Users vs IT -- Is IT Losing the Battle?
In the age of mobile computing and bring-your-own-device, can IT ever regain control of “rogue” users?
Commentary by James E. Powell, Editorial Director, ESJ
A new study commissioned by Unisys and conducted by Forrester reflects a younger workforce’s comfort with consumer IT and expects such productivity tools in their workplace.
Unisys Corporation commissioned Forrester Consulting to conduct its third yearly survey examining the deepening “great divide” -- how mobile workers are increasingly challenging the IT departments that support them. Unisys uses the word “aggressive” to describe the battle, citing how the “consumerization” of IT and an emerging “mobile elite” worker class are creating risks for enterprises and headaches for IT.
I understand both sides. I worked in IT for nearly two decades and struggled to keep up with user demands while enforcing company policies or ensuring regulatory compliance. I’m now on the user side, and although I know IT is a necessary evil, it’s increasingly a roadblock to my productivity. I’m fortunate in that I can use my own equipment (PC, laptop, etc.) to get my work done; on company-issued laptops, I’m restricted to the list of “approved applications” I can use. Sure, Word and Excel are a vital part of my toolset, but without Macro Express or DataPrompter, I’d never have the automation tools I need to get through the stack of new manuscripts that grows every day. Yes, those applications are that critical to my job.
Think IT gets that? Some tools I am happy to use -- a VPN to access company files and e-mail, for example, is a minor inconvenience to securely transfer files to my desktop -- but the basic toolset is inadequate, and there’s no sign that that will actually change. IT “support” means nothing if it doesn’t help me complete my work quickly and efficiently.
Unisys’ report tells me I’m not alone.
Unisys points out that its survey “shows that [the user/IT] divide is being driven by a class of super-connected, tech-savvy mobile workers who are defying IT policies by using unsupported, ‘bring your own’ devices and applications to get work done and serve customers on the front lines of business.”
These “mobile elite” workers, as Unisys dubs them, are “creating fresh support and security challenges for their IT departments, which often have a different view of how and where personally owned technologies are being used.”
A big part of the problem stems from the growth of mobile devices. BYOD is growing stronger -- the survey found that 43 percent of surveyed “iWorkers” are using three or more devices for work. Smartphones head the list (44 percent of workers are using them) -- and a third of such devices were purchased by the employees themselves. Fifteen (15) percent are using tablet computers to get their work done -- half of those were paid for by the employees. Convenience is the top reason for using the devices according to 68 percent of tablet users and 63 percent of smartphone users.
Unisys puts a new name on the long-established practice of users loading unauthorized applications on their systems -- BYO Applications -- which is a practice of almost 4 in 10 users in the survey globally. We’re not just talking traditional software apps, either -- users are now working with cloud services (personal e-mail, file sharing, video conferencing) to get their work done.
Technology at Home and at Work
Remember when IT used to have the cool new products that were too expensive for consumers to adopt? Times have certainly changed -- 62 percent of 18-31 year olds (Generations Y and Z) and 54 percent of 32-45 year olds (Generation X) claim “the technology they have at home is better than what they have at work.”
IT and users certainly don’t see eye to eye about BYOD/A. More than half (56 percent) of business users use the unauthorized products and services “because they need the capabilities and their organization does not provide an alternative.” Nearly 3 in four IT executives (72 percent) say it’s because of “personal preference, not because they need to do critical work.” Clearly they haven’t used Macro Express, Dataprompter, or my other favorite, Dropbox (but only for non-sensitive works in progress).
That’s not the only place where opinions are out of sync. When it comes to support, “61 percent of ... IT decision-makers surveyed believe that their employees will contact the company IT department first when they encounter a problem with a personal device they use for work,” but “64 percent of iWorkers say that they would troubleshoot the problem themselves or contact a friend first.” Only “21 percent would make the IT department the first point of contact for resolution.”
How good is that IT support? Not very. Although “61 percent of IT respondents say that their organizations provide a high level of IT support for company-owned smartphones and tablets” (which is up from only 27 percent just one year ago), only 17 percent this year and 18 percent last year agreed that IT is providing a similar level of support for employee-owned devices. That’s a very wide divide.
If IT wants to get the situation under control, they’ll probably want to target what Unisys identifies as “mobile elite workers.” Nearly one in four workers (23 percent) are driving the push for productivity with their own purchases. For example, this group says they are using “consumer technologies to be more productive, serve customers, and drive innovation.” Over half (58 percent) “spend their own money to buy things such as personal technology do their jobs, compared to 27 percent of average iWorkers.” Two-thirds of mobile elites claim that use of such technology “makes them more productive and efficient, compared to 43 percent of average iWorkers.”
