iPads, iPods, tablets, smartphones. These are the new tools of the trade in enterprises around the globe—much to the chagrin of the IT department. IT not only has to deal with the proliferation of new devices in the organization, but also applications and services that employees are bringing from their home lives and using while at work.
The term for this is “
Until recently, IT departments would provide computers, telephones and applications that workers need to do their jobs, and would also be responsible for managing and maintaining these technologies. IT departments would select and purchase the technologies for the workers, with an eye to security and reliability. The tools used in the workplace were generally very different from the ones used at home, which were consumer oriented and not geared for the needs of businesses. Consumer-type applications and technologies would sit outside of the firewall and were not allowed in.
Those days are over. Today, workers expect to use many of the consumer apps in their business lives as well. And IT is expected to accept and embrace these tools.
Most people think of devices when they think of consumerization of IT—but as I see it, there are three categories:
- Devices: Most notably, smartphones and tablets.
- Collaboration applications (or social collaboration): Wikis and blogs, as well as Skype, Google Docs, instant messaging services and even virtual worlds like Second Life. Avaya introduced web.alive for immersive Web collaboration, utilizing avatars and showing several similarities to Second Life.
- Social media applications: Social networking sites like Facebook, Twitter and YouTube.
Consumer apps for business
Consumer applications such as America Online Instant Messaging (AIM), Yahoo Instant Messaging and Microsoft’s MSN Messenger began quietly creeping into the enterprise. This led to the creation of enterprise-grade IM solutions that provide security and legal compliance, starting with IBM Lotus Sametime, followed by Microsoft Exchange Instant Messaging, Oracle Beehive and others. Today, IM—whether consumer or enterprise—is used in companies of all sizes and across all verticals.
The same is true for other traditionally consumer-oriented services and applications such as Skype and Google Gmail. Skype’s strong push into enterprise video calls, IM/chat and conferencing has made significant inroads into enterprise businesses.
Another consumer-to-enterprise app example is Google Apps, which provides Web-based versions of office suites, including Gmail, Google Groups, Google Calendar and Google Docs—a free Web service that lets users create and share documents, spreadsheets and presentations. Based on its low cost (read “free”), Google Apps initially appealed to consumers and people working outside of the enterprise, and it began spreading to enterprises of all sizes, especially in government and higher education organizations.
Google then introduced Google Apps for Business, a packaged product of Google's messaging and collaboration applications, including Gmail, Google Talk, Google Calendar, Google Docs, Google Sites and Google Video, aimed at meeting the needs of businesses.
These consumer-oriented tools were very appealing for several reasons, most notably the cost: free, or almost free. For example, the city of Orlando estimates that it can save 60% annually (over $200k) in software licenses and infrastructure spending by using Google Apps.
Instant messaging services like AIM are free, while Skype calling is free to other Skype users, and users can even make free video calls. I personally use Skype for international calls, since the per-minute rate is extremely low. While the quality depends on the Internet connection, the price is certainly right.
The low barriers to entry make it easy for individuals to share and collaborate with people regardless of what technologies they have access to; all they have to do is download a free app via the Web.
Free consumer apps for business can still cost you
The downside, however, is security and reliability, as well as regulatory compliance for companies in health care, financial services and other regulated industries.
Another issue with some of these free applications is the quality and availability of technical support when there’s an issue. The old maxim “you get what you pay for” generally applies when it comes to technical support, which is either non-existent or consists mainly of online forums, rather than live agent assistance.
Initially, enterprises were reluctant to let workers use these tools, especially Skype. In fact, enterprises were warned about the dire consequences of these services. In 2005, Info-Tech Research Group told enterprises to ban Skype because of the opportunities for a hacker to invade a corporate network, noting: "Companies that are already banning peer-to-peer applications, such as instant messaging, should add Skype to its list of unsanctioned software programs.”
Social software: Fear it, fight it or friend it
Social software applications, which also have their roots in the consumer world, are becoming “must haves” in the enterprise. Many companies found that they can’t ban Facebook, Twitter and YouTube, and instead are finding ways to let their employees use social software applications, but in a safe and secure way. Security is a huge issue when it comes to social software, and there is reason for concern:
Only 28% of companies surveyed had a security solution robust enough to handle real-time usage and monitoring for voice, video, social media and collaborative tools used by employees. (Source: Aberdeen Group)Of 803 IT pros at SMEs, 80% think Facebook, RSS feeds and Web 2.0-based malware will cause a problem for their companies. (Source: Webroot )The number of firms suffering attacks through social media jumped 70% between 2008 and 2009. (Source: Sophos)
Actiance, aimed at enabling the safe and productive use of unified communications and Web 2.0, identifies the following security concerns:
- Information leakage: loss of confidential information;
- Network and data security: viruses, spyware, malware (generally spread through accessing links and applets);
- Data exfiltration (good data going out);
- Compliance: storing and sharing data and content.
Potential damage includes a negative impact on a company’s reputation, as well as financial and legal consequences. Rather than simply banning the use of these social media sites and services, enterprises need to think about how they can adopt social software most effectively, and answer the following questions:
- How do we get the upsides without potential downsides?
- Should workers be allowed to use public social sites at work?
- Are there secure solutions available?
Consumerization of IT is here: Deal with it!
The camel’s nose is under the tent, and it’s too late to turn back—workers are bringing collaboration and social media tools that they use in their personal lives to the office, and the trend will only continue. Organizations can approach this in two ways:
- Implement enterprise-grade applications, such as IBM Connections, Cisco Quad, Jive and Yammer.
- Implement policies and guidelines for using public social software sites.
The need for a combination of technology, policy, guidelines, controls, enforcement and education is clear. Where possible, companies should consider the use of enterprise-grade solutions, which provide encryption, access control and approvals, logging tools, monitoring, notification and alerting, and are easier to govern and audit.
However, it’s becoming increasingly difficult to ban the use of public sites such as Facebook and Twitter. The use of third-party security and compliance solutions from companies such as Actiance, Socialware, Hearsay Social and others can be a way of mitigating the negative consequences of using public social software sites.
Perhaps most important is the use of guidelines. All organizations should consider developing a social media policy and providing usage guidelines regarding what can and can’t be shared internally and externally. These guidelines should include a policy on blogging, comments, tweeting, posting and linking, and can be as basic as: Think before you post, be responsible, don’t disclose confidential information or information on your clients, be accurate, be respectful, no offensive language, no personal attacks and be transparent (don’t hide behind an alias).
Workers are going to bring their favorite tools and technologies to the office—whether it’s an iPhone, Skype, Facebook or whatever the next fad will be. Rather than fighting it, organizations need to take the lead and provide education, policies and guidelines to help ensure the safety of their employees, as well as their company reputation and data.
And you can follow me on Twitter at @blairplez.
About the author: Blair Pleasant, president and principal analyst of COMMfusion LLC, and cofounder of UCStrategies.com, provides consulting and market research analysis on voice/data convergence markets and technologies aimed at helping end-user and vendor clients both strategically and tactically. Prior to COMMfusion, she was director of communications analysis for The PELORUS Group, a market research and consulting firm, and president of Lower Falls Consulting.
This was first published in April 2011