If your IT department is resisting the "consumerisation" trend, it's in the minority. Recent research shows that most enterprises are proactively addressing this trend and the new relationship between IT and users that often accompanies a consumer IT strategy. What do they know that you don't?
Many of the fears regularly expressed by some technology and business executives, often related to information security in the mobile environment, can be effectively addressed through technology and policy.
A recent survey by the consultancy Avanade found that 60 percent of the companies are adapting their IT infrastructure to accommodate employee's personal devices, rather than restricting use of such devices. Also, 91 percent of the executives say their IT department has the staff and resources needed to manage the use of consumer technologies. In that environment, resistance really is futile.
As your organisation moves to consumer-based technologies such as tablets and smartphones, cloud services, a mix of PCs and Macs and social networking, here are critical practices to help create the right environment to make both IT and the business happy.
Create a culture that welcomes consumer tech
How can your organisation ensure it gets the most out of consumerisation, while allowing users the freedom they need and at the same time maintaining appropriate control?
Perhaps the first move the organisation needs to make is adjust its cultural orientation and attitudes from one of zero tolerance on consumer technologies to one of intellectual curiosity and business opportunity, says Frank Petersmark, former CIO of Amerisure and now a CIO advocate at the consulting firm X by 2.
Instead of automatically frowning on, say, employees bringing their own devices to work, you might think about how best to leverage this new technology and the processes that come with it for better customer service, improved profitability, or increased productivity, Petersmark says. An organisation's ingrained culture is probably one of the biggest inhibitors to effectively and sensibly leveraging the opportunities presented by technology consumerisation.
Part of the cultural change is getting IT out of the mindset that only technology people can make technology choices.
For example, the IT team at the Austin Convention Center had a hard time accepting that consumer products such as iPads would be suitable for use in its business environment, says Joe Gonzales, IT services manager. "In our organisation, there is this perception that if a product didn't get ordered from our Dell Premier page, then it's not good enough to use in the enterprise."
First, the center had to get to a way of thinking that the objective is to give employees productivity tools, and it doesn't matter if these tools are considered business IT or consumer IT. Now, it uses iPads to deliver service-order information to its employees on the show floor, and about 50 employees are using their own smartphones to access email and calendar information.
Focus on policy-based governance
This may seem obvious, but it's usually a big gap for companies to bridge: Develop policies to govern how consumer technologies can be used in the workplace, and deploy an asset management strategy for company-owned objects such as PCs and mobile devices.
Yes, consumer IT is largely about giving people freedom to choose devices and applications. But without a cohesive policy in place, anarchy can result.
"The majority of IT departments feel powerless when it comes to consumerization or any aspect of bring-your-own-device," says Barb Rembiesa, CEO of the International Association of IT Asset Managers (IAITAM). But governing policies, strong processes and proactive guidelines will give organisations the ability to move into a consumer IT environment while bringing value instead of adding risk and cost.
Also, think about deploying IT asset management systems to control risk and ensure financial return of company-owned technology goods. After all, you own them because you have an explicit expected benefit or payback, or a specific security need that moved you to mandate that tool.
Your standard deployment process for technology may not accommodate the management of consumer technologies. For example, the Austin Convention Center found that its IT-initiated approach of adding a mobile device to a Windows domain and adding user profiles didn't address the casual nature of BYOD usage. The IT department had to start from scratch and determine how it was going to manage equipment, yet still comply with the City of Austin's IT security policies and procedures under which it operated.
In the end, the centre wrote a new deployment policy that centered around educating users on the do's and don'ts of device usage, Gonzales says. This is also how the center goes about segmenting company data and personal data on devices: by educating users about how not to mix the two.
IT also took responsibility for the initial setup of devices, so it could control app deployment on them.
Implement mobile device management
Mobile device management (MDM) software secures, monitors and supports mobile devices. Typical functionality includes app distribution, configuration and enforcement of access controls, and, for higher security environments, imposing usage requirements, such as disabling the camera or limiting Wi-Fi access to specified access points. Such software, and the policies they execute, apply to both company and employee-owned devices.
Consider the experience of furnishings company Holly Hunt's iPad trial, where a few sales staffers used Apple iPads on visits to client sites. During the pilot, the company discovered there was no way for IT manage the updates of iPad applications without going through an iTunes account. That meant it had to have one corporate iTunes account for each device issued and users had to periodically send their device in for the company to update with the PCs running that iTunes instance.
This was an operational nightmare, says Neil Goodrich, director of business analytics and technology at Holly Hunt. Instead, the company decided to shift to a BYOD model for the sales rollout, eliminating the concern about IT needing to keep devices current. Users took that responsibility, aided by iOS's application alert system.
Holly Hunt also deployed MDM software, so it can blacklist certain applications where appropriate. It can also remotely wipe data and deny network access to devices that do not adhere to corporate policies.
This strategy gave the company what it wanted with its mobile strategy: Users can self-update their personal devices and get the full utility from the one device for both their personal and work need, and Holly Hunt can protect itself against risks such as lost or stolen devices.
