In other words, when it comes to bottom-line priorities, IT is misaligned. This isn't to say that risk doesn't matter. It's to say that IT needs to recognize that risk management isn't the top corporate priority and stop acting as if achieving perfect prevention supersedes all other matters.
For example: In front of nearly every employee is more computing power than existed in the world at the end of WWII. Here's what most IT security professionals consider best practice to be: Use it to access a server in the data center that emulates the computing power sitting in front of the user.
Why is that? The short version: It's less risky because we can control what happens in the data center.
If an end-user identifies an application that can help streamline operations (cost reduction) or take care of customers better so they'll buy more from the company (revenue enhancement)? The operative phrase is "deny by default." It means, as if it weren't blindingly obvious, that allowing end-users to install anything that runs on the powerful computing device that sits in front of them is just too risky because of all the bad things that can happen.
It's a persuasive argument, because after all, if you stop all bad things from happening, don't you get what's left? The good things, that is?
It's an argument that holds up to at least 1.372 seconds of close scrutiny, after which it falls completely apart. Because it rests on a faulty assumption: That good things can happen without taking risks to make them happen. And they can't.
IT's iPad shakeout
Which brings us to the iPad, and even more, Apple's App Store. Instead of talking about whether end-users should be allowed to install whatever they think will be useful on their PCs, let's talk about whether they should be able to install whatever they think will be useful on their iPads. With the exception of a small handful of technologically sophisticated wise guys, we're now talking about employees finding useful-sounding applications in the App Store and clicking on them so they automagically install.
The reason for deny-by-default is that some PC applications are dangerous. Without intending to, employees might accidentally install what looks like a perfectly innocuous piece of software but in reality is serious malware.
Say what you want about the opaque decision process for what can and can't be sold in the App Store. The bottom line is that Apple actually screens each application before it can be sold through the store. That being the case, does deny-by-default still make sense?
Not at all. Yes, Apple's determination to limit its customers to what it sells in its App Store is a level of paternalistic control many of us find dislikable. From an IT risk management perspective, though, it's more than good enough to stand deny-by-default on its head: Compared to the average cost of an app (10 bucks) and the risk that it's actually something nefarious (negligible), the opportunity represented by employees taking the initiative to find innovative ways to improve how things get done is, in the aggregate, immense.
When deny-by-default is the policy, the response to any request that leads to someone outside of IT using technology to innovate is, "Here's why you can't." In the new IT, the response has to be, "Here's how you can."
In the case of tablets, there's no reason the future can't be right now.
- Run IT as a business -- why that's a train wreck waiting to happen
- Stewardship, not ownership: It's time for IT to give up on control
- IT turf wars: The most common feuds in tech
- A-Teams of IT: How to build your crack strike force
- Dirty IT jobs: Partners in slime
- Jackass IT: Stunts, idiocy, and hero hacks
- Stupid user tricks 5: IT's weakest link
- True IT confessions
- IT personality types: 8 profiles in geekdom
This story, "How the App Store reshapes IT's priorities," was originally published at InfoWorld.com. Read more of Bob Lewis's Advice Line blog on InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.