Consumerization Talks with Ken Dulaney, VP Gartner Research

“This is the fashion business, not the PC business … most of our clients today say if they were to have an auditor come in and audit them across all the technologies in use, that they would fail.”

The consumerization of IT will be the single most influential technology trend of this decade, says Gartner, and companies are already well aware of it as the wrestle with the growing influence of smartphones, tablets, social media, and on and on. And while this growth does bring risks, too many companies make the mistake of trying to stop all together the influx of consumer IT. What potential benefits can the consumerization of IT yield for your organization? Why is a strategic approach an imperative for attaining those benefits? And what risks will you have to contend with? Below is an excerpt of my recent conversation with Ken Dulaney, Vice President and distinguished analyst in Gartner Research. Ken answers these questions, and more importantly, reveals the solutions and best practices  to turn consumerization into a competitive advantage.

Gartner considers the consumerization of IT to be the single most influential trend affecting the technology sector in the coming decade. Can you please help us understand why? Have we reached the tipping point yet?

Well, for many of my customers, the consumerization of IT represents the invasion of a huge number of tablets, smartphones, and other consumer technologies that have come in because of their ease of accessibility to the worker. Prices have become very, very low, often below $500 for smartphones today, and this great accessibility of the technologies, permitting users to override the standards that IT has had for many, many years and bring in whatever they want. This is the fashion business, not the PC business and many of our customers are beginning to understand that. It’s about personal work style. It’s about what they prefer to do. They grow up with these technologies and they don’t want to abandon them when they bring, come to the workplace.

What are a few examples of recent consumer technologies that are just now becoming part of corporate IT?

Some examples of the technologies from the consumer side that are invading IT are products like Facebook, like Dropbox, where people share files, Twitter, smartphones and tablets. All of these devices and applications are being embraced by the consumer especially as the younger generation grows up and begins to enter the workforce. When they come in the workforce, they expect to use all of these technologies. For example, a sales person who leaves college, comes to work, expects to probably call up all of their friends to sell to them first .And where are those friends? They’re in the social technologies they’ve been using. So this blend of social technology in the workplace is inevitable.

What do you see as the business impact of Consumerization?

Business benefits of consumerization are widespread. Who would have thought that we’d be carrying around a device that almost resembles a piece of paper that was fully electronic and had widespread access to the Internet? This accessibility of information anywhere, anytime is really tremendous. We’ve been able to use applications that are brand new, that extensively use web services that provides us all sorts of integration of information we never had before. We can get information on maps, we can find out where people are. We can get access to news instantly. We can blend all of this together. Also, one of the things it’s doing, it’s beginning to help us in redesigning and rethinking our legacy applications.

For many, many years, we’ve all been using Windows. Along comes Apple with a tablet and puts Windows in the tablet market to shame. What they’ve done there is they’ve just radically changed the way we, as humans, interface with technology which has always been a challenge. So, many things are happening. Not only the usefulness of the technology, but also the impact on how we build and interface our systems of yesteryear into the modern world of the future.

What are the risks associated with the lack of a strategic approach to Consumerization?

The problem in most of our customers today is while this consumer technology comes in, they remain with the practices of the past for managing the technology. They spend a lot of time and effort on technologies that they know, where they know they’ve achieved standards of manageability and security but then they permit all this consumer technologies to come in and these consumer technologies are nothing but smaller versions, lighter versions of what they already have. Given this imbalance between what they do on the consumer technology to protect the enterprise versus what they do and know on the traditional products, they have an incompatible situation. Most of our clients today say if they were to have an auditor come in and audit them across all the technologies in use, that they would fail.

So our customers really haven’t confronted the fact that we have moved from just a few types of technologies to a broad end-point strategy where we need to protect not only the traditional devices like laptops and desktops, but also the consumer technology, smartphones, tablets, even TVs that are going to be in our conference rooms need to be protected as end-point access devices.

When it comes to Consumerization of Enterprise Mobility, the attention goes to the two fastest growing mobile platforms: Apple iOS and Google Android. Do you think these two platforms are ready for Enterprise prime time? How would you rate in particular the security of these two platforms and their relative apps stores?

