There's a silent battle being fought on the front lines of
organizations today, in cubicles, common areas and offices alike:
the rising employee use of "rogue" peer-to-peer and presence
technology. The mobile industry is counting on these services,
along with licensed content, to drive data revenues. At the same
time, there is a profound impact on IT, compliance, legal and
human-resources organizations, which must deal with the complex
requirements these "impromptu" technologies can present.
On the IT side, most companies are familiar with the model of
employees introducing productivity and communication tools into the
environment. PDAs exploded using this model. The burden of
understanding the technology, securing it, supporting it and making
it economically feasible then falls squarely into the realm of the
CIO. Depending on the timing, technology and impact on the network,
this can be an overwhelming burden. If the efficiency gains are
significant enough, however, you can count on deployment. There is
also the technology gap to consider, and this can have significant
contractual, expenditure and relationship impact with service
providers. A good example would be end users downloading and
utilizing mobile VoIP products on converged handsets -- a direction
most service providers are not readily embracing.
For compliance and legal groups, the rogue introduction of
technology presents a much steeper hill to climb, and perhaps a
more significant risk. Publicly traded companies attempting to
comply with Sarbanes-Oxley and other regulatory initiatives are
presented with new material exposures, in terms of the proper
auditing and archiving of messaging and conversational threads
outside of email. Available on the Internet are newer chat
technologies that leave no fingerprint -- presenting a nightmare
scenario on the legal front. These scenarios are a few clicks away
from being present in the enterprise, most at little or no cost and
completely accessible by end users via the Internet. If the network
isn't rock solid from a security and application standpoint, now
would be a good time to pursue a strategy.
From a human resources and corporate culture perspective, the
issue becomes less clear from a risk and benefit point of view.
Companies want employees to be creative and introduce ideas and
concepts to drive results quickly and efficiently. It's healthy for
the business, and employees often appreciate the responsibility. At
the same time, organizations do not want to jeopardize security,
compliance or their infrastructure to enable that creativity. The
odds of disaster may be slim, but it's not fiction -- it can
happen, making it a tangible and measurable exposure.
My advice to organizations hasn't changed much over the last few
years in terms of approach to this issue, since the issue itself
is, in essence, technology agnostic. In order to stay competitive,
organizations need to embrace employee creativity and
experimentation, so set up the right environment to do so --
culturally, politically and philosophically. This starts with
leadership messaging and is supported by a healthy dose of end-user
training, common sense policies, the right tools, and a rock solid
network. People who introduce rogue applications often do so after
being told "NO" by their internal IT staff, with little direction
or understanding of the reasons. This is the main cause of the
problem. Very often, employees don't realize the jeopardy they are
exposing the organization to. With a few malicious exceptions, most
employees want their company to succeed, and that notion can be
capitalized on. If you can change the approach on the new
application and say, "YES, and here's how we'll test it," the
outcomes may be radically different. More importantly, behavior
will change in the future, and that's where the real return is
waiting.
About the author: Michael Voellinger is widely respected
as one of the nation's top technology strategists and is considered
to be a thought leader in telecommunications. With more than 10
years of experience, Michael's analysis of security risk
mitigation, compliance and the convergence of telecommunications
has been continually sought out by leading corporations, government
and financial institutions. Michael's commentary has appeared in
The Wall Street Journal, New York Times, Investors Business Daily,
Smartmoney.com, and CNN Money, as well as numerous industry
publications.