A survey of 900 information workers by US firm Intuit Inc found that one half of workers turn to online databases, web-based productivity apps, instant messaging platforms, video chat services and social networks to solve business problems – without consulting the IT department. And nearly one in five of the survey respondents had customised a web app or software to help with their work.
The consumerisation of technology, the abundance of productivity enhancing smartphone apps and an increasingly tech-savvy workforce are all conspiring to risk, making the IT department look increasingly irrelevant.
If you’re an IT manager and you’re thinking about how to prevent this kind of thing, then the next five years are going to be very tough because the movement is inevitable and unstoppable. If anything people are going to get more innovative in the way they use mobile devices and cloud-based apps.
To stay relevant IT departments need to re-address the notion of a “trust line” between themselves, as custodians of the data, and end users. The trust line is a fairly old concept that I first came across when I worked in a mainframe environment at IBM. Most IT departments rarely engage effectively with end user communities in a discussion about security or the responsibility for data. Instead, they assume a position (usually an industry standard like ISO 27002) and declare what is or isn’t permissible. Often what results is unnecessarily draconian and inflexible.
Take web-based file hosting services, where you can replicate and synchronise data from your laptop to a mobile device via a cloud service. Putting company data on a public cloud may make IT managers nervous, but if you delve into the security policies and architectures of these companies, they are as good as most corporate environments. And they need to be. The last thing companies like Dropbox or Sugarsync want is bad press and customer fall-out from a security breach.
IT managers need to recognise this trend and engage with their stakeholders so they can have a sensible discussion about where the trust line lies. In other words, what are end users allowed to do and what are they not allowed to do in this new ‘bring your own device’ world.
What is likely to emerge are different trust lines for different parts of the business. The trust line on a customer facing activity, like a call centre, will be different from one for research and development. And that’s how it should be. The trust line should be tailored to the job role and activity type rather than being a one-size-fits-all ‘lock it all down’ approach that currently exists within many organisations.