End users know what tech they want. IT must adapt to that reality--and know where to draw the line.
IT pros were once the alpha end users, on the leading edge of innovation and early adoption. You could count on the IT department to always be the first to explore a new gadget or software tool, starting way back with the first PCs and continuing up to the BlackBerry. We were always playing with the latest beta, the newest option, even that Internet thingy.
No more. IT organizations have evolved away from that kind of hotbed of user-driven innovation and curiosity and morphed into having a more inward focus, more likely to say "no" than "wow."
Too harsh? Look around and ask how willing and able most IT organizations are to try out a new idea, device, or application that bubbles up from the field, and how quickly they can put it in place. And consider the results of our latest InformationWeek Analytics survey, titled End User 2.0, for some surprising results.
For example, there's no question that instant messaging is pervasive in our society, yet it's been adopted by only 44% of companies for their internal use. A mere 18% regularly use IM for external use. A larger percentage of companies have officially rejected this means of communication.
That same type of resistance extends to support of new devices. No surprise that 98% of our survey respondents' organizations support Windows desktops and laptops, whether company-provided or not. However, support for any other type of device drops quickly after that, with only the BlackBerry supported by more than half of organizations. IT teams expect the PC to dominate as the key tool for knowledge workers.
In one sense, companies back IT into this corner. Policies around regulatory compliance, reliability, budget approvals, and support all give IT teams reasons to resist technology driven by end users. "Our staff likes to try new technology but then expects it to be supported almost instantly," says Bill Streahle, network manager for National Financial Partners. "They don't understand the challenges of enterprise IT support."
Yet IT needs to evolve, even as it draws the line on some end user demands. The consumerization of technology, the fact that employees are increasingly tech-savvy, and the rise of cloud computing all work against highly centralized and highly controlled IT. End users are ready to spend some of their department's money on some netbooks and a cloud app to get what they think they need to do their jobs.
A few characteristics define these new end users. One is mobility--being able to access core applications remotely and wirelessly on a laptop is a given, and expectations are rising fast to do so on a smartphone. So too is the requirement to access work information--starting with e-mail--using their personal devices. They're willing to stay connected at all hours, but on their terms.
With software, e-mail clients and browsers rule end users' worlds, and they wonder why everything can't fit there. Today's end users will accept a separate interface for CRM, ERP, IM, video, and e-mail, but they have lots of ideas for how you can improve it. They'll live with a "fat" CRM or ERP app, but expect hooks to it from e-mail and other collaboration platforms.
Most important, remember this characteristic of these experimental, demanding end users: They're among the most powerful IT assets in your company.
The IT profession has always griped about wanting a proverbial seat at the table, to be part of the bigger decision-making process. We got it. What we didn't realize is that the rest of the company now wants a seat in IT.
Time for a bigger table. Here are some practices that get in the way of IT meeting the new end user expectations, and changes to help meet them.
Too many IT teams think of security as their trump card to stop any discussion of emerging tech deemed too risky. Among our survey respondents, security was the most-cited concern about new technology adoption (57%), beating budget and staffing concerns (47% and 51%, respectively%). It's the most-often cited barrier to people using their personal technology for work (cited by 84%, up from 72% a year ago).
Are we really less secure than we were 10 years ago? Probably not. Much like watching cable news will make you think the world is burning and people are coming to snatch your kids, today's level of security awareness has altered the psyche of IT.
This new awareness is coupled with very real regulatory requirements, such as new Massachusetts privacy laws that require tougher disclosure when there's a security breach or problem.
It's no wonder the security folks are so jumpy. But they're missing the message that CIOs need to hear: Security is working. It's been more than a decade (yes, 10 years) since any particular security flaw has had a truly widespread impact. The Melissa and the ILoveYou attacks were the last.
We're not proposing you drop your guard. Security is a good reason to stop a project that's too risky. But if you've built an effective IT security model that combines base protection, active monitoring, and proactive management, and you stay tied into the overall industry, your chances of a major failure are slim.
Congratulate your security team for once and see if they can start moving out of their foxholes and figure out how to add some new devices and capabilities.
Those Damn Kids
Another trap for IT to avoid is to blame the younger generations for this pressure to let employees use more devices, to access consumer-oriented social apps, and to insist on more user-friendly enterprise software. Seventy- seven percent of respondents to our survey think there's a definite difference in how younger and older workers approach technology. Twenty percent of these respondents think the younger generations have a better approach to technology and are more eager to adopt and learn. But 23% think these tech natives are poor or problematic users of technology, resisting corporate standards and procedures.
To me, the 20/20 split has a familiar ring--and nothing to do with millennials.
Back in the '80s, mainframe manufacturer Nixdorf trained project managers on the 20/20 split they should expect on any new project: 20% of users would be great proponents of the new system, 20% would actively fight it, and the rest would wait and see who wins. The project manager's goal was simple: Encourage the good 20 while actively subduing (they called it training) the bad 20, so the rest stayed on the adoption path.
The difference today is that end users don't have to actively resist technology. They'll just buy and use whatever they want, whether IT gives it to them or not.
