|By David Blair||
|September 7, 2013 12:00 PM EDT||
Anytime we in IT encounter a new paradigm, our natural reaction is block, control, stop. In many shops, our first response is to prohibit users from accessing websites that the company has not approved, including cloud-based software, mobile applications, and other "bring your own apps" candidates. Instead, we ought to put more of our attention on words like partner or enable. That's what IT is really striving for.
IT managers want to serve their company's needs and to enable employees to do their job better. But the perception of IT is that is has been on a long trajectory towards (let's face it) irrelevance.
First, workers brought in their own PCs, then they brought in their own mobile equipment (the BYOD issues you've been struggling with), and Shadow IT was born. Nowadays CIOs struggle to balance IT, business, and worker-respect with the newest challenge: cloud applications and the "Bring your own apps" (BYOA) movement.
I've been watching this trend for a long time, and my conclusion is that the way for IT to deal with the "bring your own" movement is to embrace the cloud.
It isn't as though you have a choice. In 2013, the public cloud services market is forecast to total $131 billion worldwide, up from $111 billion in 2012, according to Gartner, much of it in SaaS and cloud-based productivity applications (such as Google docs or CRM systems). Nielsen reported in 2012 that U.S. smartphones have an average of 41 apps installed.
That isn't just a dispassionate statistical trend: It's the story of your life. Every day, people in your office are bringing in cloud applications to get their jobs done. Need a video conferencing tool? A bug tracking application? Internet-based storage? Online recruiting tools? Anything that used to be installed on a desktop or server (with or without IT's permission) can now be found online. With a credit card and a modest expense account, an employee can source any IT tool to suit the need.
Most IT managers contemplate the security vulnerabilities of cloud-based software with the gut-wrenching fear of a parent watching her teenager go on a first date. (But I haven't checked out your destination! I don't know what you'll bring home! Who wants to take advantage of you?) Often, enterprise organizations decide to lock things down as a way to control the situation, which works about as well as it does to tell a 15-year-old she isn't allowed to date or get her ears pierced.
It isn't as bad as you fear. By "embrace the cloud," I don't mean that IT managers should give up and let people do whatever they want with their SaaS applications and mobile apps. I do mean that you should give them the toolsets they want, and also manage the cloud.
There are tools that can help you do what you aim to do: protect the company, make sure that technology helps the business move forward, and enable end users to be productive. They can even save the business money.
Years ago, in the desktop computing era, we had server tools that would examine user desktops to learn what software was installed, under which licenses. We would use those tools to compare the applications the business was using to the applications that met corporate policies, for which the business had site licenses, and which complied with the IT security guidelines.
Back then in the stone age - about a decade ago - we'd use these asset management network exploration tools to discover that, say, the company was paying for 200 seats of PhotoShop when only 100 were actually installed (aha! Budget savings!) or that one department had an eensy bit of a problem with installing software for which they somehow could never produce a license or sales receipt.
Nowadays, though, you don't necessarily know which applications the users are using because they access the cloud applications through a Web browser. We do know that users are employing cloud applications, and they aren't going to stop.
Employees aren't doing this to thumb their noses at IT. Primarily, it's because users are motivated to be productive. If a SaaS application is purpose-built for their needs, they're going to find it and use it. If they have a distrustful relationship with IT, they sure aren't going to ask for permission first (if it even occurs to them to do so).
It becomes worrisome to IT when corporate info is stored in the cloud: Is it protected? Is it secure? How can we make sure it doesn't get into the public domain? So it behooves IT to recognize what really is being used across the organization - which we can accomplish with appropriate tools - both to learn what's going on and to serve the business.
As with the old-school network tools, it pays to consider cloud applications as an asset management issue as well as a security concern. Perhaps the organization has a site license for GoToMeeting but you see people using join.me. Can you get a volume purchase agreement for the more-preferred application if everyone is using the same tools? Or is the officially sanctioned (and paid-for!) tool not meeting user needs? This data helps a CIO make better decisions.
IT absolutely needs to know what their users are using and to educate them about the organization's IT challenges, and it should be a two-way conversation. Most "worker bees" do recognize that IT has a job to protect the company. Understanding how cloud apps are being used helps them optimize their environment and give them the tools they want. Once an employee recognizes he isn't being denied his God-given right to watch cat videos on YouTube but is instead affecting the Internet access speed for the whole company, he may be kinder to the IT staff. Plus, a lot of employee-introduced apps, when chosen for the right reasons, are adopted by IT.
Quite often, it's possible to throttle a cloud application to protect the organization's data or its resources, without affecting employees' ability to get a job done. Paying for a cloud application from IT's budget is one way to a department manager's heart; of course, but it may also be possible for the organization to brand a cloud application with a corporate logo. Companies can standardize on cloud tools as long as they can have administrative control; security holes such as chat functions and file transfer functions might be turned off. Maybe the department wants to control costs by not incurring file storage costs, so the tools (and policies) can permit the organization to set a limit of data stored by user or department. That becomes a conversation: What if we set that at 10GB per employee? Or does it need to be more?
To get their mojo back, IT departments have to champion the business. Accept that the cloud is here, it's growing, and you have to plan for it.