Earlier this year, the researchers at the Gartner Group published a series of reports on the invasion of consumer technologies into the enterprise and the challenges that this phenomenon has created for IT departments. Gartner has wrapped all of that research into a special report called Consumerization: The IT Civil War. If this really is a war, I think it’s fair to say that IT is losing.
Many users are circumventing IT by using widely available technologies such as Yahoo Messenger, Gmail, USB drives, and BlackBerry phones to help them accomplish their tasks at work. The practice is so common that The Wall Street Journal has even published an entire article aimed at helping business users circumvent their own IT departments. I wrote a diatribe about how irresponsible it was for WSJ to publish that article, but that does not diminish the fact that this is happening everywhere and IT has become virtually powerless to stop it.
“It’s almost become a sport for users to vilify IT.”
— Jeff Comport
Gartner Analyst Jeff Comport, said, “There’s a reason people are trying to use this kind of technology and very often it’s to do their jobs better… We have IT very often coming from a world of budgets, controls, and projects, and they have spent their lives keeping this kind of stuff out.” As a result, “It’s almost become a sport for users to vilify IT,” said Comport.
Let’s take a look at the six consumer technologies that are causing IT the most trouble and then consider what IT can do to turn around a situation that is quickly going from bad to worse in many places.
6. Instant messaging software
Whether it is Yahoo Messenger, Windows Live Messenger, AOL Instant Messenger, Skype, Google Talk, or a variety of other IM clients, the fact is that instant messaging has spread to the point that as many as 20% of business users or more are now running it at work. Those are U.S. stats. The percentage is higher in Asia and far higher among younger workers everywhere.
Users typically install the software themselves, often against IT policy. Most of the IM clients send data unencrypted so even two workers in the same company and on the same network can end up sending corporate secrets out onto the Internet for any hacker to sniff. There’s also the issue of IM file transfers that can introduce files that have not been scanned by antivirus software.
However, IM can also be a good thing. It can relieve e-mail inboxes from worthless chatter and it can help users quickly locate colleagues to solve timely problems. And there are enterprise options from Skype, Microsoft, and others that are making IM much easier for IT to regulate and standardize.
5. Personal smartphones
Now that BlackBerry phones, Palm Treos, and Windows-based phones are priced as low as $200 by many of the big cellular carriers, lots of users who don’t have a spiffy company smartphone are just going out and buying one of their own. Many of them have figured out how to forward their business e-mail to their personal smartphones, which opens up a ton of privacy, regulatory, and security issues.
There are secure ways for IT departments to handle this. Turning a blind eye or trying to block it are not valid options.
4. BitTorrent and P2P
Transferring big files is very difficult for most users. E-mail policies usually restrict it. FTP is too slow and often too difficult to configure (and sometimes even blocked by firewalls). IM clients are clunky and often fail at file transfers (usually blocked by firewalls). That’s why some users will turn to P2P programs such as BitTorrent, because they are much more effective. Unfortunately, these programs can also have a lot baggage since they are regularly used for hosting and transferring illegal music and video files.
That doesn’t mean IT should necessarily abandon P2P software altogether. It can often prove extremely useful and efficient. For example, Collanos software can be used for sharing and collaborating on documents between various users in a team or workgroup.
3. Web mail with GB of storage
Another method that users often employ to transfer large company files is with a consumer e-mail account, such as Gmail, Yahoo Mail, and Hotmail, which all have much larger storage capacity and allow larger file attachments than most corporate mail accounts. The problem is that not only are these systems far less secure than corporate mail servers, but many of them thoroughly index messages and files and so sensitive corporate data transfered through these mail systems can get spread throughout lots of different servers and search indexes.
New Windows storage technologies that do not save multiple copies of the same file can help IT deal with the e-mail storage issue and allow IT administrators to expand storage limits for users. There are also new Exchange plug-ins, such as Mimosa, that offload all attachments from messages and store them separately to streamline inboxes and allow IT to increase quotas.
