Why the Business will Resist IT Controlling their Devices

  • Vote This Post

    2
Posted on May 3, 2012 by Bruce Stewart Posted as Bring Your Own Device

When you work in IT, control seems natural. How else can you ensure things will work?

Here’s how the typical person in the business sees it — and why they’re going to resist even minimal controls like “approved devices” and “let us install this.”

They bought their device, probably in a mall, from a kiosk or store operated by a vendor.

They turned it on, and it worked.

They installed an app or two, and they worked.

They browsed a website or two, and that worked.

Why, then, do you think things won’t work here?

After all, the phone was made a different company than the carrier, the apps all came from even more companies, and the websites are from all over the place.

Yet — phone, pad, netbook, whatever — it all just worked.

That’s the core of why they don’t think IT needs control over what they use and how they use it.

After all, the WiFi at Starbucks worked just fine — what’s special about it in our office?

The reality is, of course, that on the public Internet everyone has had to solve the same security and data protection issues that IT worries about.

Amazon has to protect your credit card and shipping address. The Android Marketplace likewise. The Globe and Mail’s app had to handle the newspaper subscription for that iPad.

Why is it that IT doesn’t see the world the same way?

The way of the Internet: each service is its own thing, and secures itself.

Anything that can route there and establish an IP connection is welcomed.

Instead, IT typically sees security, integrity and protection as add-ons, something that has to encompass everything, while it’s wide open once you’re inside.

That’s a design flaw that no one’s questioned for years. It’s a hangover from having a single computer — mainframe or midrange — with a security package installed on it and dumb terminals attached to it.

In today’s world of virtualized servers, cloud resources, multiple device types, “work anywhere” habits, that just won’t cut it.

Business folk would be readier to play ball if they thought IT had caught up to the twenty-first century.

So IT will lose the control battle. The business will make sure of that.

I think, if I ran IT, I’d be architecting security and controls the business can work with.

That might actually sell a “transitional period” of device limitation and control.

Nothing else will.

Bruce Stewart Bruce Stewart (98 Posts)

Bruce Stewart is a 39 year veteran of IT management and above. He is an executive advisor serving CIOs and senior executives in areas of governance, strategy, complex architectural transitions, portfolio yield and value generation.


Related posts:

  1. Consumer Devices in the Enterprise
  2. Social Business…the next big thing?
  3. Shifting the Mindset of IT to Cause Transformation in Business
Tags:
  • Don Sheppard

    Interesting comments, and great food for thought.
    Somewhere along the way I suspect that people thought that security, privacy, namingaddressing, management, etc. were complicated enough that it was lss costly and safer to treat them as “common functions” rather than re-inventing them for each application (especially back when apps were developed in-house).  And all the apps were being used only by employees, not the general public.
    But you are right, times have changed dramatically…and so have the break-ins, identify thefts, missing laptops, and so on.