So today, the two fastest growing platforms in the enterprise are Apple in the form of iOS and Google’s Android. These products are at different levels of security for the enterprise.

Let’s talk about Apple. Apple with iOS has been around the longest and has done more for the enterprise than Google has done. Their products today can provide the capability to deliver inventory of what’s on the device to back-end management consoles. They can tag in-house applications so they can be separated out from the consumer market and they can do push notifications to the end user about what needs to be updated. But still, the user has to have iTunes on their PC and they have to be involved with the management process because Apple doesn’t permit background updating of the applications.

If we move on to Android, it’s a couple generations behind. They just introduced encryption on the device, something that Apple’s had for quite some time. They don’t have an MDM module, a mobile device management module that can do all the things that Apple iOS MDM module can do. And the way you have to look at Android security is not to look at Android by itself but to look at the intersection between Android and the OEM who delivers it many of which who will add these particular components from time to time. So, the security footprint on Android still is very fragmented at the highest levels.

What are the different solutions that IT managers  can use to manage and secure consumer mobile devices  without constraining end user choice and productivity?

So the different solutions that the IT organization can use to deliver these technologies, permit the consumer technology to be used without constraining their use, fall into a couple different buckets.

On first hand, we have a large number of third party products which are called policy managers. What they attempt to do is to put boundary conditions on these devices. So even when it’s individually owned, the enterprise can put down conditions that can’t be violated, and if they are violated, IT is notified by various administrative consoles that these products, excuse me, that these violations have occurred. Then they can take corrective action either by pushing down new profiles to the device or simply just calling the user and ask him not to do it anymore.

The other choice you can do is, you can isolate the IT environment in what’s called a container. So, all the smartphones have a sandbox architecture which means they can isolate an application in its file system. So by creating a total IT environment within one of the sandboxes, having that encrypted and isolated from the consumer side, they can be sure that the user, when they want to play Angry Birds, is outside the container and when they want to do things like email and deal with various corporate applications like Oracle or SAP, that they are in fact inside the encrypted and controlled container.

Any final recommendation for IT on how to embrace Consumeritazion?

The most important thing we communicate to our customers is that standards don’t work anymore. Standards with exceptions cannot be audited, so what we’ve advised our customers to do is to move from the process of standards that they’ve had for many, many years to a framework of choices called managed diversity.

Managed diversity is a shared responsibility model where the user and the IT personnel are going to share responsibility for managing, securing, and controlling the particular product. We can’t have a scenario any longer where the end user gets to do whatever they want and to blame IT for anything that goes wrong. So, in this set of choices, we’re going to give to the end user, they’re going to pick where they want to be. IT’s always going to say yes but the end user is going to accept the privileges and consequences of their decision. Now let me describe briefly what that is. There are three support levels.

The first one is called Platform, the second one is called Appliance, and the third one is called Concierge. This matrix has been given out to thousands of customers. We’ve gotten great feedback on it and it does present an air of calmness to an area which has created great chaos in our customer community. We fully recommend that IT embrace consumerization and not fight it. If you fight consumerization, it just goes underground and you’ll actually be in a worse situation with a lot of your digital assets sitting out on consumer technologies as consumers work very hard to get around you.

I always like to say, although I don’t have any friends in this position, that prisoners are some of the most creative people that I can think of. People in solitary confinement run mafias by passing notes under doors of cells. If you make your users prisoners, they will get real creative about working around you. So, embrace these technologies, have a budget to buy them, have a budget to get ahead of the end users. Use things like Facebook, get involved with these areas, don’t fight them.

We’re at the beginning age of mobility that is very similar to where we were with the beginning age of the Internet. You know something good is going to happen here. If you don’t get involved, the only thing that’s a certainty is that you’ll miss it.

More on Consumerization and BYOD at Trend Micro Consumerization Blog

About Cesare Garlati
Co-Founder, Hex Five Security, Inc. - Chief Technologist prpl Foundation

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: