As corporate employees become savvy technology consumers, they are bringing personal devices into the workplace and eschewing corporate technologies. In this Q&A with Colin Steele, executive editor of SearchConsumerization.com,
How do you define the consumerization of IT?
It’s people using consumer technologies at work, often without their IT departments’ knowledge or permission. Most people think of the recent influx of personal smartphones and tablets into the business world, and that’s a big part of this trend, but it’s not the only part.
Consumerization also encompasses the use of the personal cloud: online email, productivity, storage and collaboration services that let employees transmit and store data outside the corporate network. If a project team creates a Facebook group to share information more easily, that’s another example of consumerization. Really, any consumer-oriented technology that people adopt for business use falls under the umbrella.
Why is the consumerization of IT happening now?
It’s happening because, frankly, some consumer technologies are better than traditional enterprise software at helping people do their jobs. People work in more mobile and collaborative ways now than they did in the past, but enterprise software doesn’t always meet these new needs.
Today’s popular mobile devices are faster and more intuitive than typical corporate-issued smartphones. Most cloud email services offer larger file attachment size limits, better search functions and easier-to-use interfaces than enterprise systems. And cloud storage and collaboration services don’t require virtual private network access, unlike corporate network shared drives.
What are the major concerns for IT professionals?
Security, security, security! Not to sound alarmist, but users today can access corporate systems from all sorts of devices and store corporate data everywhere from here to Timbuktu (or whatever the cloud’s version of Timbuktu is called). Sure, these device manufacturers and cloud services all claim to be secure, and they very well may be. But as an IT professional, you may not want to put your organization’s security in the hands of a third party. Regulatory compliance also comes into play; if an employee accesses or stores protected data outside the corporate network, that alone can constitute a violation.
Other problems can result from consumerization. If too many employees bring their own smartphones and tablets to work, for example, it puts a strain on wireless network resources. But security should be the top priority.
What does BYOD mean, and what’s its role in consumerization?
BYOD stands for “bring your own device.” You may have also heard the terms BYOC and BYOPC, which stand for “bring your own computer” and “bring your own PC,” respectively. Different people have different definitions for these terms. Some say any organization where employees use their own computers, smartphones and tablets for work is a BYO shop. But others say BYO is a specific policy in which an organization gives users a stipend to buy their own devices in lieu of corporate-issued technology.
Either way, BYOD is the driving force behind consumerization. Managing, securing and delivering corporate applications and data to personal devices will be one of IT’s biggest challenges in the coming years.
If you could give IT professionals one piece of advice for dealing with consumerization, what would it be?
At every conference or panel I’ve attended since I started covering this trend, the same theme has emerged: Focus on managing data, not devices. There are so many smartphones and tablets out there, and they have different operating systems, hardware and carriers. Even if the tools existed to comprehensively manage them all, doing so would not be an enviable task. Plus, it would still leave data vulnerable in personal cloud storage services.
Managing and securing data in the era of consumerization isn’t exactly a piece of cake, either. You have to resolve a lot of questions concerning who can access which kinds of data and from where, and then implement technologies to enforce those policies. But if you can establish and enforce these policies successfully, you won’t have to worry about every new device or cloud service on the market.
This was first published in April 2012