A friend of mine asked me today for some advice about a problem he needs to solve.
He has a mobile workforce, several thousand people strong. They all have tablets — let's assume the devices are iPads, although they don't need to be. Each tablet has its own cellular connection.
What my friend wants to do is control access to the web while the users are out of the office, in the same way that he does from desktop machines that are on-premises. For example, there's no Facebook, no dodgy malware-drenched sites.
It's not unusual to lock down access to the web on desktop machines. We've been locking down the web in corporate environments since the web was first invented.
But as soon as you give those users iPads and send them off into the big, wide world, achieving the same effect is much less obvious. More to the point, the fact that with post-PC devices this is much harder to achieve tells us something about how enterprise IT is changing.
These changes to enterprise IT are happening in an interesting way. Consumerization of IT, enterprise mobility, and an increased awareness of how IT systems work within society as a whole are all pushing this change. Post-PC ideas, around mobility allowing the user to break outside of the physical and temporal boundaries of work, coupled with increased appeal of cloud-based systems, come at the time when this change is happening, but is also causing the change to happen.
In essence, post-PC is both cause and effect.
The first thing to think about is that in the PC days, "lock everything down" was an obvious thing to do. The IT department worked from the perspective of controlling risk and cost as a primarily goal. This was done by a sort of gentle "mistrust" of the user base (which I don't mean in a pejorative sense). The IT department knew best, and they were in charge, and they made the decisions.
My Twitter friend Matt Ballantine describes it very well when he says the role of IT moving from a position of acting like a "utility company" where they provide services, top-down to the organization, to one where they act as counsel to the organization. By acting as counsel, they advise rather than provide, in much the same way a lawyer provides advice, rather than getting their hands dirty.
Coming back to the original idea about locking down access to the web when the user is mobile, the old utility company way of looking at things suggests control and that locking things down is a good idea. Users should not be trusted. However, in the new "acting as counsel" way, the IT department may look at it differently. Empowered employees working in an environment where risks are respected and managed may be beneficial to the business for all sorts of reasons.
This shift to acting as counsel goes hand in glove with the move to post-PC -- i.e. it's how the IT department needs to behave for everyone to get the most out of it.
My friend who needs to lock down web access for thousands of tablets has found that there are no good solutions to his problem. And this brings us onto the second change that we're experiencing as enterprise IT moves into the post-PC era.
Technically, there seems to be only two solutions available for this. First one is to reverse a proxy server so that devices are follow my mobile device management (MDM)-forced policy to route all traffic from the cellular network to an outward facing proxy server, into the corporate network, and then back out into the world if the proxy server policy allows it. (Ugly.) The second one is to force a VPN connection -- but VPN works poorly in mobile scenarios because it's designed around good fixed connections rather than flaky mobile ones.
I suspect a lot of you have thrown-up a little bit just reading about those solutions. They are not lovely!
(As a side note, if you have any good ways to solve this, please do chime in the comments!)
In pre-post-PC enterprise-land, difficult, non-obvious things were fun. But in post-PC enterprise-land, we're acting more as counsel, and as part of that, we're expecting to involve non-technologists within the business to find solutions and bring them to us for advice. These will often be cloud-based, software-as-a-service-style solutions.
More to the point, the solutions will generally be very lightweight, cheap, and easy. Implementing them should be a process of checking boxes and long, lazy, self-congratulatory lunches.
To be properly post-PC any solution for locking down web access should be obvious and easy. But it isn't obvious and easy, ergo it isn't something that we're supposed to be doing.
This may seem like tortuous logic, but let me see if I can make the thought process a little smoother.
The fall of the PC started with the desire for people to have better relationships with the people and things that they love. As it moves into the enterprise, post-PC is supposed to help support their work as well by improving relationships with colleagues, customers, and partners.
That involves listening to non-IT colleagues outside the IT department who identify tools that will help them, and listen to end-users who know how they want them to work.
This whole thing is very fluid, light, adaptable, and adapting. Complex and expensive, big-ticket, consultancy-led IT projects don't really fit into that model. Neither does top-down control and "mistrust" (or however you want to label it).
My friend, for his specific organizational needs, need to lock down his devices for reasons I need to keep private here -- but for rest of us, things are very much changing as enterprise IT moves into the post-PC era.
If it's not light and fluffy -- and if you feel like a technician when you implement it rather than a lawyer -- you're doing it wrong.
What do you think? Post a comment, or talk to me on Twitter: @mbrit.