The other day (Nov 16, 2011 to be exact), my fellow nerd and Tech Field Day delegate, Tom Hollingsworth crafted a great blog post on the new movement in IT, and business in general… Bring Your Own (Apple) Device to work. If you have not read the post yet… you gotta check it out.
This is Tom. Ask him about NAT!
After reading the post, I had some thoughts come to mind that I just had to throw into a reaction post.
As new generations of individuals grow up and mature, it is expected that cultural shifts will take place. What I do not understand is how a culture of technological availability has morphed into an expectation that an individual can bring anything into the corporate environment and expect to use it for their job.
Too many times, I am approached by users bringing their personal laptop into the office and wanting to know how to connect it to the internal network. Or, users that want to connect their iPhones to the network so they can use Spotify or YouTube without using their cellular data plans… as though the corporate infrastructure and services are there to do their bidding.
This new culture developing assumes that everything in the outside world must be the same as in the corporate world. Their iPad can connect to GMail, so why not just connect it to the Exchange server?
What the user sees. What IT sees!
The IT ecosystem is a carefully designed and tightly guarded world.
None shall pass!
Systems are selected carefully to ensure a proper balance between functionality, supportability, and stability. The discovery of an unknown device is enough to throw an IT professional into a fit of rage. The environment has been compromised in some fashion and there is potential to throw off the carefully designed balancing act.
The presence of an unknown device opens up a venerable Pandora’s Box and raises a huge red flag. Suddenly, the corporate environment is now vulnerable to a machine or device infested with trojans, a honeypot of virus infections, access to corporate resources, and not managed by IT.
IT has been assigned a critical role in modern businesses… provide tools that enable the business to function. Traditionally, this included the workstation, network, monitors, servers, etc… With more people feeling as though it is acceptable to provide their own devices, who is responsible for supporting them? What happens when the “S” key breaks off or the monitor is too blue for their liking. When IT owns and manages a device, IT is responsible. When the users owns the device, but is using it in a corporate environment, the answer is much foggier. An IT persons says the user is responsible. However, the true answer lies somewhere in the depths of politics and policy.
Unknown devices also introduce the loss of data control. The moment a user is allowed to bring in a USB drive, iPod, access GMail, or Dropbox, the data is no longer under any control of the company.
Corporate IT Adaptation
First and foremost, IT has a responsibility to the company to ensure the protection and function of corporate technological resources and systems.
However, with that said, IT needs to acknowledge the changing ways of technology. Anyone who has been in IT longer than 1 month knows that times have a way of changing and the minute you buy your phone, it is obsolete. That is the way of the world and 42 is the ultimate answer to the ultimate question of live, the universe, and everything.
Is Google “Deep Thought”?
IT departments need to be cognoscente of what exists in the marketplace, impacts (both positive and negative) to overall productivity/security, and the long term viability of those entities. A tablet, for example, may seem like a large phone (cough iPad cough). However, for an executive that spends more time meeting customers and reading email, it is a perfect tool to enable them to get their job done without needing a laptop… but how is it secured?
Security becomes one of the most important concerns for IT in a time where users have expectation of providing their own devices. NAC/NAP/Port Security ensures authorized devices are allowed on the network. Remote technologies (Application Presentation (XenApp/RemoteApp) and VDI (View, XenDesktop)) allow users to interact with applications running on protected and trusted infrastructure from unknown endpoints. Proper backups, snapshotting, and antivirus on the server and storage side ensure the data consistency is proper and recoverable in the event of a break in security.
Finally, IT needs to engage with the business to keep them abreast of concerns. Open dialogue with the business will help ensure technological expectations meet some sort of equilibrium between what IT feels is appropriate and what the business feels is necessary.
What do you really think, Bill?!
I whole heartedly do not like the idea of users bringing in their own devices for business use. Maybe I am cruisin for a bruisin (politically speaking), but I see my environment as known and trusted. The introduction of a new device takes some planning and testing because I have a responsibility to the company to provide a stable and operational environment. The introduction of a Mac laptop into my environment is not smooth. Exchange and SharePoint support is so horrible that Mac users need to use a Fusion VM running Windows 7 to fully function.
