Regulating The Dark(er) Side Of Consumerization - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:14 PM
Elias Khnaser
Elias Khnaser
Connect Directly

Regulating The Dark(er) Side Of Consumerization

Think an influx of shiny tablets is the main worry? Sorry to break it to you, but hardware is the least of our problems.

The consumerization of IT is forcing IT departments everywhere to rethink their policies, processes, and support procedures. But device diversity isn't all you need to worry about. Consider the applications that users now have free access to--and that allow them to circumvent all those policies and procedures you've so painstakingly put in place.

Take Dropbox, the bane of every BC/DR and content management admin. Sure, you could block Dropbox, but what happens when an end user walks down the street to her favorite mobile device store and picks up a wireless 3G card, which she can then plug into her laptop or desktop and use to gain access to the Internet uncensored? You see where this is going, right? Whac-A-Mole isn’t a long-term strategy.

I think this problem will eventually reach the point where IT will demand that a regulatory effort be launched. The goal would be to enforce criteria around how software-as-a-service (SaaS) applications are developed, ensuring that capabilities that will empower IT to protect the integrity and security of corporate data and access control are built in.

The big question, of course, is what body would have the power to enforce such regulations. The government is too inflexible and slow, not to mention the outcry that would result. A better route would be a standards body that has in its membership both SaaS vendors and enterprise security pros. That's one option; another possibility, likely more effective and faster on the uptake, would be for OS vendors to require certain criteria for applications that are going to run on their operating systems. But for that to happen, customers of those platforms would need to demand this change.

My bigger point is that, as technology companies stop marketing to IT departments and start marketing to your end users, smart shops will think differently and push the ecosystem to invent solutions for today's reality, instead of trying to make yesterday's tools fit a changed world.

One promising technology that we could base such new thinking on is location awareness. If SaaS applications are required (by the standards body we discussed earlier) to have functionality for location awareness, we can then develop tools to allow IT to enforce policies and procedures on the use of consumer services when devices are located within the organization. Think about it this way: If Joe is trying to move some files from the server to his Dropbox account, and location services track that he is in XYZ building, where IT has subscribed to the location service and specified a policy, then Dropbox would enforce your regulations based on location. When Joe goes home, he can do whatever he wants. At work, rules apply. And not to pick on Dropbox--Amazon Cloud Drive and Apple iCloud present similar challenges.

Take this approach and apply it to all applications, and we regain a reasonable level of control.

Right now, location awareness is completely optional, which means some software developers will build it within their applications, others will not. Similarly, some operating systems may have this framework, while others don't. But it's one way we could get a handle on the consumer applications that are threatening to unravel years of data management and security efforts. Would you get behind such an approach, or do you have a better plan? Let me know.

Elias Khnaser is the technology officer for integrator Sigma Solutions. Follow Elias on Twitter: @ekhnaser

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/13/2011 | 2:05:13 PM
re: Regulating The Dark(er) Side Of Consumerization
I would expect that given all of the various tablet and OS makers trying to carve into a slice of this market, one vendor would realize that consumers aren't the only target market (even if it's largest), and design a device aimed at enterprises with these built in controls, or yes virtualization.

Manufacturers have already gotten the users familiar with the form factor, touch UI, and model of deployment. Now if they provide devices able to be locked down systemically, not just per app, then there's a use for that in my business: provided for workers - to work with.

I'm not so interested in allowing a user to bring in his shiny toy. Use your toys outside of work during playtime. At my work, we use tools, and we buy what's needed for our employees. I'm more interested in a (rugged) tablet device that I can deploy at a design office/manufacturing environment that does not leave the facility. If it has location controls baked in, instead of freeing it if it leaves, I can automatically brick it until it returns (displaying "Please return this device to Company Name, Address" - reward optional).

Not that a market leader has to actually *lead*, but I'd be impressed if Apple produced an iPad Pro, intended for at-work productivity and mobility within a building, not necessarily mobility throughout the rest of a user's world. I'm not so concerned with completist fanbois complaining about a product not intended to suit their individual needs. That's why it'd be a separate product. I could see Lenovo (or used to consider HP) differentiating itself for business purposes this way before Apple would change its paradigm. The first OEM to accomplish this well will take a considerable lead in creating a new niche market.

I'm certain that the device I'm thinking of would have similar enterprise applications in executive offices, facility management, intra-office communication (mail room), quality control, inventory management, and even security or loss prevention. I can already imagine Pro apps designed to facilitate these common specialized tasks, such as a GPS-type or enhanced reality routing for the mail boy to make his rounds similar to UPS's truck-based GPS solution.

Next step: replace us all with robots. Just kidding.
User Rank: Apprentice
10/12/2011 | 1:35:17 PM
re: Regulating The Dark(er) Side Of Consumerization
Interesting thinking and yes this is becoming a big problem but the solution is not going to work. As whenever there are restrictions, especially technical ones then people will find a way around. I know I am one of those kinds of people.

Now add that you have Windows (at least three maybe five versions), OSX, iOS, Android, Linux, Blackberry, and a hodge podge of other OS's. Lets not forget the 100's of thousands of little app's. As I said I would bet the smart user will find a way around.

Going home, sure I can do what ever I want at my house. USB drives makes it easy to transfer and my auto backup makes a copy too.

I don't claim to know the answer but can tell you when you lock down people find a way around.

The virtual PC may be the answer at least for corporate data. And by-the-way it cuts PC support by about 80%, so now they can chase data security versus trying to fix PC's.
User Rank: Apprentice
10/11/2011 | 5:25:27 PM
re: Regulating The Dark(er) Side Of Consumerization
"When Joe goes home, he can do whatever he wants." Thus, the glaring hole in this otherwise reasonable approach. If I by-pass my VPN to get to the Internet then my laptop-based files can readily be moved anywhere.

A different approach? Migrate towards a virtual desktop environment. All data stays in the data center. In theory.
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll