Consumerization, the White House, and Rockin’ IT
Blogger: Dan Blum
Obama’s White House staff is the latest poster child for consumerization. As described in the Washington Post article Staff Finds White House in the Technological Dark Ages, Obama officials fresh from a campaign of “relentless social networking” finally arrived at the White House, only to “encounter a jumble of disconnected phone lines, old computer software, and security regulations forbidding outside e-mail accounts.”
Consumerization may be a new buzzword, but it’s a well-established phenomena. The “PC revolution” and the “Internet revolution” both rocked IT in the 1980s and 1990s respectively. Many organizations with their heads in the sand suffered badly. Organizations that hampered deployment lost the initial opportunities to fully leverage these productivity-enhancing tools. Organizations that failed to proactively direct deployment ended up with an unmanageable, insecure mess.
Because the consumer market is now much larger than the enterprise market, consumerization will only increase. We’re headed back to the future with:
- Consumer applications such as social networks and other “Web 2.0” technologies
- Consumer smartphones such as iPhone
- User-procured and user-managed computers
It’s time for IT to ride this tiger. Let the Obamas in your organizations use smartphones, let the David Plouffes find fans on Facebook, consider useful apps like Salesforce and all the rest, BUT YOU MUST MANAGE IT. The following are some things to look out for.
As I wrote in iPhone and iTunes: The Thin Edge of Consumerization’s Wedge, consumer applications are not designed for enterprise class security and manageability. They may have vulnerabilities that put the organization’s data at risk. Organizations need to do risk analysis to determine how to manage these vulnerabilities, and push the vendors to cover or eliminate them. It’s also important to develop policy on use control and promote user awareness of the policy. This can be a cultural issue for users of social networks like Facebook and MySpace that promote a great deal of personal openness that may or may not be appropriate for organizational purposes.
Archival is one of the more difficult deficits of consumer applications and smartphones. Vendors are getting better at helping organizations archive organizational email, but not web mail, text messages, Facebook posts, etc. Even Obama’s BlackBerry – generally speaking, an enterprise-class device - may not comply off the shelf with laws requiring archival of all White House communications.
User-procured and user-managed computers, however, pose the most difficult consumerization dilemna. Just as de-perimeterization forces IT to shift security features from the network to the endpoint, the business takes control of the endpoint away...
Promoted in the name of cost savings, the idea of user-owned and managed PCs seem like a really bad one from the security perspective. But is it really? IT was already granting access to all kinds of contractors, outsourcers and external partners with unmanaged PCs. “Externalization” is what they’re calling that now, but its been going on for years. Whether we externalize for employees’ or for partners’ sake, we have to manage the risk of unmanaged PCs. Typically this means that other IT assets must be hardened and able to defend themselves. It’s a tricky thing. Security architectures may shift some security features from the network to the endpoint, but application and data architectures must trust the endpoint less.
My Shifting Defenses: Security Futures for Networks, Applications, and Data report considers unmanaged computers and other implications of de-perimeterization and externalization. This document is available to our subscribers or to anyone who registers at the guest link here. And, at the 2009 Catalyst Conference, we’ll be covering topics like desktop virtualization and other technologies that are gradually maturing to the point where they can really make your IT department rock.
