The rise of consumerisation and bring your own device (BYOD) is sometimes seen as— and not just because it means they lose the small amount of leverage they had over users ("Be nice when you call up the helpdesk or you'll be stuck with that antique laptop for another decade").
BYOD takes away the IT department's role as sole arbiter of desktop technology, and makes the job of keeping hold of enterprise data a little more difficult.
Instead of dealing with known, secured devices, IT suddenly has to create a new security model that is permeable enough to allow access to enterprise systems by, but smart enough to keep out hackers.
But all of this presupposes a narrow view of the IT department and CIO as merely gatekeepers. And it seems that many CIOs see BYOD as an opportunity rather than a threat to their kingdom.
When asked "Is the rise of BYOD a good thing for the status of the IT department and the CIO?" the TechRepublic CIO Jury of IT decision makers responded 'yes' by a margin of 10 to two, suggesting that CIOs are willing to embrace the benefits that consumerisation can bring for their organisation and the IT department.
Alan Bawden, commercial director at The JM Group, said: "Anything that improves the perception of the IT department as a service that benefits the organisation can only be a good thing. It's an excellent PR opportunity for the CIO and IT as a whole."
Kevin Leypoldt, IS director at Structural Integrity Associates, said it is important that IT be recast as an enabler. "It really does make a difference working with an employee trying to make them more efficient and mobile, instead of treating the employee as a threat and building walls or adding levels of security. It is not always easy, there are times that 'no' is the answer and the end user does not get what they want, but for the most part, yes, it is a good thing.
"It starts with trusting the end user, building policy that protects both the end user's freedoms and the organisation's data and systems, and moves IT to enabling both the employee and building systems that balance access with security."
"It starts with trusting the end user, building policy that protects both the end user's freedoms and the organisation's data and systems" — Kevin Leypoldt
Similarly, Matthew Metcalfe, director of information systems at Northwest Exterminating, said consumer devices in the office is a way of bringing IT and business together: "My group helps support the employees more on a personal level with BYOD devices. It certainly helps open channels of communication. That's useful when it comes time to address the issues BYOD brings to the enterprise."
For Tom Galbraith, director of IT at the US District Court, Southern District of Illinois, BYOD can be a good or bad thing — depending on how CIO promotes the role of IT.
Galbraith argues that more and more systems and services falling outside of the strict control of the IT department has prompted a belief that the future IT department will be more like brokers of technology than keepers, developers or controllers. "Essentially, it is about truly understanding the smorgasbord of technology offerings in the marketplace and, more importantly, how those can effectively promote an organisation's strategy and performance. BYOD is simply one such technology course from the expanding buffet."
Broker of choice
IT must promote itself as the broker of choice for helping that employee get the most from the devices they bring into work, he said. "The functionality underlying all the hype of consumerised devices typically falls short without the help of IT, and if IT can market that message — and deliver on the promise — then the consumers/employees will have an organic desire to come to IT, and we can retain and further the overall value proposition we provide to the organisation."
As well as the feel-good factor, BYOD can also open up possibilities that the IT department alone couldn't explore, according to Kevin Quealy, director of information services and facilities at the Southern Baptist Conservatives of Virginia: "It can be hard for our department to recommend new equipment when we haven't been able to really test and know if it will actually help the employee. BYOD allows the employee to take the risk, determine what works for them, and then share that with others. We can still control the data such as email... we just allow employees to access it with various tools of their own."
While many CIOs highlighted the potential upside of BYOD for the IT department, others warned that there are other impacts.
Brian Wells, associate VP of health technology and academic computing at Penn Medicine, said that BYOD is a good thing from a reputation perspective. However, "it does create extra cost for the IT department but may save the enterprise money overall via cost avoidance from purchasing more mobile devices".
And Kelly Bodway, VP of IT at Universal Lighting Technologies, cautioned that BYOD doesn't always cut costs. "The issue is really the protection of corporate data and the integrity of that information. BYOD also requires special tools to allow for the integration of employee devices that in many cases negates the perceived cost savings. So in the end the cost to the enterprise is really no different, but the employee perceived benefit is substantial."
Security was an issue raised by a number of tech chiefs. Rob Neil, head of business change and technology at Ashford Borough Council, said "It's a chance to show that IT and the CIO are concerned with helping users do their work instead of being viewed as putting barriers in the way of progress, whilst muttering 'security...' through gritted teeth."
And David Thomson, head of IT at Rice & Dore, said: "I think it's a good thing but I do not think that it frees the IT department to do other work. There will still be calls about how does this or that work and there will be an overhead in maintaining appropriate security solutions and monitoring compliance to policies."
David Wilson, IT manager at VectorCSP, said the big issue for BYOD is one of time management. "If all of our devices are the same, and I have control over their use, I can support them with a minimum of time and effort. The simple act of setting up email connectivity on unfamiliar devices eats up resources."
He added: "On the other hand, you can't release control absolutely to the users because the more powerful these devices become, the more accessibility they have to proprietary information. It's still a moving target."
Gavin Whatrup, group IT director at marketing services company Creston, said that as long as security is maintained, BYOD can be good for IT and the broader organisation: "The priority has to be the CIA — confidentiality, integrity and availability — of your data and systems. After that, equal doses of information, education, and careful management could produce a win-win for the organisation, and a gold star for IT."
This week's CIO Jury is:
Richard Storey, head of IT, Guy's and St Thomas' NHS Foundation Trust
Kevin Quealy, director of information services and facilities, Southern Baptist Conservatives of Virginia
Mike Roberts, IT director, The London Clinic
Kelly Bodway, VP of IT, Universal Lighting Technologies
Reji Mathew, IT director, Yankees Entertainment and Sports Network
Rob Neil, head of business change and technology, Ashford Borough Council
Brian Wells, associate VP, health technology and academic computing, Penn Medicine
David Thomson, head of IT, Rice & Dore
Matthew Metcalfe, director of information systems, Northwest Exterminating
David Wilson, IT manager, VectorCSP
Matthew Oakeley, CIO, Schroders
Kevin Leypoldt, IS director, Structural Integrity Associates
Want to be part of TechRepublic’s CIO Jury and have your say on the hot issues for IT decision-makers? If you are a CIO, CTO, IT director or equivalent at a large or small company, working in the private sector or in government, and you want to join TechRepublic’s CIO Jury pool, or you know an IT chief who should, then get in contact.
Either click the Contact link below or email me, steve dot ranger at techrepublic dot com, and send your name, title, company, location, and email address.