One of the most consistent IT management themes in 2012 was an apparent increase in employee autonomy over technology choices. If it was ever true that the IT department had sole authority over technology selection, those days are long gone.
The most obvious expression of this was ‘bring your own device’, in which workers are permitted to use their own hardware – typically smartphones, tablets or laptops – for work purposes.
This is hardly a brand-new phenomenon: many organisations have allowed employees to access work systems on their own computers for many years. But the iPhones, iPads and Android phones that employees are now buying are novel platforms for many IT departments, and present new technical and HR challenges.
In late 2012, a survey by analyst company Ovum found that around 40% of UK workers use a personal smartphone or tablet to access corporate data. This was far behind the global average of 57%, but close to standard among mature markets.
Much of this BYOD activity is unmanaged, Ovum found. In the UK, only half of the workers who used their personal devices to access corporate data had signed some kind of policy to determine responsibility for data protection and device security.
Of those companies that decided to take a proactive approach to BYOD, many chose to deploy some kind of mobile device management system. There is a variety of approaches available: some systems, such as Good Technology’s platform, create a secure zone on the employee’s device through which they can access potentially sensitive data. Others, such as MobileIron, use permissions and security preferences to control data within the standard user environment.
The organisations adopting MDM to support BYOD that Information Age spoke to universally reported positive experiences, saying that it allowed them to give employees freedom to chose the devices they want while preserving IT security peace of mind. There was a note of caution, however, from IT security consultancy Context, which analysed the security of some of the more popular tablet devices.
It found “serious security failings” in Samsung’s Galaxy Tab, and while Apple’s iPad fared fairly well, it can still be ‘jailbroken’ fairly easily, rendering most security defences irrelevant.
Ongoing concern about the security of corporate data on employee-owned devices may give rise to new approaches to safeguarding information. A project at Newcastle University led by Professor Aad Von Moorsel, for example, is investigating how to design systems so that employees appreciate the value and risk associated with various kinds of company data, and handle them appropriately.
This is one way in which the greater autonomy of employees over technology selection is forcing organisations to rethink how they control information.
Bring your own apps
BYOD is not the only example of the IT department’s shrinking dictatorship over technology selection.
The vibrant online marketplace for applications – be they mobile apps or cloud-hosted full applications – means workers and business units have the ability to choose and deploy their own applications like never before.
This poses its own challenges. For one thing, if business units are buying their own SaaS applications, it becomes much harder for the IT department to impose central control over things like identity and access management, licence control and data visibility.
One solution to this problem, put forward by Gartner analyst Darryl Plummer, is the concept of a ‘cloud broker’. This is an organisation – internal or outsourced – through which departments must buy cloud services and SaaS applications.
The cloud broker can apply identity management rules, monitor usage and make sure the buying power of the end-user is maximised. It presents to the users a pre-vetted selection of cloud services that they can use.
IT services providers are vying to become the ‘cloud brokers’ for their clients, but perhaps the best known example – in theory at least – is the UK government’s G-Cloud procurement framework. This allows government departments to buy cloud services from suppliers that have been security checked and approved centrally, thereby reducing the checks and balances they must themselves go through.
As it turns out, however, with the exception of cloud-based document collaboration system Huddle, which has proved very popular in government, most of the services acquired through G-Cloud are software development or consultancy services, not cloud services.
Still, it serves as an example of how IT organisations might maintain control and process in the face of growing end-user buying power.
Looking after the data
One area where the buying power of business units is apparently on the increase is business intelligence.
In his latest Wisdom of Crowds survey of BI users, Howard Dresner – the IT analyst who coined the term business intelligence – found that in the past year, and for the first time, the majority of new BI projects globally were initiated by business units.
This marks a departure from BI projects of old, which were typically led by IT, involved building a highly sophisticated data architecture in an attempt to build a ‘single version of the truth’, and often ended up over-budget and under-used.
Instead, business users are selecting the front-end analytics tools that they want, and using their own budgets to procure them, Dresner found.
This is good news, on balance – business users are more likely to select systems they want and are likely to use.
However, as in all facets of growing employee and business unit autonomy over technology selection, it does not absolve the IT department from its responsibility to make sure that data is accurate, timely, secure and compliant.
There are a number of ways that the IT department might achieve this – it may try to persuade business users to hook their self-selected BI systems into the enterprise data warehouse, where at least the IT department can assert some data governance and process.
It may seek to impress upon the business units the need to develop their own data governance capabilities, on the grounds that poorly maintained data will not produce accurate analyses.
Or it may seek novel, technological methods to impose data governance and quality processes across the disparate and decentralised software ecosystem within the enterprise.
One thing is for sure – the idea that an organisation’s technology environment can be hermetically sealed and controlled by an all-powerful IT department is outmoded.
Instead, as users gain control of technology selection, the IT department must shift its skill set from systems administration and support to communication, collaboration and engagement with the business to make sure that the organisation’s long-term information interests are protected.