But they'll do better with IT's help. "I think we give too much credit to the younger workers for being tech smart," says Jay Wallis, CIO at Empire Roofing. "Having toys is not the same as using tech to set and accomplish business goals. Most have no idea about IT or reasons to secure intellectual capital. Technology is a tool to advance and accomplish business goals and profitability. Too many think technology is the end goal."
No doubt, IT must educate and enforce, not just enable. End users still need to be educated on effective usage, policy, and code of conduct. Also, integration falls squarely into IT's hands, so IT organizations must show business units why they need IT's help, rather than implement their one-off software-as-a-service CRM or HR tool.
To forge those relationships, IT must be open to end user ideas, not be suspicious of them. When it comes to consumer-oriented technology, only 32% of the respondents to our survey say they're proactive with or accepting of emerging consumer-oriented technology; 30% say they're prohibitive or resistant.
What's Changed In A Year
Since we last asked about hardware preferences a year ago, we have seen some interesting changes. Desktops continue to dominate most organizations--45% of companies give desktops to more than three-fourths of their information workers, more than any other device. But laptops are gaining ground--20% of companies now issue them to more than three-fourths of information workers.
Despite all the consumer interest and innovation in smartphones, IT isn't planning for big change to today's PC-centric world. Looking two years ahead, IT pros expect the BlackBerry to be the most popular platform, but only 23% of survey respondents expect to give more than one-fourth of knowledge workers a BlackBerry. As for iPads, netbooks, and other tablet computers, more than 80% of respondents expect that fewer than 10% of their companies' knowledge workers will have them.
This year, a whopping 96% of respondents said their companies have either standardized on Windows 7 or are likely to do so. Last year, when we asked about Vista, 82% said they were unlikely to standardize on it.
The inevitable move to Windows 7 brings up an opportunity for enterprise IT. There are some great new Win 7 features, like the expanded federated search functionality that you could integrate into your existing apps. While you're at it, why not add new functionality for mobile devices?
Mobility is vital to staying ahead of end user demands. Adding remote e-mail access is old hat; almost everyone is doing it in one form or another--74% provide Web-based e-mail, and 58% provide e-mail via personal smartphone or tablet. However, IT should be pushing further. Providing access to other core enterprise apps from mobile devices has the potential to boost productivity and employee satisfaction.
Case in point: manager approvals. Those two words strike fear in any employee trying to get a job done on time. Credit approval, free shipping for a customer request, vacation requests, even our tech support requests typically need a manager's approval.
Managers, you know the drill. It's supposed to be a quick check of e-mail, then click into the app, and approve. Try that on your BlackBerry. The e-mail comes in, but the app? Doubtful. Even if the app is browser based, BlackBerrys are notoriously bad at browsing and using large apps.
Adding mobile functionality to the core approval processes is the type of win that will endear you to every manager who has gotten a frantic call in a meeting from someone begging to get an expense report approved before deadline. You'll be pleasantly surprised how rapidly people may start using it.
Let Them Use Their Own Gear
The CEO of one Northeast consulting firm says that no matter which device employees own, his firm allows it for work e-mail access. "They're suddenly really excited that they can easily check their messages on their iPhone or whatever while they're on vacation," he says. "Try calling someone who's on vacation, and they'll bite your head off."
This extended access to the workplace comes with a price. Connect users to your systems, and they're going to ask for help.
"If I get one more call from a partner who can't access the network on a Saturday because their kid screwed up their machine, I'm going to need my own lawyer," comments an IT director at a large national law firm, whose partners regularly jump the queue and contact him off-hours when their personal devices act up.
As the boundaries between work and home blur, so must the boundaries for tech support. A brave 14% of companies actually encourage end users to contact support for assistance if they use their personal technology for work. Twenty-four percent have stood firm with the "you're on your own" mantra.
The rest are an interesting mix of unwritten rules (36% say they support but don't promote it) and coerced support (26% say they don't support, but people call anyway).
As IT allows personal equipment, it also needs to address the Apple factor.
IT should fess up here. Apple laptops are a secret toy within IT. They're great at running multiple operating systems, including Windows and whatever your favorite virtualization platform is. But IT's never been keen to move that affinity outside of its operations. With the iPhone, though, end users won't be denied. iPhones are the No. 2 smartphone in the U.S., and 28% of companies are somewhat or very likely to standardize on it, our survey finds; 5% already do.
Apple has added some solid functionality to the iPhone for business use. But iPhones begets iPads, which beget Macbooks, which introduce new authentication and management challenges. Macbooks can authenticate directly against Active Directory, but they don't have centralized policy management tools unless you add Mac Servers with workgroup manager or another third-party tool.
The problem with Apple devices goes beyond the gear and its sometimes frustrating lack of enterprise features. You may be OK with the limited enterprise-level controls, but can you live with the App Store? The App Store is a one-step click to a wide variety of goodies you may never want on your network. And the "community" has made it exceptionally easy to "jail break" a device to add features Apple doesn't support. Great stuff for the empowered user, but it voids the warranty--and guess who users are going to call for support? Limiting the iPhone and iPad to mail and Web functionality is one good option.
