IT heresy: Invite those unsanctioned applications in!

Users try to download software all the time, creating a tug-of-war with IT. It may be time to rethink the whole concept

It's a classic case of mine vs. yours: Users are downloading a crop of new and often unsanctioned programs onto their PCs, bypassing IT's careful management discipline. Although user-downloaded apps are nothing new, they're now streaming onto business PCs at a fever pitch -- bolstered by the automatic updating common to many apps and by the trend of apps self-installing when needed by a browser. These have joined the familiar parade of personal apps users just can't seem to live without at work, such as instant messaging and even iTunes.

IT has struggled to deal with user-installed apps for years, but the new, constant flood of these programs may simply be too much to handle. Perhaps IT has to admit defeat and abandon efforts to control what users install on their PCs -- accepting the IT heresy that users' PCs are in fact their PCs, not IT's machines.

[Read more IT heresy in "Let users manage their own PCs," "Dialing down software support costs," and "Why 'no Macs' is no longer a defensible IT strategy" ]

IT's overwhelming user-download challenge
Consider what IT is up against. When Mozilla released Firefox 3.0 earlier this summer, it simultaneously set out to land in the Guinness Book of World Records for the most software downloads in a single day. And it accomplished that record download goal.

It's not just Firefox, either. In a survey of 2,000 U.S. online adults that use a PC at work, Forrester Research found that 29 percent of them download software onto work machines that is not given to them by the IT department. The top application downloads: instant messaging, Web browsers, desktop search, and productivity/time management applications.

Apple iTunes, various media players such as RealPlayer and Adobe Flash, and virtual reality environment Second Life are rampant on corporate PCs. Take Flash, a player that Web pages download for users automatically when Flash content is on a page. Thanks to that automatic downloading, Adobe has found that new versions get widely adopted, even behind corporate firewalls, in a matter of months.

More and more companies are approving Firefox and instant messaging, says Fred Broussard, an IDC research director for enterprise systems infrastructure software. But he notes that few are standardizing on other lifestyle apps, iTunes specifically. Still, "there's always going to be somebody who finds a business use for these apps."

Research firm Gartner is seeing the same trend, particularly for Web applications. "Internet client software, such as iTunes, Twhirl, Second Life, and others seem to be adopted by individuals rather than organizations," says Ray Valdes, a research director.

Learning to accept user downloads
If users are driving the adoption of Internet applications -- making tools such as Adobe Reader, Mozilla Firefox, Apple Safari, iTunes, Flash, instant messaging, and so on de facto corporate standards -- what does that mean for IT?

"Certain organizations look the other way … [with] a 'don't ask, don't tell' policy," Gartner's Valdes says. "A few -- a very few -- embrace this new world."

The city of Brampton, Ontario, is one of those very few.Chris Moore, an IT consultant who was CIO of Brampton until just last month, says IT must provide users the tools they need. "Firefox, iTunes, and others are in use where there is a clear business need. Unless you are in a paramilitary environment where people follow the orders of the authorities, it's best to make allowances in the interest of productivity," he recommends. "If you don't, then you are more of a cop and less of an enabler."

Being an enabler does not mean that IT just sits idly by, however. "You don't necessarily want to open the kimono and say, 'Everybody should be downloading consumer tools,' but you do have to look at why it's happening," says Matt Brown, a principal analyst at Forrester.

In Brampton's case, if unsanctioned applications are not causing problems operationally, IT leaves them alone. "But if we encountered one that caused problems, then we would run it through the integration lab to try and resolve it," Moore says. "If it is unresolvable, then we look for a friendly functional equivalent."

Bringing in user downloads into the IT management strategy
"As an IT manager, you don't want to paralyze your users," says Erich Umar, vice president of service delivery management at the American Stock Exchange. But being able to control such applications "is hugely important," he adds. "There's a huge benefit for IT managers to be able to handle those applications."

IT also has "to bring those rogue applications into account in your troubleshooting process," Umar says. If IT stays on top of tracking and managing those assets, it is better prepared to handle problems that arise, such as when a help desk call comes in. Otherwise, "you can wind up sitting there trying to troubleshoot the wrong problem."

And security should never be compromised. "You put processes in place to very quickly determine which applications will expose the company to high levels of risk, and dispose of those. And then you can allow the programs that don't," Forrester's Brown says.

One possible approach to securing the business environment while allowing user-downloaded apps is to tap into virtualization. "I'd look toward using virtualization on the desktop to 'sandbox' consumer IT," says Michael Cote, an analyst at RedMonk. "The IT department can spend less time on each app but hopefully benefit from the faster innovation that consumer apps usually have."

All of this, quite naturally, sparks the question of exactly what IT's role ought to be in making users aware of the tools at their disposal. "IT should be put in a position to educate the organization about what's new and what's available to users," Brown says. That is essentially what the most technologically savvy companies are already doing.

Copyright © 2008 IDG Communications, Inc.