2. Rogue wireless access points
It’s a wireless world in home networking now. Users who see how easy it is to connect a router to their DSL or cable modem and roam the house wonder why they can’t just do the same thing when they take their laptop from their cubicle to the conference room. If the company doesn’t offer wireless LAN access in their office, many of them just get sub-$100 wireless access points, plug into their Ethernet jack at work, and start roaming the building.
Of course, if their desk is at the window next to the parking lot, they don’t realize that they just provided anyone who drives up with a free Internet connection and easy access to the corporate network.
IT departments can follow best practices (see TechRepublic’s ultimate guide to enterprise wireless LAN security) to establish their own secure wireless LAN, or they can use products like Xirrus to simplify secure wireless deployments. They can also educate users and use intrusion prevention software to scan for rogue access points.
1. USB flash drives
Portable storage is nothing new. Twenty years ago, users were carrying around floppy discs full of files. However, the size of those old floppy discs limited the amount of data that users could take out of the company. Today, with 4-GB USB flash drives costing $40 or less (and flash drives as large as 64 GB now on the market), users can copy all of their My Documents files to a flash drive and walk out the door with them. Or a user could copy a huge chunk of a file server and walk out with it on an unencrypted USB drive.
Users need to be able to easily transport their files in order to work from home or on the road, transfer documents to partners, etc. IT has to find ways to make it simple for users to do this while also protecting sensitive corporate data. For example, an IT department could educate users about flash drive security, provide encryption software for those who need to use flash drives, or simply provide company-sanctioned flash drives that are preconfigured with encryption and other security standards. The cost of the flash drives would be much cheaper than the legal fees and/or fines of dealing with customer data that slipped into the wrong hands.
What will come of all this?
Gartner Analyst Stephen Prentice said, “The critical thing to understand is that your employees are not doing any of these things … to be awkward. They’re not doing it because they’re trying to break security. They’re simply trying to get their job done… The approach has be to not go in there and stop them from doing it. Go in there and find what constraint have you put in their way that’s forcing them to do something that is out of your control, and then fix your problem. If you gave people the option of using an in-house, secure, controlled environment that meets all of their needs, they simply aren’t going to have the need to go outside. If you fail to give them that — if you give them restrictions that are unreasonable or stop them doing their job effectively — then they will find another way.”
Gartner Fellow David Mitchell Smith added, “If rogue users start to see some flexibility on the part of the IT department — some genuine interest in wanting to provide what they need — they may be more open to go to them first and say ‘Can you help us provide this,’ as opposed to just going out and doing it. [They could] be part of the solution, instead of part of the problem. But long term, there’s this unstoppable force which is demographics. New people are coming into the workforce, in IT and in non-IT functions, and they are becoming more open-minded and having more and more of an impact. Over time it’s pretty inevitable that the trend is moving toward the more open way of doing things. It’s just a matter of how long it takes and how well it fits into the culture of each organization.”
Ultimately, this “civil war” is merely a sign of two larger problems that IT must address:
1.) There are lot of IT departments that have policies and attitudes that are stuck in a time warp. The procedures that allowed IT to deploy important technologies while protecting users from themselves are no longer valid in a world where individual users often have newer and more advanced technologies in their homes than the IT department has in the office. IT is now entering into more of partnership with users, and policies and attitudes need to reflect that.
2.) There’s a general disconnect and lack of constructive communications between many IT departments and their users. IT departments need to view themselves as customer service organizations, with their users being their primary customers. IT departments have got to lose their paternalistic approach to users and focus their efforts around serving users and enabling them to become more productive.
The IT departments that make these changes will thrive. The ones that don’t will see their role within the organization diminished and become prime targets for outsourcing.
What do think about the challenges that consumer technologies are causing for IT departments? Join the discussion and take our poll to tell us which consumer technologies cause the biggest problems for your IT department.