday party. Their hope is that at some point, SL monthly may realize, although highly unlikely, they are in fact missing a staff member during the morning hyper-power-concept core lunch strategy event and begin combing the halls before or after this tumultuous event for Nathan.
Good people go to bed earlier.
From my 1970's/1980's perspective, everything started at as consumer technology. The "P" in "PC" stands for "personal computer" -- the PC was IBM's entry into the market to compete against the home computers of the Atari 800, Apple ][, and Commodore 64. To this day, I have this stereotype stuck in my head, and when I think my hotel reservations, bank account info, brokerage account, etc. are probably being handled by Windows or Linux servers I can't help but think, "I can't believe they're storing all this information on just home computers." -- even though I know they have redundant power supplies, redundant storage, clustered servers, replicated data, and probably fallback servers in geographically distant locations.
I guess the big exception came shortly after the PC: the LAN. Novell was not a consumer product nor did it have a direct consumer predecessor. But even there, if you take just a slightly broader view, personal computers had file sharing and e-mail before Novell existed -- just that it was in the form of BBS's. Consumers at the time didn't care about sharing within their home because they had only one computer and even if a friend brought over a second one, there was sneakernet for files and the human voice instead of e-mail.
Now someone slightly older than me may very well take the attitude that in the mainframe & minicomputer world everything started out commercial. And evidently the case is similar for the younger generation. But from my perspective, everything's a home computer.
In a dictatorial regime heretics are burned.
In a company with a top down command structure those that violate policy without regard will be fired. That's not saying that new technology will be stifled, but to say that the policy will change to accommodate the new technology. The old gaurd will take up positions within the new regime as fast as you can sneeze. Already iphones and ipads in my organization are being hamstrung by old security wonks that were vocal against anything but blackberries. Now they propose completely managed Ipads and Iphones and they very well may get it.
This puts IT departments into a difficult and often untenable position. On the one hand, their users are clamoring for the latest gadgets to be integrated into the company's business tech. On the other hand, new devices may represent major security holes, or best practices for their use and integration may not yet be established.
If some new device results in a system crash or a security breach, it'll be the IT people whose jobs are on the line, not the user who insisted on using the new device.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
"Nathan Clevenger is the author of "iPad in the Enterprise: Developing and Deploying Business Applications" (Wiley Publishing, 2011) and has been developing mobile software for more than 12 years. In addition to his role as enterprise editor for iPhone Life magazine, he is the chief software Architect at ITR Mobility, a management and IT consulting firm."
What a load of crap.
I had a hard time finding work before this job that I have now. Companies still want and operate against technologies such as BEA TUXEDO(i had to look that up because I had never heard of it before), VBA Access / MS SQL 2008, MFC(MFC??? "Really?!", I said to myself. "Microsoft doesn't even support it anymore"). Other skills of epic proportions included excel, crystal reports, clearcase, fortran...yes ALL IN ONE job posting. I am telling you, there are jobs like this everywhere. EVERYWHERE. Sooner or later business clients are going to wake up and realize that they can run more smoothly with the latest technological advances and the companies not investing in infrastructure for future client growth or to even keep their existing contracts will go out of business.
No. There is a HUGE difference between physical documents and electronic files. The end-user cannot be relied upon to know how to make sure all the copies of a document are deleted from their toy-of-the-month. Nor can they be relied upon to perform the necessary actions even if they did know.
You have not yet demonstrated that the end-users know how to use such devices within the security standards of their employer.
How does it cost more?
Without some means of verification, you will be relying upon the users' knowledge. I think it has already been established that the end-users do not have the same level of knowledge as the IT department does.
If you dont know that users are incredibly stupid you should hand in your geek card and leave Slashdot.
If IT is responsible for security so they have every right to be a law unto themselves, as THEY will be held responsible for the secutiry braeches that follow.
I am guessing you wanted to do something stupid and are pissed because IT told you to F off.
Complete agreement. But I think some editing would help your case.
... and ...
Funny how those two (almost contradictory) statements go together, isn't it?
The users have to be allowed to put whatever they want on the network because it adds value for the user but IT has to make sure that anything added to the network is correctly shielded and monitored. Even though a single weak point is all that the bad guys need to wreck havoc.
Note how the gp phrased it as "value" instead of "business value". Gaining status by having the latest toy does nothing for the business.
If the new item has so much value FOR THE BUSINESS then the person wanting the new item should have no trouble presenting a business case to upper management to increase IT's budget to support said new item.
