Tuesday, September 14, 2010

In IT today, the user is the king

Chris Murphy, the editor of Information Week, has just written a statement that I find compelling and true: “In companies today, the problem isn't so much that employees expect IT departments to get them every toy they want, as soon as they want it. The challenge for IT is that, if employees think they need technology, and the company doesn't provide it, they'll just get it themselves. That's especially true when it comes to mobile and other personal productivity tools.”

Let’s face it, the days of monolithic IT are over – or at least they’re numbered. I grew up in that environment, working for a big regulated monopoly with billions in annual revenue. The Information Services department had thousands of staffers – I don’t even know how many, and I was a small fish in a very big pond. But when it came to clout – having it and using it – IS had it by the mile. User policies, network policies, data security, software packages approved or not approved, the list goes on and on; whatever it was, IS laid down the law and the law was obeyed.

Things have become very different today. It started with the PC on the desktop, which gave users some measure of local control over their software and environment. It exploded with the web and has gone even further with smartphones. Yes, the user control over IT in many places outweighs whatever IT can dictate, no matter how good the reason.

The tech industry is mostly the cause of all this, turning every IT user into an informed consumer who is actively marketed to and wooed with all the latest gadgetry, whether they see them in TV commercials or on the web. The seed of all this is the first IBM TV commercials (like this one), which used the Little Tramp (a la Charlie Chaplin) character to tout the capabilities of the IBM PC. What was revolutionary about this ad campaign was that it wasn’t aimed IS managers and executives: it was beamed direct to the end user. Hello, new world. Did I hear someone say pull vs. push strategy?

I was an IS newbie back in those days and when I saw those IBM commercials, they made me too covet a PC on my desk (yes, I can remember the day it arrived). Now that I’m a CIO I’ve come full circle; all the users that my department supports are wooed by ads for the iPhone, and if they want it, they’re going to get it. The same with any other new fad gadget or web tool. Skype was another example, which started appearing on many user desktops before corporate IT knew what was happening or had a chance to react.

Now don’t get me wrong. I know many organizations continue to lock the desktop and prevent downloads or installs of new software. This is appropriate if the conscious decision is made that security trumps all else. But this reality is no longer universal. The web is just too useful and entwined in everything we do in business (and personally). In many corporate settings, the genie is already out of that bottle.

This isn’t all a bad thing, as I tell my friends and peers. We’ve traded locked-down IT security, for a more open, more diverse environment. It’s an engineering trade-off and I believe our organizations are the better for making it. Empowering users and unleashing their creativity with the tools they need (they’re better judges of what they need than we in IT are), leaves us better off than if we had an iron-clad IT environment, in which everything is safe, secure, standardized – and no one can work. For your workforce to be your engine of innovation and creativity, IT security and standardization have to be tempered with a dose of reality.

There’s no perfect place here: only a compromise in the middle, although that middle is skewed closer to the user’s preference than to IT’s. More work for the IT staff, more headaches and a few more horror stories? Absolutely yes. A more agile, productive and cutting-edge workforce? Ditto. You gotta love it.

4 comments:

Keith Kibler said...

That's great for the CIO to say, but down here in the IT trenches, where the fingers meet the keys, implementing solutions in this "unlocked" environment is even more difficult now...

An example: printing barcoded labels in a warehouse environment, without requiring the user to "identify" the output device for each label. In a "monolithic" environment this is relatively easy, as the application typically "knows" about a particular printer, and can assume that the device will not change without knowledge.

In the PC-at-the-desktop environment, not so. Is the printer connected directly to the PC? via Parallel, serial, or TCP/IP? Is the device actually available to this PC? What's the name? Will that name be the same on each PC the application runs on? How do we acquire this information, in this environment, without requiring the user to become the "local expert" on their configuration? Did the user actually purchase the correct device for this application? Does the PC device driver actually work for this device, or do we have high-volume issues? Was the device driver installed? Correctly?

So... which is better? both... but companies need to be prepared to update the toolkit of their IT staff (programmers included) to support this new world, or risk losing control of the entire development cycle - where users piece together the solution themselves... Isn't that where this all started?

Unknown said...

Mike said..

I am not in IT and yet I see people carrying around their IPhone in an environment that is clearly Blackberry only. Halt technology is like trying to halt science. You may not like the outcome, but people will adapt. One person's "Brave New World" is another person's (usually younger) "world." Change remains the only constant.

Thanks for getting my thinking going.

Dave said...

Of course, support of the business all comes down to what do individuals think they need to do to better deliver on their responsibilities within the Corporation, what they actually need to do so, and what the Corporate Entity will embrace in individual choice vs. Corporate Compliance. An interesting fine line for IT to walk in discharging their responsibilities.

My read is that the consequences of acquiescing to individual "wants/needs" are usually not fully understood or appreciated by the people "demanding" technology that has not yet become standard in the normal business environment. It usually involves "easier or broader" access to information, the need for which is either real or imagined. The awareness of the individuals who make up the much broader Corporate Entity needs to be heightened as to what significant consequences can occur when best practices are not defined, implemented and adhered to relative to access to information.

Education as to the role and need for security, in order to effect cultural change, is critical and too often ignored in favor of putting in place policies that, of course, everyone will adopt and adhere to. The major incidents that cause the very visible negative consequences are usually few and far between or not publicized outside the organization.

Education here brings back memories of the films we (those of us who are older) were asked to watch as part of "Divers' Education" in High School. They showed horrifying outcomes of bad behaviors, but unless individuals were willing to exercise responsibility and good judgement, the outcomes were what they would be.

So in my experience, Information Security and IT Guidelines, Policies and Procedures need to be in place to set standards, but in themselves, don't solve the overall problem. Programs involving responsibility and individual accountability need to be improved in many areas of Corporate America. Culture just doesn't "happen". It is created through planning, communication and commitment at both the Enterprise and individual levels.

Charlie said...

Your comments and observations are right on target. As an individual that works for a company that provides IT services, our target has always been to the source that hold the purse strings.

Where I have seen it work real well is for the IT management to work with the vendor to provide the service to the business... together. In this scenario you still keep control of standards and guidelines, you get the ability to learn so when you're called on for support you know the system and you support the business ...that in the end, pays the bills!