Collaboration is a big buzz word, and those mobile elites are no exception. Over a third of them say that the personal technology they use “allows them to better serve customers and collaborate with colleagues, compared to 24 percent of average iWorkers.”
Unisys reports that 82 percent of them have downloaded unauthorized applications, three times the rate of other workers, even though three-quarters of “IT decision makers say they consider downloading unauthorized software for work as grounds for dismissal.” I asked Weston Morris, global portfolio architect for end user services at Unisys, what accounts for the disconnect? Are users unaware of company policies, unconcerned that they’ll ever be punished, or simply willing to risk termination in order to get their work done?
“I believe that the principal reason for the disconnect is that company polices have not kept up to date with the rapid proliferation of consumer devices, the availability of cloud services, and the HR implications of BYOD. That discontinuity increases the likelihood that employees will bypass policy. Overall, the 2012 Unisys Consumerization of IT study shows that end users are not maliciously bypassing policy. When they do so, it’s because of their zeal to serve the customers, collaborate with colleagues, and improve their productivity.”
This elite group may also have more influence over changing the status quo: “37 percent of mobile elite respondents say that they recently convinced their management to significantly change a work process, compared to 27 percent of average iWorkers.”
How well is IT keeping up? Not well, by IT’s own admission. Over half (54 percent) of IT decision makers admit that their organizations “have inadequate tools or [are] missing policies to secure employee-owned smartphones.” They’ve implemented relatively weak solutions -- 71 percent have implemented password-based solutions “as the primary means of user authentication, or plan to do so over the next 12 months.” That’s a start, certainly, but more sophisticated security isn’t as popular -- including attached-device authentication (only 22 percent have installed) and facial biometrics (12 percent).
At least they recognize the problem -- “67 percent of IT decision makers ... say that enhancing mobile security is a high or critical priority over the next 12 months.” Of course, that could all be lip service -- the answer selected to make them seem concerned.
Has IT lost control (assuming they ever had it) of such rogue behavior? Can they get it back? Are we at a point where turning back BYOD is even possible?
“There is no question that BYOD and BYOA are going to continue, likely at an increasing rate,” Morris said. “I think the task at hand for IT is not so much a matter of taking back control over BYO, but in identifying and collaborating with the mobile elite so that the entire organization can benefit from their expertise and commitment to innovation.”
Best Practice Recommendations
What best practices does Unisys suggest? Weston Morris offered a few suggestions:
“The first step is to realize that the question is not, "To BYO or not to BYO?" There is actually a spectrum of BYO models with tradeoffs between flexibility and security. The key is to identify which level of BYOD/A is appropriate for each business role. Earlier this year Microsoft defined a framework with four categories that is very useful for putting a BYO strategy in place:
- Here's Your Own: The enterprise buys the device, selects the OS, apps, and policy. Very secure. No end user choice. This approach is necessary for devices that contain high-value IP.
- Choose Your Own: The enterprise selects a range of endpoint devices that meet minimum security requirements. Some policy is mandated. End users choose the devices/apps from this list. There is some restriction on what end users can access on these less-secure devices.
- Bring Your Own: The enterprise provides limited access to e-mail only to a wide range of consumer devices. This isn’t allowed for roles that access high-value IP.
- On Your Own: The enterprise allows non-employee visitors to access public “guest” Internet using any mobile device.
“I've found that "Choose Your Own" is a great way for IT to provide some level of BYO but without the security risks and support costs that a wide-open BYO approach could introduce.
“The second step is to identify and collaborate with the mobile elite. As the 2012 Unisys Consumerization of IT study reveals, these folks are going ahead with BYO whether IT supports them or not. We have used this collaborative approach inside Unisys for our Vista, Windows 7, Office 2010, and BYOD programs. Small groups of mobile elites piloted the program with minimal support from IT. We set up social computing sites to encourage the mobile elites to collaborate in identifying and solving issues. IT then captured this IP and made it available to the service desk and self-service portals so that the average iWorker could benefit from it.”
The study, Mobile Workers Use Personal Apps to Solve Customer Problems – Is IT Ready, Willing, and Able To Assist? A Forrester thought leadership paper commissioned by Unisys, September 2012, (yes, that’s really the name), combines results of two global surveys conducted in June 2012. The first asked 2609 employees and “iWorkers” to evaluate the state of mobile and personal device use and personal application use in the workplace. The second study asked 590 IT and decision-makers in larger organizations (500+ employees) responsible for purchasing “computing devices or applications to support their enterprise.”
The study is available here at no cost, though you must register for access.