As you noted, a $20 wireless router can punch a very expensive hole in a very expensive network.
Where's the business case from the guy adding it? Where's the approval?
This is simply a case of demand everything and refuse to take any responsibility for any failures caused by the user NOT having the knowledge that he thinks he has.
If their job requires using that device, their employer should supply the applicable device.
If they want to use a personal device, they should sign off that their system can be remote wiped if access issues/loss of system/loss of job
occurs.
I'd vote for total wipe if it's a personal device.
http://www.pcmag.com/article2/0,2817,2387436,00.asp. If OnLive can do decent gaming over the net, im sure remote desktop wont be a problem.
Good-bye
You really should take a look at the Mobile Device Management (MDM) platforms. I recommend checking out Air-Watch and MobileIron specifically. You can, among other things, require devices to have passwords and meet complexity requirements. What we need to do is stop saying "we can't do it" and take a realistic look at how we can.
Look, after years of going around schlepping their drugs to doctors, the pharm companies realized that they were going about it all wrong. Instead, they took their message to the masses, and let self-diagnosing consumers tell the doctors what they wanted.
Now, IT providers are doing the same thing, and if IT service companies (which is all any IT department really is) want to keep their piece of the pie they'll do like the doctors did and get on board.
Have you noticed how med costs have changed the last few years? =)
a handful of selfish greedy people are no match for millions of selfish, greedy people -u4ya
It is sort of like the mainframe to PC transition all over again.
But in an odd twist, we're also coming full circle. Many of the apps that make the iPad and iPhone such compelling tools rely on massive server farms in remote data centers. "The Cloud" is in a sense the modern equivalent of the mainframe.
Yeah, this is what we're currently using. However, it still feels pretty rudimentary and "bolted on", not really a part of the overall plan from Apple.
It would be nice if they built in the enterprise stuff a little more core to the OS, and just left it "turned off" for consumers. Then, if you're an enterprise, you can more closely integrate it into the environment.
It would also be nice to not have to use iTunes to do fine-tuning on the configuration, especially how they tie a device to a computer/Apple store account.
Oh, not saying we can't. We're using the BlackBerry Enterprise stuff quite well, and are moving into the Apple and even Android areas.
It just gets difficult when we have a user come up and state, "I just bought personal Device XYZ and want you to hook it up to your network." We haven't tested, don't know that particular OS's layout, etc.
And some devices you just can't, for sake of policy reasons, etc. At least not yet. Lotus Domino is JUST NOW beginning to support full push to Android, and we're still in the testing phases. But users are always wanting to get their latest device up on the system, then have us support it sight unseen.
Thanks for the tips for air-watch and Mobileiron, however. Mobileiron looks a bit... pricey (I always get a bit turned off when I go to their "pricing page" and it's a contact form for permission for a salesperson that will never give me a moment's peace) and Air-watch.com isn't coming up...
Increasingly, IT has been moved from "enablers of capability" to "untrustworthy and ineffectual geeks in a closet". It's been going this way for years, and the trend is clear.
This article just lays it out in a fairly unclear, rambling fashion. The concept held for IT is pretty clear, none the less.
Who's to blame? Personally, I put it on IT and application consulting firms who back their pretty weasel words with... more weasel words. They promise the sky, and due to the timeframes involved and the complexity and scope of the projects, tend to make off like bandits. They do a 90% implementation of 80% of the problem and consider it a success. "Computer people" end up looking poorly. Naturally, it falls on the shoulders of the "computer people" left to maintain systems, "IT". IT gets the blunt of it, and the scope and number of problems often faced by IT is neither seen or understood by those around them. We're left to clean up the problems of myriads of programmers, poor business decisions, and reckless users. The appreciation we get for this is unreasonable expectations and short responses. (Where did they get the expectation that these things should "just work", as evidenced by their short responses and irritability, I wonder? Certainly not from experience, because it's never really been that way.)
By all means, make the applications simpler and remove user control. This reduces functionality, eliminating risk. The tradeoff is that the users (already encumbered by limited intelligence, judgement, or otherwise in many cases) have limited utility in their applications. For most, this is fine. Bumble on through the work day!
