Mobile
Commentary
10/10/2011
03:14 PM
Elias Khnaser
Elias Khnaser
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Regulating The Dark(er) Side Of Consumerization

Think an influx of shiny tablets is the main worry? Sorry to break it to you, but hardware is the least of our problems.

The consumerization of IT is forcing IT departments everywhere to rethink their policies, processes, and support procedures. But device diversity isn't all you need to worry about. Consider the applications that users now have free access to--and that allow them to circumvent all those policies and procedures you've so painstakingly put in place.

Take Dropbox, the bane of every BC/DR and content management admin. Sure, you could block Dropbox, but what happens when an end user walks down the street to her favorite mobile device store and picks up a wireless 3G card, which she can then plug into her laptop or desktop and use to gain access to the Internet uncensored? You see where this is going, right? Whac-A-Mole isn’t a long-term strategy.

I think this problem will eventually reach the point where IT will demand that a regulatory effort be launched. The goal would be to enforce criteria around how software-as-a-service (SaaS) applications are developed, ensuring that capabilities that will empower IT to protect the integrity and security of corporate data and access control are built in.

The big question, of course, is what body would have the power to enforce such regulations. The government is too inflexible and slow, not to mention the outcry that would result. A better route would be a standards body that has in its membership both SaaS vendors and enterprise security pros. That's one option; another possibility, likely more effective and faster on the uptake, would be for OS vendors to require certain criteria for applications that are going to run on their operating systems. But for that to happen, customers of those platforms would need to demand this change.

My bigger point is that, as technology companies stop marketing to IT departments and start marketing to your end users, smart shops will think differently and push the ecosystem to invent solutions for today's reality, instead of trying to make yesterday's tools fit a changed world.

One promising technology that we could base such new thinking on is location awareness. If SaaS applications are required (by the standards body we discussed earlier) to have functionality for location awareness, we can then develop tools to allow IT to enforce policies and procedures on the use of consumer services when devices are located within the organization. Think about it this way: If Joe is trying to move some files from the server to his Dropbox account, and location services track that he is in XYZ building, where IT has subscribed to the location service and specified a policy, then Dropbox would enforce your regulations based on location. When Joe goes home, he can do whatever he wants. At work, rules apply. And not to pick on Dropbox--Amazon Cloud Drive and Apple iCloud present similar challenges.

Take this approach and apply it to all applications, and we regain a reasonable level of control.

Right now, location awareness is completely optional, which means some software developers will build it within their applications, others will not. Similarly, some operating systems may have this framework, while others don't. But it's one way we could get a handle on the consumer applications that are threatening to unravel years of data management and security efforts. Would you get behind such an approach, or do you have a better plan? Let me know.

Elias Khnaser is the technology officer for integrator Sigma Solutions. Follow Elias on Twitter: @ekhnaser

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Solenoid
50%
50%
Solenoid,
User Rank: Apprentice
10/13/2011 | 2:05:13 PM
re: Regulating The Dark(er) Side Of Consumerization
I would expect that given all of the various tablet and OS makers trying to carve into a slice of this market, one vendor would realize that consumers aren't the only target market (even if it's largest), and design a device aimed at enterprises with these built in controls, or yes virtualization.

Manufacturers have already gotten the users familiar with the form factor, touch UI, and model of deployment. Now if they provide devices able to be locked down systemically, not just per app, then there's a use for that in my business: provided for workers - to work with.

I'm not so interested in allowing a user to bring in his shiny toy. Use your toys outside of work during playtime. At my work, we use tools, and we buy what's needed for our employees. I'm more interested in a (rugged) tablet device that I can deploy at a design office/manufacturing environment that does not leave the facility. If it has location controls baked in, instead of freeing it if it leaves, I can automatically brick it until it returns (displaying "Please return this device to Company Name, Address" - reward optional).

Not that a market leader has to actually *lead*, but I'd be impressed if Apple produced an iPad Pro, intended for at-work productivity and mobility within a building, not necessarily mobility throughout the rest of a user's world. I'm not so concerned with completist fanbois complaining about a product not intended to suit their individual needs. That's why it'd be a separate product. I could see Lenovo (or used to consider HP) differentiating itself for business purposes this way before Apple would change its paradigm. The first OEM to accomplish this well will take a considerable lead in creating a new niche market.

I'm certain that the device I'm thinking of would have similar enterprise applications in executive offices, facility management, intra-office communication (mail room), quality control, inventory management, and even security or loss prevention. I can already imagine Pro apps designed to facilitate these common specialized tasks, such as a GPS-type or enhanced reality routing for the mail boy to make his rounds similar to UPS's truck-based GPS solution.

Next step: replace us all with robots. Just kidding.
BRADCLIFF300
50%
50%
BRADCLIFF300,
User Rank: Apprentice
10/12/2011 | 1:35:17 PM
re: Regulating The Dark(er) Side Of Consumerization
Interesting thinking and yes this is becoming a big problem but the solution is not going to work. As whenever there are restrictions, especially technical ones then people will find a way around. I know I am one of those kinds of people.

Now add that you have Windows (at least three maybe five versions), OSX, iOS, Android, Linux, Blackberry, and a hodge podge of other OS's. Lets not forget the 100's of thousands of little app's. As I said I would bet the smart user will find a way around.

Going home, sure I can do what ever I want at my house. USB drives makes it easy to transfer and my auto backup makes a copy too.

I don't claim to know the answer but can tell you when you lock down people find a way around.

The virtual PC may be the answer at least for corporate data. And by-the-way it cuts PC support by about 80%, so now they can chase data security versus trying to fix PC's.
esthomason
50%
50%
esthomason,
User Rank: Apprentice
10/11/2011 | 5:25:27 PM
re: Regulating The Dark(er) Side Of Consumerization
"When Joe goes home, he can do whatever he wants." Thus, the glaring hole in this otherwise reasonable approach. If I by-pass my VPN to get to the Internet then my laptop-based files can readily be moved anywhere.

A different approach? Migrate towards a virtual desktop environment. All data stays in the data center. In theory.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.