[franharris89]

I think this is the right place for this discussion (rant?) and questions. I think this is perticularly relivant to Apple phones and tablets, since they are the most popular in the consumer world.

I read this article recently about how this CEO had fallen head over heels for his iPad, the marketing team has set up shop on every social media site known to man, the sales group has secretly purchased its own software-as-a-service subscriptions and the VP of operations decided to run its supply chain on the cloud.

He called this Rogue IT. I don’t know if that is the right name for it, but I think something really big is happening in IT, with little and big companies of all types.

The whole world, it seems, is going rogue ;-)

We have been using PC’s for decades, and the tablets, laptops and smartphones are really just portable computers running different types of operating systems and programs/apps. Companies have been using computers in a controlled and stable environment, but effectively these systems use the same operating systems and programs/apps.

So this is kind of the question I have concerning this and our computers, tablets, smartphones:

Companies are made up of people, infrastructure and products/services – the IT departments are there to provide the infrastructure that best fits the company and the people working there – so shouldn’t BYOD, consumerization of IT and the rise of the cloud be something that IT departments embrace?

I can understand that IT have real and very legitimate security fears about BYOD, the cloud and program/app control – but doesn’t the basic business reality of competition dictate that they must allow the employees to choose what they need to best perform their work?

The example I can give is that at our hospital, the IT department issued their BYOD policy which stated that nobody could text or email any hospital or patient info from their own devices. This was actually something started back a few years ago. The thing is that the doctors were texting patient info all the time, to other doctors and admin. Eventually, one of the doctors found out about some of the HIPAA fines for text messaging, and did his own research an got an app that allows for HIPAA compliant text messaging (Tigertext) . He got all the doctors and admin to start using it. The funny thing is that the IT department was the last to find out. At that point, they had no choice to accept it, and make it part of their BYOD policy.

So, I just wanted to through this out there to see what you think about this Rogue IT movement. Is this the future of IT, where the employees determine the business tools, and IT makes it official and secure?

Or, should IT crack down on any kind of IT decisions that are not made and controlled by them?

I want to go to IT and work with them on some other apps and further developing the BYOD policy, but I wanted to get any thoughts or input on this subject before I do.

Does anyone have any good experience on this that they can share?

[besson3c]

There is a real danger with cloud services, a danger that many seem blind to.

I'm not anti-cloud, I actually write web apps myself, but the problem is that the horse has basically left the barn in terms of people being security minded. I have no doubt that people store all sorts of sensitive information in their GMail accounts, and in web apps controlled by some third party company. There are legal ramifications for doing this and having information stolen somehow.

HIPPA, as I understand it, is designed to offer legal protections to medical companies by providing a set of regulations similar to the PCI regulations for credit card transactions. What about all sorts of other information that is unregulated? What about companies that store social security numbers? The problem here isn't necessarily solved with just creating new regulations, it's with creating a more security minded mentality so that people don't put themselves or their customer's data in harm's way, but this is tough.

When it comes to cloud apps there is also a data ownership issue too. Many people don't think of a plan B for exporting data out of these apps in case they want to switch to something else, or the rates go up. Sometimes these sorts of decisions can be one-way tickets to those who aren't savvy enough to be thoughtful about this sort of thing.

Finally, people are gullible into thinking that services like GMail are actually "free". Most people justify this by saying that their email has no particular value, but these sorts of attitudes challenge companies to test their boundaries and push their limits. Facebook is a great example of a company that has been pushing its limits with its privacy policies. The problem is, most people seem apathetic to this sort of stuff, so where these lines are drawn slowly shift without customers seeming to notice.

Again, I'm not anti-cloud apps, but I just think that these issues may be overlooked by the new and shiny prospects of this new technology.

[mduell]

IT isn't a utility like electric/HVAC, it's a support organization like legal. They make recommendations and they can facilitate actions within their domain. Ignore their recommendations at your own risk/peril.

[Wiskedjak]

Originally Posted by mduell 

IT isn't a utility like electric/HVAC, it's a support organization like legal. They make recommendations and they can facilitate actions within their domain. Ignore their recommendations at your own risk/peril.

Completely agree. IT departments are contributing to this problem, however, by being too slow to implement new technologies and by, far too often, trying to play super-cop (site filtering, draconian software rules, etc).

But, they've had the blinders on for too long, and being slow to respond anyways, they didn't realize until too late how easily it had become to circumvent their control.

[mduell]

Originally Posted by Wiskedjak 

Completely agree. IT departments are contributing to this problem, however, by being too slow to implement new technologies and by, far too often, trying to play super-cop (site filtering, draconian software rules, etc).
But, they've had the blinders on for too long, and being slow to respond anyways, they didn't realize until too late how easily it had become to circumvent their control.

If you absolve IT of responsibility for keeping the network and systems and up and running, I bet most will be happy to not play super-cop.

There's a tradeoff between security and ease of use - the more you can trust devices on the network, the less you have to harden the firewall on every machine. If you're going to have rogue devices running rogue apps on the internal network, the critical stuff needs a lot more hardening than if you have approved devices running approved apps.

[besson3c]

Originally Posted by Wiskedjak 

Completely agree. IT departments are contributing to this problem, however, by being too slow to implement new technologies and by, far too often, trying to play super-cop (site filtering, draconian software rules, etc).
But, they've had the blinders on for too long, and being slow to respond anyways, they didn't realize until too late how easily it had become to circumvent their control.

IT departments are lazy, it is in their best interest to be so, and this isn't a bad thing if they are smart about it. Adding new layers of tech they have to maintain just for fun doesn't make any sense. They are no doubt being asked to or pressured to do such things from above, or else these measures are being taken in response to a problem that has created more work for them in the past.

IT resources are a finite resource, some discussion needs to occur about the responsibilities of employees and their practices rather than just making the IT guys the bad guys when things break, and the villans when some freedoms are being trampled on. It is no wonder that being an IT guy in a company like this is shitty, people are only happy when there isn't some sort of emergency that is apparent.

The utilization of cloud services goes beyond just feelings about local IT though, there are many layers to this sort of analysis, some of which I have stated earlier in this thread.

[Waragainstsleep]

IT departments get enough grief trying to keep equipment and software up to date, let alone to do proper research & testing on new devices and platform. Its amazing how many execs take a "the current IT system seems to work so why bother spending money on new stuff?" attitude.