Gone are the days when the enterprise knew best. Change is afoot and consumerisation, and the opportunity for staff to use their own technology, offers real advantages to the contemporary business.
By letting staff choose their own devices, employers give workers more freedom and encourage a level of trust that potentially results in an increase in productivity and loyalty. Such consumer devices can also be more flexible, cheaper, and more advanced than their business counterparts. But preparation is still the key to success. CIOs need to make sure that, by letting private devices on to their network, they do not create security, privacy or compliance problems. To address such concerns, Technology Leaders considers the most important aspects of consumerisation.
Can my business simply avoid consumerisation?
Consumerisation is already happening, with research from IDC suggesting as much as 95% of workers have used technology they purchased themselves for work. Burying your head in the sand is simply not an option for leading executives.
Many of your workers probably already own high-powered smart phones. They will beusing these devices to interact with other individuals on social networks outside the corporate firewall. Such employees will want to use their devices inside the firewall, with the aim of using familiar devices to undertake work tasks.
But consumerisation is not simply a technological transformation; the introduction of consumer-led devices will change how your business operates. IT leaders looking to manage this business transformation will need to have established stable back-end systems, security processes and legal frameworks.
CIOs can use transformation to help the business transform. But as Tariq Saied, Managed and Professional Services Director at BT Engage IT, says: “The challenge of allowing non-company devices onto the network is probably one of the biggest headaches for modern CIOs and IT departments.”
So, can I just lock down access?
The answer to that question depends on the balance between your desire to enable change and your appetite for risk. Technology leaders that start to deal with consumerisation at an early stage are more likely to be prepared for further step changes in the next few years.
Young people spend more time connected, multi-tasking on various devices and applications. Such people will be tomorrow’s workforce. Your business can go out of its way to stop young people connecting and can create a series of defendable perimeters to prevent access.
However, such draconian actions are likely to work against the creative means that these young workers will have already established to complete their tasks. There is also a chance that these workers will begin to resent your tight policy, as your most valued networkers will increasingly be reliant on consumer devices and social media.
Tariq Saied says the CIO needs to challenge accepted business wisdom and use consumerisation to reconsider traditional delivery strategies: “With technology evolving rapidly over multiple device platforms, access to a broad range of specialised skills will be crucial.”
What should I let my employees do with their consumer device?
The straightforward answer to this question is “work”, but ease-of-access is creating specific business concerns. Employees using consumer devices hold powerful computers in the palm of their hands that give instant access to social networks.
Research suggests the business is concerned that employees spend too much time on non-work related activities, with as much as half of finance chiefs concerned their workers are wasting work-time on social media. What is more, the continued blurring of business and social networking means definitions of “work” are becoming complicated.
One option is for a business to limit social media access. But an organisation looking to lock down access to social networking could find that certain employees need access to sites as part of their work activities. Human resources (HR) staff, for example, might check the background of potential employees on LinkedIn or Facebook.
A separation between business and personal use might be standard practice on company-owned equipment. But the level of control can diminish on user-owned devices, says Tariq Saied: “CIOs, therefore, must define policies for device use.”
How important is security when I define policies?
Security is absolutely crucial. Access to applications, platforms and systems should always be based on risk assessments, with the right level of security associated to each layer of technology.
If an individually purchased device is used for business purposes, the CIO must know whether passwords are secure, whether devices can be tracked if they are lost, and whether there is a facility to auto-wipe in the event of a loss.
Encryption and authentication are likely to be significant tools in the CIO’s kitbag because of the damaging implications of information falling into the wrong hands. CIOs should also ensure that access to hosted data could be restrictedin the event of device theft or loss.
Tariq also says companies must review their security strategies and recognise the risk associated to the increased use of mobile devices: “But such steps will only work if processes and behaviours are also addressed.”
Will I be able to take a standardised approach to consumerisation?
A trip on any transport network will helpfully illustrate the increasing number of devices and operating systems being used, from traditional Windows-based technologies to Apple’s consumer-led iPhone. Be aware how that level of access is just the tip of an ever-increasing iceberg.
Analyst Gartner suggests greater availability of technology and a change in demographics means 20 per cent of employees will use consumer-led social networks as their core method for business communication by 2014. The business must be ready for such change.Supporting that transformation will not be easy. If coping strategies are not established, employees will expect to use non-standard devices to interact with the corporate network. But supporting choice, while restricting the potential portfolio of options, will be a tough call.
IT leaders will need to step up to the challenge as quickly as possible, says Tariq Saied: “CIOs must set guidelines for the amount of support they can reasonably be expected to offer.”
Who should be responsible for the device?
Your answer to this question will relate to the approach you take with regards to security and standardisation. Providing access to a locked-down, approved device will increase standardisation and potentially help to allay some of the business’ security concerns.
What such an approach will not address are support and insurance concerns. And while passing the cost of purchase to the employee does provide a potential means to offset some of the concerns associated to device ownership, your organisation will still need to ensure such employees can integrate with the network.
Your firm will also need to find a means to establish legally enforceable policies for how enterprise information can be used on a personal device. CIOs must, therefore, work alongside legal and HR representatives to define the terms of ownership and use.
Your business could suggest to users that some means of control could be seen as a fair exchange for being able to use consumer devices, says Tariq: “But the terms of that arrangement would need to be extremely clear and not open to interpretation.”