Tom Kaneshige at CIO published an interesting article today about BYOD (Bring Your Own Device [to work]) and whether security-related concerns are a red herring for IT. That is to say, is allowing workers to access corporate networks on their personal devices as big a threat as it’s made out to be?
Yes and no.
For many companies, especially small companies handling non-sensitive data, it’s probably not a huge concern. But for companies with lots of data—some of which might be sensitive or subject to compliance laws—and thousands of employees accessing networks, it can quickly become a major concern for IT since it’s the fundamental nature of IT to want central control of the data infrastructure (including the people, devices and policies that interact with the data). To discount the importance of this entirely would be a mistake; WikiLeaks, for example, was the result of failed security policies relating to data access.
But the more interesting part of the article isn’t really about data security; it’s about the evolving role of IT. The question came up, “Is the consumerization of IT the end of IT as we know it?”
Now that’s an interesting question.
We live in a hyper-connected world in which younger generations of workers are more than capable of setting up their own email, using their preferred devices/systems and generally dislike being chained to established ‘IT-approved’ ways of working. Workers have become their own self-regulated IT department and if they don’t like what IT is doing, they go rogue. If IT makes it hard to share a file with a colleague because of SharePoint permissions, people will simply upload the document to Google Drive or Dropbox, removing the file from the IT ecosystem—and IT purview.
So where does this leave IT administrators who are suddenly put on the defense by the very people they’re supposed to be helping? John Mensel, director of security services at Concept Technology says:
Yeah, we’re going to be getting out of the business of doing day-to-day desktop support. But our business is going to turn into the business of providing people with interfaces that they can plug their devices into. We’ll be facilitating interfaces.
In a traditional model, there’s a desktop with a bunch of applications installed on it—all of which are configured by IT. It’s a very tightly controlled environment.
Now we’re moving to a consumerized environment where the user owns the interface… IT’s role is shifting away from supporting desktop applications to serving up interfaces, whether they be Web-based, Java apps, Flash apps, or things you get in an app store.
So IT won’t become obsolete, they’ll just be managing interfaces instead of infrastructure. I like that idea. IT becomes a gateway, rather than a gatekeeper, to content and better ways of working. It’s actually a much better use of IT resources and it creates a positive relationship between workers and IT, rather than one with opposing needs. If users are empowered to choose their own infrastructure (i.e., devices), they feel liberated from the shackles of overbearing IT regulation plus they 1) pay for their own devices and related costs and 2) manage their own infrastructure issues. IT’s resources are cleared from the infrastructure part as long as they can provide the resources, applications and interfaces needed for workers’ devices to operate harmoniously throughout the organization. And if IT lets it, cloud software can do the heavy lifting of making that harmony possible.