One of the biggest challenges facing the CIO at the moment is the consumerisation of IT but I’m aware that may be a term that is meaningless to most in the IT department. Perhaps it’s better explained by the term Bring Your Own Device (BYOD) which is normally enough to send an icy shiver through the heart of many a desktop or security admin. Essentially consumerisation is the idea that your users are now driving your organisation’s technology adoption, especially in the device space. You’ve probably come across and are trying to block deal with people using their iDroid devices to do stuff (or your just ignoring it hoping it will go away like your job).
Of course you might be looking to actually embrace it so that you can take advantage of the cost savings, flexibility improvements and the like that it can bring, if done right. Alternatively you might think you’ve got it 100% sewn up and no-one can bring anything interesting in, and you have 0% chance of data leakage.
If you fall into the first camp then you’ll be looking at ways to manage device multiplicity*, to secure access to servers, to secure your data and it’s portability, to deliver applications seamlessly to users no-matter where they are. If you’re in the latter then what’s the chances you missed something?
*credit to @markwilsonit for coming up with that one
A better way
It’s become fairly clear that things have changed I think. It’s quite common that people want to use devices that aren’t corporate issued and as such you have to ask if they’re getting onto your network and then you have to ask if you can trust your own network? If they are using their own devices are they copying down email, how’s the encryption on that device, what do you do if it’s nicked, what if there’s no signal to remote wipe the device? If they’re bringing in their own PCs (which is the the most common consumer device for Bring Your Own – their own laptop) what controls do you have?
We see that there’s a better way with this issue. You build a network that responds to what’s happening, where devices have to meet specific criteria in order to access the more secure data in your organisation. Where the data itself is protected so that you can’t just copy it somewhere insecure and have it leak. Where applications are available to people in your org where they need to access the application. Where application access is device appropriate so you don’t have to wait for a full install on a device that isn’t your main one. Where remote access doesn’t require the user to do something different to when they’re in the office. Where working anywhere is normal. I think you get the picture.
A quick way to see the big picture, all together
We’ve got a whole host of technology that enables an environment like this, so let the acronyms commence:
App-V, RDS, SCCM2012, Exchange, AES, Office 365, Lync,AD-RMS, AD, DirectAccess, NAP, Modern Gateways, DHCP, IP-SEC
So in this selection of camp events we have a series of events to help you not only see the above but learn how it works. Camps are little different to other types of events, you lead the content and we don’t use (much) PowerPoint, it’s all based around us building the environment in the room – and by us I mean you get some hands on time. We’ll also be white boarding and thinking about what it takes to build a BYOD style policy, helping you identify some gotchas. It’s not your typical day of training – or some sales based demo.
Here are some links to some of the writing I’ve done on consumerisation over the last year or so, so that you can get the picture…
How the consumerisation of IT affects IT departments
How do you support consumerisation of IT
Building your consumerisation of IT strategy (part 1 of 2)
Building your consumerisation of IT strategy (part 2 of 2)
5 Imperatives for modern IT departments