Happily Ever After

ConsumerismBy taking a thoughtful approach, businesses can embrace the benefits of employee-owned technology while avoiding the risks.

Once upon a time, organizations provided all the technology their employees needed. Today, however, more and more employees rely on their own devices and applications — and expect them to be supported by the IT department.

Industry analysts call this trend the “consumerization of IT,” and it reflects the simple fact that the average person has become a reasonably sophisticated technology user. As consumers make their own buying decisions about the devices and applications that help them maximize personal productivity, there is a natural crossover into the workplace. It would be inconvenient and inefficient, for instance, to require employees to carry separate mobile phones for work and personal use.

This trend obviously imposes significant burdens on the IT department. It’s hard to manage equipment you don’t own, and harder still to secure and support a diverse collection of hardware and software that is literally changing every day.

The challenge is dealing with the situation while at the same time acknowledging that IT consumerization offers some very real benefits. Today, IT innovation is frequently driven inward from consumers rather than outward from the IT department. Web 2.0 technology, hosted applications, wireless, smartphones, social networks and instant messaging are just a few examples of grassroots technologies that eventually took hold within the mainstream IT infrastructure.

“Not every consumer IT product is going to be beneficial so it’s important to strike the proper balance,” said Michael Stenger, IT Director, Atlantic-IT.net. “Organizations need to consider which tools they are going to allow, how they are going to secure, manage and support them, and how those tools can enhance business processes. By taking a thoughtful approach, organizations can reap the rewards while minimizing the risks of consumerization.”

The Smartphone Factor

Smartphone technology is probably most responsible for the acceleration of IT consumerization. Devices such as the iPhone and Droid have blurred the line between personal and business life and introduced a new acronym to the IT world — BYOD (Bring Your Own Device). Experts estimate that as many of three-fourths of all companies have embraced BYOD, allowing employees to access the company network and perform many job functions using their personal smartphones and tablets.

“A well-thought-out BYOD program can do wonders for productivity and flexibility but it also increases technical and security challenges,” Stenger said.

The Bring Your Own Apps (BYOA) trend has even broader implications. Recent research by LogMeIn and Edge Strategies found that nearly 70 percent of small to midsize businesses (SMBs) report active use of employee-introduced applications, including cloud sync and storage apps, collaboration apps, productivity apps, and social apps. Apps introduced by employees often wind up being endorsed by the company.

However, SMB IT pros are concerned about lack of control over these apps. Not surprisingly, 67 percent listed data security of apps in the cloud as a primary factor limiting adoption of BYOA, while 43 percent cited lack of control/management as a limiting factor. Other key factors hindering broader acceptance of BYOA included lack of integration with corporate applications and systems and industry-specific regulations.

Despite these security and management concerns, most SMB IT pros expect to increasingly embrace and encourage the use of such apps over the next couple years because of the benefits they bring to their organizations. Forty-seven percent of SMB IT pros indicate that BYOA can increase flexibility, while 37 percent say BYOA can help discover gaps in the set of apps needed in the workplace.

Dealing with Reality

Strong security measures are important anytime personal and business applications and data comingle on the same device, but it is especially critical in the case of smartphones. With integrated Web browsers and email access, these devices are subject to the same type of spam and malware threats as any laptop or PC. Additionally, their compact size means they can easily be lost, misplaced or stolen.

“Many security issues can be avoided if the devices are configured appropriately,” said Stenger. “Default system and application settings on smartphones typically emphasize features, functions and ease of use — at the expense of security. Administrators should configure devices in accordance with their organization’s security requirements and reconfigure them as those requirements change. Users should also sign off on usage policies, such as requiring support of ActiveSync for secure email transmission/storage and remote wipe in case of loss.”

In addition, organizations should investigate, test and implement one of a host of smartphone management platforms available commercially. These are typically plug-in appliances that allow an administrator to publish and push updates and applications to one user or groups of users. The administrator can also identify unauthorized applications and prevent users from downloading, using or updating prohibited programs or applications.

As the workforce becomes younger and more tech-savvy, employees will continue to introduce consumer tools and services into the enterprise — with and without the blessing of IT departments. Gartner Research has maintained that the consumerization of IT is an “irreversible mega-trend,” urging forward-looking companies to embrace these technologies. While this trend clearly poses challenges, organizations that focus on the processes, policies and infrastructure to support user-owned technology may find that benefits ranging from employee satisfaction, reduced management costs and greater productivity will deliver a storybook ending.