Losing the war to lock down networks might help enterprises innovate

While security concerns cannot be set aside, users unwilling to leave their own applications at home might bring some innovation to the office.

Experts at the Gartner Wireless and Mobile Summit warned attendees that locking down and banning consumer technology can choke off innovation.

"Users want all their options," said Bob Hafner, vice president at Gartner. He said that oftentimes support teams would end up spending more time and money managing strict policies than if they allowed user flexibility. This was particularly true with communications, he said, where much of the innovation is happening on the consumer side and then creeping into the workplace.

How bad can it be when organisations try to keep things locked down? For one Australian government agency Gartner studied, call re-direction was the single largest mobile expense. Users dissatisfied with the agency's standard-issue mobile devices simply programmed them to forward calls to their personal devices.

In contrast, Hafner cited a case several years ago where a bank asked him to build a business case for company-wide email. He struggled with the task, but the benefits were often not obvious: Why learn and manage a new application when a phone works just as well at lower cost?

When Hafner stepped away from the executive office and started implementing small group deployments, however, the benefits became obvious, often in surprising ways. "Users will build the business case for you," he said.

While completely blocking all consumer technology is becoming impractical, opening the floodgates isn't a sound idea, either: If every user utilised a different email application, phone syncing solution, and Web 2.0 document manager, the security management scenario would quickly become nightmarish. But according to Hafner, there is a middle ground.

Most users, he said, will fall into different categories, based on their usage patterns, technical savvy, and job function. The majority of users in most organisations can probably be narrowed down to five to seven profiles, and then policies can be developed with those profiles in mind.

Monica Basso and Nick Jones, vice presidents with Gartner, laid out an "A to F" continuum of support that can help IT decide how to manage aspects of user-implemented technology:

  • Approve. Explicitly approve some technologies for use, without support. This could work well with cell phones in some environments: Users can buy any phone they want but must be willing to be on their own if they have trouble. Often, "approved" devices are in a different class from "supported" ones, so that some users can buy recommended phones, for example, and they will get technical support.

  • Block. Actively seek out and block unauthorised applications, devices and usage patterns. Often costly, there are some scenarios where this still makes sense. Heavily regulated environments might mean that consumer instant messaging clients, for example, are unacceptable.

  • Contain. Similar to "A," but work to promote best practices to ensure that consumer tech is a positive force on productivity while mitigating risks -- for example, allowing use of GMail but disallowing attachments, which can contain confidential information.

  • Disregard. Turning a blind eye is always a choice, but given the risks involved, probably not a good one.

  • Embrace. Active support and promotion of consumer technologies in the workplace. More than simply approving, this means training and support on these technologies.

  • Fix. At this point, failures have started to have an impact on the bottom line, and large investments of time and energy are needed to get usage back on track. Part of fixing that problem could be setting policies and precedents for future consumer technology, ensuring that failures are not repeated.

Depending on the business environment, a mix of these policies may make the most sense, but conscious decisions in each major area - email clients, Web usage, mobile phones - could head off major problems down the road, and could even help discover solid strategic benefits.

IT should, however, set firm guidelines where needed. Hafner said that phone numbers, for example, should be owned by the company. Otherwise, a sales agent who jumps ship could easily take his clients with him when they call to re-order.

Hafner also emphasised the importance of finding and cultivating relationships with power users to identify trends and potential innovations in the network.

"Valuable opportunities show up if you just let the people play with the technology," he said. He recommended finding these users by asking departments who their go-to guy is for tech problems before they file help-desk requests. Then, admins can see what is being done and how best to quantify the benefits - and risks - technologies can bring.

Read more on Network security management