I was at an event recently and the vendor up on stage was trying to show how their company was taking the idea of the consumerization of IT seriously. From Quocirca’s point of view, consumerization is important — the continued growth of bring-your-own-device (BYOD) combined with bring-your-own-software (BYOS) through the downloading of apps to these devices means that IT has to be far more intelligent in how it deals with this aspect of shadow IT — and what it can mean to the business.
To show how the vendor was paying attention to the consumerization issue, a Venn diagram was shown, as such:
This looks pretty good — the employee is the one driving consumerization, and IT is the one that is left with the mess if they cannot control it. However, surely there is a missing circle in this Venn?
Sure, employees are crying out for the capability to use their own device, in their own way, with their own tools, and the IT department cannot hold back the BYOD tide. But just where is the actual organization in all of this?
Quocirca research has shown time and time again how there is a chasm between the IT function and the business: IT is often technically focused and is trying to keep a platform of hardware, operating system(s), application server(s), and applications running. The business doesn’t really care about this — it will complain like mad if the platform isn’t working, but while it is, then it really couldn’t care less if it is being run by a group of elves chanting incantations in caves under the organization’s HQ. What the business cares about is revenue, customer loyalty, monetizing its intellectual property and so on.
Meanwhile, the employee is bothered about keeping a roof over their head, paying for food, saving up for the next vacation and so on.
These three groups — users, IT staff and the business — are very disparate, yet have to work together for everything to be successful. Where a business has concerns over who can see certain information and requests multiple layers of security, the user sees a block to the way they want to work. IT sees yet another demand from the business for something that needs scoping out, developing, retro-testing, rolling out, and supporting. It’s not surprising, therefore, that many systems end up in a bit of a mess.
Therefore, the more accurate Venn diagram has to be as below:
Ensuring that any chosen system or solution hits the correct point of the Venn diagram — i.e. the intersection of the three circles — means that all three groups should be happy. Concentrating on any one or two groups will lead to something where at least one group is unhappy — and so to a system that is bypassed or misused.
So, if a business has worries about who can see certain information, then it should talk with IT to ensure that any complexities of a multi-level security system is hidden from the employee. This can be done through, for example, the use of single sign-on systems tied into a corporate directory (say, Active Directory) that defines who has what access rights to which digital assets (see a Quocirca report on this subject here). The employee sees little difference in how they work; IT gets a funded SSO project to put in place something that cuts down on help-desk calls; and the business gets greater control over its intellectual property.
It seems to me that many vendors seem to have moved too far over toward a two-circle Venn diagram of IT and the employee. Bringing the business back into the equation is not just a “nice thing to do”, but an imperative to ensure that technology, business and the individual work well together.