I've seen this reoccurring problem in a half dozen major industries in the last decade. People do not treat their mailman or their plumber with such rudeness. They don't treat the guy coming to redo their household wiring this way. Why, in a prefessional capacity, do they treat their IT people this way? We're required to have personalities which programmers are not, yet have to have a much broader skill base to be successful than a typical programmer (scripting? misc. esoteric systems? Unix and Linux - and Windows? TCP and WPF? Sockets and pipes?). Yet we're allotted a lot less esteem or regard as people.
Time for a 'career change', I think. But: where to? That's what I want to know. Where does the technically adept, intellectually curious (and, currently, fairly drunk) person go?
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Consumer devices are fine. It's consumer-grade services that are the problem. If corporate users have devices that are slaves to a consumer-grade service like Apple's or Google's, they can be attacked or disabled through that service. Typically, there's no contractual recourse available.
Microsoft is more careful about this. They offer corporate control over Windows Update. If your corporate apps stop working because Apple pushed an iPhone update, you have no recourse.
I have conducted user training on password complexity.
Then I did a password audit a few months later and the percentage of users using "password123" or a permutation of that had declined from 20% to 18%.
Disempowring them, was, unfortunately, the only effective solution.
Everyone hates them, the monthly change of password to something that hasn't been uses the last umpteen times, for the sake of security.
A fingerprint reader can be purchased for $50..... So, why, still do the IT departments want to put their staff through the password mangle??
A user has asked for Airprint to be supported. a quick google search of "windows airprint", gives instructions how to do it. its an easy fix.
However, you rather tell your users they should be using windows 7 instead.
A user has asked for Airprint to be supported. a quick google search of "windows airprint", gives instructions how to do it. its an easy fix.
However, you rather tell your users they should be using windows 7 instead.
No, you're reading too much into my post. I told him to come back to me when he has a corporate supported iPad (we do have some) since we don't allow personal devices on our internal network, and we'll help him make printing work. Unlike users, I have a regulatory mandate to protect our network from rogue devices.
I certainly didn't recommend Win7 as a solution since 30% of the devices on our network run OSX (including the laptop on my desk).
If the company is willing to relieve me of my responsibility to protect our network and abide by the regulatory policies that our company is subject to, then I'm happy to allow users to bring any devices they please and we'll put it on the network.
The IT department isn't your enemy, we have a finite budget and have to meet all regulatory requirements (like SOX, HIPAA, PCI, etc), provide end-user support (even with the fad device du jour that is going to change the industry (I've got about 30 old tablet PC's sitting in storage after users decided they weren't the panacea they thought they were)), and do application support - even for cloud applications that supposedly need no support thus never have any suppport costs budgeted.
Most companies discovered a while back that using web apps and standards (IMAP, non-ie specific HTML and CSS, etc) pays off in the long run. Adding mobile devices to this environment really only requires adjustments to the existing infrastructure (a new CSS for the mobile form factor, security policy updates and tool addition, etc) the largest changes likely being in the realm of security. The new smaller form factor and portability takes the old risk of loosing the data access device and all it's locally stored information, including cached data, and increases it. Additionally, many of the new devices lack some of the protection mechanisms of a full blown laptop (encrypted filesystems, logins, VPN clients, etc) increasing the overall security risk. And finally, the need to ensure important data is backed up and recoverable is still in effect. Companies wanting to bring consumer devices into the enterprise need to adjust the security policies to match the new risks and ensure that the new devices comply with the security policies.
The article seems to be written by something of an Apple fanboy that seems to feel the Ipad and Iphone bring epic new functionality to the enterprise. I have a hard time seeing these new gains. From my perspective they have improved the interface enough to make it much more comfortable for users to access enterprise data on smaller devices. That doesn't drastically change what IT depts. have been doing for years, it merely means they need to update their policies and craft solutions to ensure the new devices are in compliance. Not much different than when notebooks, sub-notebooks or blackberries were implemented IMO.
I see a much larger issue being the mixing of employee provided devices with company provided devices. Lately, as companies struggle to contain their costs more, this is more and more common. Managing security, delimiting what each party owns (who owns the phone number) in this mixed ownership environment is an ongoing challenge for today's enterprises, one they've been struggling with for sometime and one which few companies truly understand the real cost of.
I had the same problem with MobileIron. In fact, for smaller deployments I'd be really concerned, because they won't sell licenses in blocks smaller than 100. Air-Watch is more reasonable and upfront about their pricing. I appreciate that you might have compatibility issues that preclude you entirely from using specific mobile devices, every case is different. We have a volume of devices, and a support staff large enough, that we're capable of supporting multiple different device platforms.