Your current e-mail is a great bellwether for how well you're positioned to meet the demands of your 2.0 end users. Are your e-mail systems integrated with key customer and vendor management systems, storing relevant e-mails and offering a universal address book of relevant contacts? How, if at all, are employees trained on e-mail? Are they taught cultural norms, like differences between the To: and CC: user? Are e-mail strings updated with each reply, or do they simply become a long string of pain for users to sort through? Is there a common framework for organizing and archiving the message types that flow through mailboxes?
If you're shaking your head, you're likely going to have a rough time rolling into any form of advanced communication--something end users will increasingly demand, or they'll get themselves through online services ranging from AOL to WebEx.
Today, there are four viable additions to e-mail that are ripe for wholesale adoption--Web conferencing, instant messaging, videoconferencing, and integrated social networking. IT teams that want to get ahead of their end users' expectations should be working on them. And they shouldn't run from the hard-but-valuable piece: interoperability with systems outside your company.
Around 20% of the companies we surveyed have external instant messaging, desktop videoconferencing, or some level of enterprise social networking in production, with a smaller percentage in the testing or pilot phase. That's 80% of employees not using these next-gen tools regularly (or at least not sanctioned to do so). When it comes to IM with outsiders, the situation is worse--62% have either rejected it or aren't even considering it.
Of course, companies have adopted IM or SharePoint-style portals internally, and they're getting a good productivity boost. Unfortunately, they're limiting the value by keeping it inside their walls, and frustrating users who are probably sneaking around their backs.
Prove IT's Worth It
One reason end user-driven IT projects can stall is the fuzzy ROI. Only 8% of the respondents to our survey do a detailed ROI analysis for an end user application or device project; 13% just estimate productivity gains; and 11% don't even factor in productivity. Put the rest in the "don't know, don't care" camp.
Too bad. End user projects are a perfect place for genuine ROI models, the kind that bring together diverse teams to discuss usage goals, adoption rates, and the rarely mentioned training plan.
Consider a simple ROI for internal IM that adds up annual costs and estimates a percentage time savings. It's easily tweaked either to make the IM case or show how it would be a dismal failure.
A better model measures sales and customer service benefits, as you push IM externally via gateways or Web-based chat. You chart reductions of e-mail and support requests. You measure adoption as well as end user and tech support training attended.
The costs go up dramatically, but so do the potential benefit and need for a broader review of the option. This moves it beyond a pet project and into the bigger discussion of end user needs. It also sets the stage for planning of a higher level of integration among all your devices and collaboration options.
Lost In The Cloud: Integration
Financial firms already cringe at the complexity of all the recording and conversation tracking they're required to do. Most companies don't even try to integrate all their conversations into a usable or searchable format.
Hardly any companies today offer integrated search for e-mail, database, and file stores. Add in message logs and Web conference transcripts, and you'll find very few have even thought that far.
A first step here is with the basics, such as synchronization of contact lists among different systems--e-mail, IM, CRM, and Web conferencing are the most likely ones for any sales team.
If you're preparing to add functionality to meet end user demands, look at existing integration points and find the gaps. Does the expense system connect to e-mail, for alerts? Does ERP connect with e-mail, or IM? You may find staff has added their own integration points without telling you.
Many IT teams also aren't keeping up with social networking applications within their network. Only 14% of the companies we surveyed have policies and controls for the use of "social media plug-ins" on the network. These are the nifty tools you can get for Facebook, LinkedIn, and Twitter that plug into Outlook or Lotus Notes. They're great tools if social networking at work is encouraged, but they can wreak havoc on your network and data security model.
Take the LinkedIn Outlook plug-in. It does a great job of syncing Outlook contacts with a LinkedIn account, and it will even find contacts that you don't have matched and look for them online. Great stuff, except it can work on any address book a person has access to. Getting ready to fire a sales rep? Make sure he or she isn't scanning the address book to link in with a few of your customers before being escorted out. There are hundreds of options--some from the social sites themselves, some from Microsoft, others from an anonymous garage hack in the U.K. IT needs to have a plan for whether and how to allow these in-demand tools.
This discussion isn't all about IT and the IT organization. IT won't be able to meet the expectations of the next-generation end user without help. The days of IT rolling out the "new" upgrade, whether it's hardware or software, are over. It's a new partnership with business units.
Innovation was actually easier before. IT's challenge was to persuade end users to adopt and use an IT investment. Today it's much more complex. Business units are bringing the ideas, as well as a vendor short list and maybe even a pilot test. IT must find a way forward that meets end user needs, and fits the defined security model without undermining previous investments or boxing out future ones.
How willing are you to let go of end user controls? As we noted, more than two-thirds of the IT organizations we surveyed don't have a proactive approach to new, consumer-oriented technology, with a third actively blocking any requests. You can blame security, budget, or reckless end users, but you're missing a major opportunity.
Make end users part of the technology process and you just may get end users who turn to IT with their best ideas and who respect IT's role in pulling together and protecting company information. Ignore or resist them and you'll fuel the underground IT battle cry: "IT just doesn't get it."
Michael Healey is president of Yeoman Technology Group, an engineering and research firm. You can write to us at firstname.lastname@example.org.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.