However, while it is possible to be completely restrictive and be more like “The Man”, I feel that the best way to manage the user owned devices converging on my environment is more political.
- I encourage the business to adapt corporate policies addressing the need to not bring personal devices into the environment.
- I encourage the business to develop a stricter definition of who needs email outside of the office, partial compensation for use of personal devices OR providing a company owned and managed phone, and which devices are supported.
- Have an open and friendly dialogue with those users that approach IT for assistance with personal devices. Being honest and frank about not supporting devices, needing management approval, and being unsure as to the functionality/operation of the device goes a long way.
I love the idea of new devices and new technology in the workplace. But, I want the introduction to be more structured and tested.
Tom – Thanks for the awesome post. Definitely food for thought and got my wheels spinning!
In my day to day work routine, I make a point to catch up on some technical sites. Sure, it is fun seeing what is going on in technology-land on a daily basis. However, keeping abreast of trends and issues in technology-land is super important.
This morning, I came across a very interesting article on slashdot.org. “Ask Slashdot: Do I Give IT a Login On Our Dept. Server?”. The question posed by the poster is as follows:
"I am head of a clinical division at an academic hospital (not Radiology, but similarly tech oriented). My fellow faculty (a dozen or so) want to switch from a paper calendar to electronic (night and weekend on-call schedule). Most have an iPhone or similar, so I envisaged a CalDAV server. The Hospital IT department doesn’t offer any iPhone compatible calendar tool, so I bought (with my cash) a tiny server, installed BSD and OpenLDAP for accounts, and installed and configured DAViCal. After I tested it out, I emailed IT to ask to allow port 8443 through the hospital firewall to this server. The tech (after asking what port 8443 was for), said he would unblock the port after I provide him with a login account on the machine (though ‘I don’t need root access’). I was taken aback, and after considering it, I am still leaning toward opposing this request, possibly taking this up the chain. I’m happy to allow any scan, to ensure it has no security issues, but I’d rather not let anyone else have a login account. What do the readers of Slashdot think? Should I give IT a login account on a server that is not owned or managed by them?"
So, my initial reaction was fielded by my internal System Administrator: WTF is this machine doing on the network? HIPAA violation anyone?!
However, after reading through some of the comments, my perspective changed. There was a blathering (if that is really a word) of comments ranging from “What is this machine doing on the network in the first place?” to “You should totally ask them why they want an account and they are totally going to get root and take over your server”. Event comments including “Just setup access on Google calendar and call it a day”. Sure, I could get behind one of these sides and be pissed off about the immediate situation. However, this is just a pointer to a relationship between any Corporate IT department and end users.
The issue that I see with all of this is rather than spending personal money to bring in an unsupported server into the environment is that this guy has actually identified a problem (not wanting to use paper calendaring) and would like a solution (CalDAV for iPhones, and such). This is the perfect opportunity to engage with IT and work with them to create a solution.
IT departments SHOULD be business enablers. They should be able to provide supportable, supported, and viable solutions to help enable the business to be more efficient and effective. There needs to be a process in which end users can introduce a new issues/project that they would like to have addressed in a organized manner. End users need to feel that IT is working to enhance their environment and not hinder their productivity. On the same note, IT needs to feel that end users are not pests that get in the way of getting their job done.
The interesting side effect of a good relationship between IT and end users in the situation above is the possible impact a proper solution could have. It may be the case that the hospital is already working on or has an existing solution for calendaring that may be expanded. Or, even better for the ego, this is a new project that may benefit the entire end user community and not just the local 10-12 people in the office. Suddenly, the user has improved the lives of everyone… he should have a parade in his honor!
At the end of the day, we are all people… IT, end users, customers, executives… everyone. Building healthy working relationships between IT and end users is critical to ensuring end user needs are met and IT needs are met at the same time. We all benefit from these kinds of relationships.