IT's Consumerization Compliance Conundrum

Special thanks to Terri McClure for coming up with this one.

People in your company are using IT services well outside of IT's reach: Amazon, Box, etc. More and more every day. The good news is that, by doing so, IT is being forced to justify its very existence in this regard--and making itself as nimble as these offerings.

The bad news (conundrum): what happens to all the stuff I keep in Dropbox or Amazon when I leave the company? It goes with me.

IT has no way to get it back, delete it, blow it up, etc. IT doesn't even know I have an account--or a thousand accounts. IT can't do anything. Only the threat of legal action can do anything, but we all know that has very serious limitations.

Hence the conundrum. The only way for the company, and IT specifically, to maintain any semblance of security and control over data is to inject itself (transparently, or it will never work) into the consumer workflow.

IT has to own the Box account, not the user. IT has to give the user what looks like their account (just like they give you an Exchange mailbox), but maintain control of it. Otherwise, bye bye data. Bye, bye intellectual property. Bye, bye sleep.

Terrifying possibilities.

Consumerization makes things easy for the INDIVIDUAL, but creates hell on earth for the business and, specifically, for my brethren in IT.

Companies will try to mandate behavior of its employees. That will not work. The only thing that can protect a company from the potential nightmare I describe is to inject itself benignly (again, transparently) into the workflow such that it can prevent doomsday--or at least try. It will also mean that IT will be the reason the "cloud" really takes hold--kicking and screaming.

Fascinating, really. I used to worry about stuff like backing it up, but that seems a much smaller problem to me now. Now I worry about all the bad that can happen outside of IT's reach altogether. The only other answer is to go back in time and put huge access restrictions on stuff--which is totally contrary to the collaborative, distributive work models of today.

Just when you thought it was safe to go back into the data center...

Read more of Steve's blog entries at The Bigger Truth.

Topics: Cybersecurity