Does governance really matter?

Does cloud governance really matter? I'm not convinced - at least not at this stage of proceedings.
Written by Dennis Howlett, Contributor

RIM's latest attempt at revitalising its business in the shape of managing security around not only its own but also Android and iPhone devices caught my eye for several reasons. From the piece by IDG:

The growing number of corporate and employee-owned mobile devices poses a challenge for enterprises that want to let employees choose their own devices, while making sure sensitive data remains secure and business applications uncorrupted...

Because of its long enterprise experience and reputation for security, RIM may be better suited than its mobile OS rivals to dive into mobile management as a business. But the company also is strongly motivated to make its customers happy, as sales of its smartphones decline and shipping dates for some products slip.

I'm not so interested in whether RIM makes a strong play, although I wish them well. Rather I wonder whether it matters. At last week's SAP UK & Ireland User Group conference, Ray Wang, CEO Constellation Research (disclosure: I am on the board of advisors), asked how many attendees carried more than one mobile device. A good number of hands went up. Maybe 25-30%. Only a few (like Ray and I) carry three or more. What he didn't ask was why?

Anecdotally, we hear that many people habitually bring their own devices and laptops into their place of work, largely to get things done when the office systems fall over. I don't see IT going balls out to stop those behaviors. I expect line of business leaders would have much to say on that topic, pushing back hard if it means people twiddling their thumbs. Or worse still, playing Farmville over 3G.

The more important point is whether it matters in the first place. Hands up all those who know about employee group behavior that is wreaking havoc inside the enterprise as a result of bringing in unauthorised iPhones? I haven't heard of such a case. I doubt we would except a long time after the event. At least not in a way that could be readily discussed in the public domain. It's too embarrassing.

It begs the question: what constitutes valuable information? I've long argued that details held in a general ledger somewhere are of almost no intrinsic value in and of themselves. The same goes for many forms of row and column data. Email is valuable, if only because so many of us have the habit of being indiscrete both in form and style.

Rather than letting corporate secrets out the bag, I suspect that email management and security is more to do with ensuring the world doesn't see how irreverent and profane the workforce can be. As if that was likely to be a shock to anyone in the first place.

If that sounds flippant and offensive to the security diehards among the readers then I would like to know the extent to which they believe security has truly been compromised by the use of people's choice of device whether sanctioned or otherwise? I mean facts, not opinions about the potential.

Before anyone castigates me on this one, consider what Tom Raftery said the other month when addressing a group of utility executives. On the question of allowing social media into the workplace, he said that 75% of companies are still against the idea, despite evidence to show that potential employees are shunning those organisations that ban use of social media.

Am I not correct in stating that the setting of guidelines at places like IBM has been enough for people to understand where the sometimes blurry boundaries lay? If that's the case then why would we actively govern a non-standard issue mobile device?

Some will make the apples and oranges argument saying my comparisons are not correct but I don't see it that way when weighed against the fundamental principles underpinning notions of governance.

Moving on, I see that Phil Wainewright is beating the 'cloud chaos' drum. Is this any more of a concern than mobile device management? Phil thinks so arguing last August that:

Very few enterprises that are adopting cloud applications and infrastructure are giving enough thought to governance. The result is a mish-mash of SaaS silos and cloud islands, with very little attention paid to data consistency and integration, and even less to policy management and oversight.

I don't see it. At least not yet. The apps that are getting the greatest traction are email - in the shape of Google Mail, CRM, often from Salesforce.com and elements of HR from a variety of SuccessFactors, Taleo and increasingly Workday.

There is plenty of evidence to suggest that GMail passes muster, even if reports from the Police Dept in LA suggest a confusing picture. Appirio among others makes a handsome living from integrating GMail into Salesforce.com landscapes. I don't hear anyone complaining. But then CRM and HR are not exactly business critical applications. They are potentially part of a suite, which is where I think Phil is attempting to go, but that's a long haul play which has years to run. Even those early Workday adopters which have not only taken HR but are moving to financials don't flag up governance as a major consideration. These are IT people and you'd expect there to be an issue here. But it doesn't register as a perceptible problem.

Even if you accept part of Phil's argument I come back to the same question: does it really matter? Phil goes further by declaring the problem is 'well and truly here.' Is it? Where? Simply because some random vendor drips the latest scare mongering words in a receptive ear doesn't make it a fact.

As Phil knows, IT history doesn't always repeat though it has a habit of echoing loudly. I'd be far more impressed if I saw a message that says we're going to have to live with (alleged) chaos while the winners emerge rather than trying to layer cake for something that has yet to be self evident among the research.

We are far from reaching that point. At least in the apps space. But then the good ship Non-Governance may have already sailed out of reach. Just as I am finishing this post I see Marc Benioff, CEO Saleforce.com is tweeting availabillty of the free Viewer for Salesforce on iPad is now generally available in the iTunes store.

Editorial standards