IT has traditionally been the gatekeeper of technology in the enterprise, and why not? Technology-based systems are a complicated mess of segregated infrastructures forced to work together to manipulate and display data in ways that make sense to the rest of us. You’d need a college degree just to find the "On" switch. This specific technical knowledge has put IT in the position of dictating what tools the business should use to do its job.
The mobile movement has created a growing trend, coined as ‘simplexity’ by the authors of The Six Immutable Laws of Mobile Business, that takes these complicated systems, marries them together with common Application Programming Interfaces (APIs), and then masks them behind simple, people-friendly user interface design. The end user no longer needs to rely on the tech-savvy IT person to help with setting up her workflow. Instead, she’s empowered to use the devices and software she needs to work the way she wants, with little to no reliance on the IT department at all. One of the more obvious examples of this trend can be found in Apple’s iPhone and iPad with their massive index of available software applications. Welcome to the consumerization of IT.
The consumerization of IT is the growing tendency for new technology to be introduced to the enterprise environment by the end user, rather than IT. Quite often, these requests to use consumer-grade devices and software are coming from the executive and leadership tiers, making it difficult for IT to refuse. However, with great power, comes great responsibility.
IT may often seem like the roadblock preventing us from doing our jobs, but they have the daunting responsibility of managing the company’s entire digital footprint, ensuring systems are always running, and maintaining the highest levels of security on a continuously shrinking budget. Most enterprise IT budgets are barely enough to keep the current systems running, let alone keep an eye on the ever-increasing list of consumer-focused productivity devices, apps and services.
What can the business do to help IT work through these new user paradigms to maintain security requirements while providing access to data?
How is data stored in the app, handled in transmission, and stored in the cloud? The iPhone/iPad hard disk has built-in encryption at rest (meaning the data on the disk is protected by encryption as long as the device is locked), but data stored on the device is unencrypted while in use. Did you know that there are many simple applications that can read the file store of a device by plugging it into a computer, or by connecting over Wi-Fi? Applications with a built-in encrypted container can help keep data safe from these types of vulnerabilities.
Some questions to ask yourself about the security of your apps are:
- When it comes to the transmission of data (like sending a copy to the cloud storage facility), is the data encrypted, and to what level?
- Regarding the cloud storage of the app data, is the application provider in any way affiliated, supported, or owned by a competitor?
- If your company is publicly traded, what are the responsibilities of the company to divulge use of any app that may be?
What kind of support does the app offer? If the app is in any way used in a business-critical way to manage company information, what guarantee do you have that it will be accessible when needed, and who is responsible for getting it back online when it goes down?
Being able to answer these questions before going to IT to help evaluate costs, implementation, and security will go a long way to help deliver the tools and services you need in a sustainable and supportable way to the rest of the organization.