It's called the consumerization of IT - using consumer-oriented devices and applications for business use. Google apps, iPhones, LinkedIn, Gmail, AIM, Facebook, and so on. Like it or not, they're here and they're not going to go away. Should you ban them? Embrace them? Close your eyes and ignore them? Experts weigh in on the topic.
At the Altiris ManageFusion conference in April, I participated on an Editor's Panel where we discussed the topic of the consumerization of IT. Given that this was a gathering of systems management professionals, we talked mostly about how to manage the consumer devices and applications that are creeping into the enterprise. Now Gartner is talking about the consumerization of IT, but from the viewpoint of the security risks it poses.
This begs the question, “If consumer devices and applications pose threats and are hard to manage, can’t we just refuse to let them in?”
Well, you can try, but that’s a bit like plugging the hole in the dike with your finger. Eventually the pressure behind the dike will cause a complete rupture and everything will come flooding in. Just like social networks, and instant messaging and other popular applications.
Rather than locking out consumer tools because they’re hard to manage or pose risks, consider the fact that they also can be very innovative and can provide business benefits. As an IT professional, your job is to help the company use technology to enable the business. There’s no rule that says that beneficial technology can’t have consumer roots.
Panelist Peter Varhol, executive editor of Redmond Magazine, has this perspective: “The social networking technologies are providing today’s businesses with a competitive advantage. Your marketing people are using YouTube as a focus group to test new ideas with new markets. It’s a fair bet your PR people are putting customer success stories up on YouTube as well. You might be able to prohibit people in your enterprise from getting to YouTube because it’s a security risk and a bandwidth hog, but you’re not doing your company a competitive favor by doing so. You should make the choices that help your company’s competitive position. You want to help retain talented and hardworking employees. Neither of those things will happen unless we let social networking into the enterprise and manage them appropriately. They are coming in whether you allow them or not. Work with users and senior management on the ways you can manage those technologies appropriately.”
Tom Henderson, principal researcher and managing director of ExtremeLabs and another member of the ManageFusion panel, points out that many of today’s accepted business technologies were once shunned because of manageability or security concerns. “How many of you swore you’d never have Wi-Fi because it’s insecure? That you’d never allow USB devices onto corporate computers? That you’d never do VoIP because it sounds so insecure and unreliable? Do you have an IPSec tunnel for remote users? All of these things we swore we’d never do, and we’re now having to accommodate them. It’s incumbent upon IT to help answer these questions. You watch these technologies because it’s the business leaders as well as IT who need to help decide what flies. That will be more important than ever before. You’ll have to try to accommodate these needs while staying one step ahead.”
Peter Varhol concurs: “And if you haven’t established the technologies Tom is talking about, you’re probably hurting yourself and putting your company at a competitive disadvantage.”
Michael Dortch, who is a Senior Analyst at Aberdeen Group, thinks we’ll eventually see enterprise-ready versions of many of these consumer technologies. He says, “The challenge is picking the right ones that interoperate with the environments you have right now while also protecting your information. These issues existed before these technologies came out. But this is IT’s biggest opportunity: to find the ways to make this work out.”
As a speaker at the recent Gartner Security Summit, analyst John Pescatore revealed new threats that Gartner expects will emerge as a result of the consumerization of IT. “We have more clients saying their clients are asking ‘why can’t we use Google apps?’” Pescatore says the conventional wisdom in the past would have been to simply say “no” to such unmanaged applications, but “all that is starting to change.”
Among Pescatore’s predictions for threats brought about by consumer IT:Patch and Vulnerability Management products)
• Attacks on shared SaaS applications
• Phishing attacks that originate from social networks, exploiting trust among “friends” (Compare
• Trojans and other malware posted to social networks, especially through widgets and gadgets
• Attacks on wireless networks
• Data compromise via unmanaged endpoint devices
You certainly have your work cut out for you in determining what consumer technologies to embrace and which ones to eschew. If it’s any comfort, remember that in its earliest days, the PC was considered nothing more than a hobbyist’s toy. IT sure would be different today if every company back then wrote off the PC as totally insignificant consumer technology.