Some IT departments choose to support all the mobile devices and operating systems that employees bring to work. Others offer limited device support. But what if you decided not to support any devices at all?
Employees at Boston-based AMAG Pharmaceuticals Inc. can work on whatever devices they want. People who come to the company and are uncomfortable buying a computer receive a Lenovo laptop that runs Microsoft Word and Adobe Acrobat. But Nathan McBride, vice president of IT and chief cloud architect, and his four-man team don't troubleshoot the computers if something goes wrong. Instead, they just take them back and give the workers a new one. And if someone has a problem with their own smartphone or tablet, it's up to that employee to get it figured out.
McBride and his team, who call themselves a cloud brokerage rather than an IT department, can run things this way because they give users cloud access. Mobile devices and laptops must run Google Chrome in a browser, which workers use to authenticate themselves, instead of Active Directory (AD). From there, employees can access corporate data and collaborate on projects.
How and why did your company stop using Active Directory?
Every year, in October, we put all our vendors on the chopping block, and vendors that aren't working for us, we get rid of them. We drew a big circle on a big whiteboard and at the center was AD. Out from there were the things we had that relied on AD. We worked backward. We said, for every single thing we have that relies on AD, we're going to find some other vendor to handle that. It was really tough, but we did it and it's been liberating.
Our IT department gives users access to company data.
vice president of IT and chief cloud architect, AMAG Pharmaceuticals Inc
Would you say that the consumerization of the enterprise overall is a positive or negative, and what's the hardest part to deal with?
Consumerization as you're defining it isn't really an issue anymore. I don't care what devices people use. As long as they're using Chrome and authenticating through Chrome, they can work from any devices they want. We just hired a new member of management and he came to the office with his Macbook Air, and he could get right to work, no setup. He was blown away. The company that he came from didn't have anything like that.
How do you protect the company's private information?
We audit everything. We use CloudLock, Spanning and Postini. A user logs into Chrome and accesses the company data, and I can see what people are doing. You can't sneeze at a Word Doc without me knowing about it. A couple years back, word got out that we were doing this, and now no one really does anything shady with our data.
They can absolutely store data on their devices. If they move data from the cloud to their device, I know about it. But what we're working on with vendors is having a document -- let's say you put it in Google Drive, then you can send out invitations to see that document, and people can collaborate on it to their hearts' content. At the end of the day, they leave it and come back to it tomorrow. Dropbox and Google Drive and services like that got close to this idea, but it's not perfect yet. We don't want people taking bits and pieces of data with them.
Do you also have policies around mobile device use and cloud access?
We have policies, but they don't really do anything. They're good to have, but they don't stop people from doing things that they shouldn't. What's more important is, do you trust your workers, or do you trust your cloud guy? Everyone argues that the cloud isn't secure, but my money is with the cloud guy. And that's what we do. Our IT department gives users access to company data. We're a pharmaceutical company, so we do have some data that I would rather not get out into the general public, but it's important to remember that the average person doesn't really care about that information.
This was first published in November 2013