I had a conversation with our CFO last year regarding securing the enterprise to support mobility. I said the answer is really easy. In fact, it will reduce cost.
- The only mobile device allowed will be a BlackBerry, it will be company owned and we will restrict usage.
- We will lock down all computers, e.g. disable USB devices. We will deploy device level firewalls that restrict internet access.
- We will lock down the network so only company issued PCs can run on it.
- We will restrict VPN and allow access to very specific areas.
- We will write very strict policies to cover everything else.
For some reason, the world of IT never seems to get simpler. It continues to become even more complex. Of course, my example is very draconian, but it might be the right solution for your company or industry.
Bottom-line – there is no right answer! It all depends.
- Your industry – do you have specific regulatory requirements?
- Your leadership – is there an ROI with mobility? What goals are you trying to achieve?
- Your budget – can you afford it? Mobility isn’t cheap and solutions are continuing to evolve at a very rapid pace.
When I say mobility, it immediately conjures up images for everyone. Unlike most things IT delivers, none is as personal as the devices someone uses. People have definite preferences and opinions on what’s right and wrong. I was recently on a panel of CIOs regarding this topic. In reality the CIO concern was less about securing and managing the devices, it all centered around securing and managing the information. I’ll describe for you, how Informatica is approaching this topic.
Informatica’s vision for 2012 is access to all data, on any device, at any time, from any location, securely.
First and foremost, what’s the business case? Why are we doing this? At one level, we could avoid the topic of mobility for another year, and we would be ignoring real employee needs. What I find is that people will find solutions to problems they have, even if IT doesn’t provide the infrastructure. For example, we know that 25% of our employee base use Dropbox to store and share files in the cloud. Could this be a security risk? Yes. As CIO, I could mandate that we block access from company networks and write policies restricting use. I don’t believe this is the right approach. Employees are solving a problem. It’s important for IT to embrace the situation, understand what they are trying to solve and provide a secure solution.
I believe we can make the right, rational choices so it doesn’t make IT more complex and this will be our approach. In our industry, in our company, I’m not convinced there’s a quantifiable financial return. I don’t believe we will make employees incrementally more productive. I believe the business case for us is much more about attracting and retaining talent. For example, our headquarter offices are in the heart of the Silicon Valley. It seems like every startup I visit is 75% Macs/iPhones and 25% Windows/other phones. People are given a choice and opting for alternatives. And if you were to survey Gen Y and Millennials, they would be 90+% Macs.
In our IT organization, we have principles for our team to follow, with the aim of empowering people to make decisions independently. When looking at solutions, we all follow the same principles:
1) The solution must be better for the employee.
2) The solution must be better for IT, e.g. enable scale.
Both must be present, or we don’t pursue the solution. Fundamentally, this helps ensure our ability to scale as an organization.
Will we achieve our vision? Yes, but in a modified form where caveats abound.
- Any data – we are prioritizing what audiences to address first and what data is truly needed.
- Any device – we are limiting our vision to devices that can be reasonably secured and dominate market share. We cannot afford to say that IT and Informatica can support, maintain and guarantee security for every device that exists. Secondly, when we say devices, we truly mean anything that’s not company provided, this includes personal computers. In the case of the Mac, we will likely offer it as an alternative option for specific employees with a limited support model where people must demonstrate competency first.
- Any time/location – we are a global company operating 24x7x365. Our goal is to minimize all planned/unplanned downtime. However, we also recognize that our highly mobile workforce may be in locations that aren’t secure. As a result, we will limit access to secure locations.
- Securely – this is the most challenging aspect of mobility or personal devices. How do we ensure access securely? This is always at the forefront of our mind as we build our solutions.
I will keep you updated as we progress on our journey and hopefully provide guidance from our key learnings.