Learning to accept user downloads
If users are driving the adoption of Internet applications -- making tools such as Adobe Reader, Mozilla Firefox, Apple Safari, iTunes, Flash, instant messaging, and so on de facto corporate standards -- what does that mean for IT?
"Certain organizations look the other way … [with] a 'don't ask, don't tell' policy," Gartner's Valdes says. "A few -- a very few -- embrace this new world."
The city of Brampton, Ontario, is one of those very few.Chris Moore, an IT consultant who was CIO of Brampton until just last month, says IT must provide users the tools they need. "Firefox, iTunes, and others are in use where there is a clear business need. Unless you are in a paramilitary environment where people follow the orders of the authorities, it's best to make allowances in the interest of productivity," he recommends. "If you don't, then you are more of a cop and less of an enabler."
Being an enabler does not mean that IT just sits idly by, however. "You don't necessarily want to open the kimono and say, 'Everybody should be downloading consumer tools,' but you do have to look at why it's happening," says Matt Brown, a principal analyst at Forrester.
In Brampton's case, if unsanctioned applications are not causing problems operationally, IT leaves them alone. "But if we encountered one that caused problems, then we would run it through the integration lab to try and resolve it," Moore says. "If it is unresolvable, then we look for a friendly functional equivalent."
Bringing in user downloads into the IT management strategy
"As an IT manager, you don't want to paralyze your users," says Erich Umar, vice president of service delivery management at the American Stock Exchange. But being able to control such applications "is hugely important," he adds. "There's a huge benefit for IT managers to be able to handle those applications."
IT also has "to bring those rogue applications into account in your troubleshooting process," Umar says. If IT stays on top of tracking and managing those assets, it is better prepared to handle problems that arise, such as when a help desk call comes in. Otherwise, "you can wind up sitting there trying to troubleshoot the wrong problem."
And security should never be compromised. "You put processes in place to very quickly determine which applications will expose the company to high levels of risk, and dispose of those. And then you can allow the programs that don't," Forrester's Brown says.
One possible approach to securing the business environment while allowing user-downloaded apps is to tap into virtualization. "I'd look toward using virtualization on the desktop to 'sandbox' consumer IT," says Michael Cote, an analyst at RedMonk. "The IT department can spend less time on each app but hopefully benefit from the faster innovation that consumer apps usually have."
All of this, quite naturally, sparks the question of exactly what IT's role ought to be in making users aware of the tools at their disposal. "IT should be put in a position to educate the organization about what's new and what's available to users," Brown says. That is essentially what the most technologically savvy companies are already doing.