If turning back the tide is not an option, where should organizations start?
Once upon a time, work was very much a nine-to-five thing. Of course there were exceptions – workaholics who couldn't leave the office on time, or those who would struggle home with a briefcase full of papers. However these tended to be the minority and, more importantly, they conducted any late-night working on their own, without being distracted by email, instant messaging, etc. Indeed, it was the thought of no interruptions that often led people to take work home in the first place.
How different things are today. We've heard quite a lot in recent years about "Consumerization" -- that is, how individuals are bringing shiny new devices, handy programs and useful web sites into work. Underlying the phenomenon is a question of price points. When gadgets become cheap enough for a consumer to cost-justify, it will be bought -- particularly if peers already have something similar.
We're seeing similar activity around cloud services and mobile apps, which have become less costly than traditional software, so much so that in many cases people are buying them simply to find out whether they are useful. Some are even adopting a "freemium" model, that is, a zero-cost basic service offering which can then be enhanced, at a cost.
Despite grumblings from IT and the obvious security challenges caused by this uncontrolled adoption, there's a sense of inevitability about it all, linked to the fact that personal technology is evolving faster - much faster - than corporate IT. To try to control such activities would unlikely stop people from doing their own thing. So while no organization wants to propose a free-for-all, most are resigned to the fact that ‘corporate issue’ IT is becoming a thing of the past.
For the organization, the real challenge isn’t about devices, services or applications (which are just tools), but around the data being manipulated and the people doing the work. Consider Dropbox for example, a straightforward file synchronization and sharing utility.
Things become more complicated last year however, when Dropbox changed its terms of service to say that it owned the rights to whatever it stored on its servers. The Dropbox team was quick to clarify what it meant (LINK: http://www.crn.com/news/cloud/231001213/dropbox-moves-to-clear-up-cloud-data-ownership-terms-of-service-confusion.htm), but the example serves to illustrate some of the complexities around business use of a consumer service.
A cursory scan through the terms and conditions of other online tools and hosted services reveals similar complications. For example, Yammer, a hosted collaboration platform, claims no rights over content passed across its service, but does appear to offer the rights to the company owning the network across which content is transmitted. This should set off alarm bells for anyone working on a client site. T’s and C’s around social sites are notoriously dubious when it comes to privacy, and while such sites can be locked down, this requires configuration by each individual user.
Perhaps the policy should be, “If you are sharing corporate data using non-authorized applications or services, then don’t.” But people will, simply because using such tools can make the job so much easier than attempting things ‘the old way’. In other words, simplistic, blanket statements cannot be the response.
Even if such services are accepted and controlled from a business perspective, the flipside is how they enable corporate life to encroach on personal time. Online tools such as Yammer or Skype can be installed on any machine or device -- all they need is a login and a password. Similarly, hosted email and sharing through Exchange or Sharepoint can be accessed from almost anywhere, which means, a home computer can very quickly become a corporate gateway.
We’re still at the beginning of trying to understand the impact this will have. Studies tend to focus (LINK: http://www.orangebox.com/BOOMERS&MILLENNIALS.PDF) on the rising expectations of younger employees, who (we are told) do not see as clear a line between work and home. If this bears out to be true in the longer term, it suggests that any boundaries between work IT and home IT will continue to blur.
If we go back to the fact that this is about the people and the data, even if the needs of people for flexibility and diversity become harder to satisfy, the one absolute that remains will be data. We will never arrive at a point where it is acceptable for patient records to be leaked, for example, or the content of private conversations in the boardroom or with a member of staff.
However, if we have moved away beyond the point of simply saying ‘don’t do it’, we need to get to a place where we actually understand that all data is not equal. For organizations looking for a route map to get them across the minefield that is the future of IT, understanding data, its importance and risks would be as good a place to start as any.