In addition, MDM software allows for multiple profiles, so the company can have one profile for employee-owned devices and other profiles for corporate-owned devices, which it uses in its warehouse and fabrication facilities. Other organisations implement such multiple profiles to vary permissions and privileges based on users' roles.
Tap into your employee base for app ideas
For application development and deployment and the kinds of apps employees are allowed to use, many organisations are trying to catch up with the consumer marketplace, says X by 2 consultant Petersmark.
Most new employees enter an organization with a more capable set of productivity and networking tools, not just devices, than supplied by their new employer, Petersmark says. It's problematic at best and catastrophic at worst from a talent recruiting and retention perspective "if the best and the brightest decide that their new employer's infrastructure and application portfolio is far inferior to what they already have in their pockets," he says.
Forward-thinking companies are trying to embrace those in their organisation who tend to push the boundaries on the consumerisation front. Rather than considering those people to be troublemakers, Petersmark advocates that you bring them into the planning and deployment process and ask them why they use the devices, services, and apps that they do, how they use them, what benefits they derive and so on.
Consider creating a small team of the more cutting-edge employees and ask them to help re-create some of the core application functions the company uses in the form of more consumer-friendly technologies, Petersmark says.
Get over security skittishness around BYOD
Most organisations historically denied network and data access to anything that was not company-issued. But that doesn't work in a consumerisation context. Thus, companies are increasingly creating secure access points via virtualisation or cloud services that allow employees to safely access company resources with their own devices.
If done correctly, this tactic can yield several benefits, Petersmark says, including allowing employees to be more productive and maybe even more innovative by permitting some flexibility in how, when, and from where they are allowed to engage the company's resources.
Still, security remains one of the biggest concerns among IT executives when it comes to consumer technology in the workplace. Although some of the fear is fuelled by vendors and analyst reports seeking to sell security tools, some of the worries are legitimate. But with tools for encryption and access control, you should be able to safely provide access to some enterprise data and applications to trusted users.
The adoption of a virtualisation strategy addresses many of the challenges of consumerisation of IT, says Paul Martine, CIO of Citrix Systems, a virtualisation technology provider. By hosting all applications, virtual desktops and data in the data centre, you can deliver these services to any consumer devices in a controlled and secure fashion, Martine says.
However, many virtual desktops are designed for use on Windows PCs and Macs, and they don't work well in a mobile environment. The issue is not just screen size, but lack of support for touch and other native user interface methods, as well as back-end applications that don't reformat themselves to the current context, says Ryan McCune, senior innovation director at Avanade. He notes that Citrix and others now offer APIs to help developers make their back-end apps mobile-savvy, so they can adapt to the device being used.
Cloud services that are designed to deliver apps and data securely over a network can also help address security concerns. But few cloud services yet work well with mobile devices; Google Docs and Microsoft Office 365 being prime examples of such PC-oriented services. And many apps make it easy to use cloud storage services, such as Appe's iCloud, Box.net, Dropbox and Microsoft SkyDrive, that IT can't manage. However, more options are emerging to make consumer-class cloud storage more palatable to IT.
Build an app store that appeals to users
People who use mobile devices such as iPhones, Galaxys, and Droids are accustomed to going to app stores to easily download what they need for their devices.
For its own employees, Avanade is developing several enterprisewide mobile applications, including some that will connect employee mobile devices into the company's social computing capabilities such as employee profile pages, microblogging sites, video and media sharing, search, communities and blogs.
The majority of enterprise applications are not optimized for mobile devices, and many users opt for work-arounds to access them, says Chris Miller, Avanade's CIO. "We can take lessons from the consumer app store model and apply that to meet the specific needs of the business environment," Miller says.
On the commercial software front, both SAP and Oracle have invested in creating mobile clients to access their ERP and CRM systems, in recognition of the increasing endpoint diversity among users.
An enterprise app store should provide employees with a central portal to request an application across any number of devices, from laptops and desktops to tablets and smartphones, Miller says. From a management perspective, it should also have built-in approval processes and workflows to manage costs and make sure the right people and teams are getting access to the tools they need.
And, says Avanade's McCune, enterprise app stores need to acknowledge the commercial apps available to users and steer them to preferred apps by adding links to the Apple App Store, Google Android Market, Microsoft Windows Store and so on.
Consumerisation is unstoppable, but that's OK
The consumer IT trend seems unstoppable, given the proliferation of tablets and smartphones, cloud tools, social tools and mobile apps in the workplace. That doesn't necessarily have to be a bad thing for technology executives. Rather than looking at this development as another drain on IT's time and resources, organisations can embrace the opportunity to give workers new levels of productivity and flexibility, with the ability to work from virtually anywhere using the tools of their choosing.
If you understand your organisation's risk tolerance and approach consumerisation not as a threat but as a different way of managing, you can come up with an effective strategy that accounts for risk but also enables employees, and in turn, enables your business. The returns can be substantial.