I work mostly from a home office, and I've often wondered about applications on my work laptop. In particular, I've wondered if it's cool with the company that I install some of my own favorite software, from music players to picture editors.
Is my IT department OK with those additions, I've often thought? What's the policy? On the other hand, I don't want to know. Our overworked IT staff shouldn't be bothered with such drivel, I reason. I bug them enough about my VPN not working.
The subject was on my mind when I read an excellent piece by Andreas M. Antonopoulos at Network World, "Can you keep users from importing their own applications?"
Antonopoulos takes a mature view of the issue, which he calls Shadow IT. Just saying no to employees doesn't work, he writes. He argues that "outright bans only serve to further ossify corporate IT by removing competition and allowing mediocre applications to survive. But clearly you don't want a free -for-all."
Sometimes it's frustrating working from a home office with no IT support in the building (except me). Wireless networks that go out. Laptops that take forever to boot up and you don't know why. Printers that won't print, etc. etc. And if you've ever tried to use cumbersome, slow, corporate-approved applications and felt like tearing your hair out, this Network World column provides some comfort:
In most companies, users will quite comfortably sidestep any IT system that isn't working for them and find their own. Worse, users will seek out externally hosted offerings that they use as consumers and adapt them to business use. What about all the security controls you carefully deployed to protect the business? There's a good chance that users see security controls as bugs and seek external solutions precisely because they are unencumbered by security.
Enterprise users will inevitably make comparisons between the applications that IT serves up and the stuff they use as consumers. Nowadays, for every enterprise application provided by corporate IT there seem to be a dozen Web-based alternatives that are cooler, better designed and can be mashed-up, shared and extended.
Part of the reason for all the hype behind enterprise Web 2.0 is that run-of-the-mill enterprise applications look so bad by comparison! Sure, they have better controls, audit capabilities, backup, security, reporting and workflow. But for most employees these are not "features," they are encumbrances. How do you make sure your employees use approved applications and don't go shopping for their own application infrastructure?
Antonopoulos ends his piece with a well-reasoned point that all IT departments should listen to.
IT should be open to examining external applications. Perhaps you can securely integrate and enable that new application. If you let employees ask for new applications and soberly evaluate them in comparison to internally developed applications, you create the opportunity for innovation and security. The alternative is the head-in-sand approach: mandate, prohibit, control, penalize and be sidestepped by users who see corporate IT and security as dinosaurs impeding the flow of business.
Comment and Contribute
