IT security has an important role in enabling simplicity and efficiency

It takes hard work to create simplicity: unless IT security is allowed to move with the rapidly changing times to enable greater efficiencies, outmoded and sometimes irrelevant rules will hamstring enterprises. Relevant, informed governance is mission critical for effective collaboration...
Written by Oliver Marks, Contributor

A quick search on Dice, the IT jobs site, just brought up 8,485 open US jobs in 'IT security'. If you were to apply for one of these jobs and were hired your job description would require that you focus on enforcing governance and compliance, and protecting your employer's intellectual properties from digital burglars.

IT security is one of the foundational building blocks of corporate infrastructure along with the legal department, and are typically comprised of the most conservative people in the firm. Despite wishful thinking from those on the tech bleeding edge these folks are not going to abandon their responsibilities in order to appease fans of fashionable new technologies.

These people are in a very difficult position: their very reason for being in the company casts them as Nancy Reagan style 'Just Say No' evangelists, stamping out non compliant IT developments even when they can see the value of the technology to the firm.

Often the rules they are tasked with enforcing are hopelessly outmoded, particularly in global enterprises, but that's the job they were hired to do....

As Alistair Croll points out in an excellent piece "Cloud Computing's Unintended Consequences"

...Technology isn't static, much as IT professionals would like it to be, and we live in a world of constantly changing expectations.

Consider, for example, IT in the 1990s. Procurement and provisioning took months, and even a single server was above the threshold of an individual employee's expense report. That introduced friction--in the form of time, since it wasn't worth a month-long order for a one-week campaign, and in the form of money, since it was a hassle to deal with budgeting.

With the speed, low cost of entry and switching on, that friction is largely gone for those choosing to rent rather than own technology... ZDNet colleague Dennis Howlett isn't convinced cloud governance really matters at this stage in the proceedings, taking a rather extreme view.

Even for the most brittle on premise environments, servers pounding away in the basement and a million dollars per annum of payroll for mission critical engineers who are flight risks because they are the only ones who know how their coded 'stack of cards' functions, the rules have changed. Everyone and their brother is bringing their own connected devices to work: even if lots of 'non productive' ip addresses are blocked behind the firewall it's easy to go on a smoking or coffee break and tune in via 3G to your favorite socializing sites.

Countless files are being formally uploaded to CMS's and Sharepoint, and semi formally to sites such as yousendit, Dropbox, Box.net, to be moved around by email by various collections of collaborators. The lack of friction and ease of setup for SaaS, as Alistair Croll discusses, is rapidly resulting in application sprawl.

What everyone wants in life is simplicity, but when people work together complexity develops very quickly. Countless silos of information have now been joined by more and more noise from multiple activity streams both internally and on the public internet. The result, a I've discussed here before is 'information inflation'.

Talk isn't just cheap - it's free and increasingly ephemeral as the volume builds.

Today there is so much more of everything, whether information and data or the variety of devices we use to consume, analyse and publish it with, and I'd argue that standardizing around ways of collaborating - and making those standards crystal clear to all participants - has never been more important within the constraints of the enterprise. IT governance and security has a very important role to play in this, but all too often they are unhappy and hamstrung by having to conform to outmoded rules.

Everyone likes simplicity but it takes hard work to create it when there are lots of moving parts involved. The alternative is a patchwork quilt of applications and associated data stitched together with email threads, one of the most effective ways to be inefficient and miss important, timely information known to man.

The analysts view from on high of the theoretical efficacy and usefulness of software is all too often divorced from the reality of the people in the cubes who have to live and breath in it, and make it work in context with other applications.

Creating modern governance rules has never been more important than in this current transitional era, but far too many people are fixated on quick, free and easy fixes to their immediate business problems with no thought for how it will impact others in their organization.

Alistair Croll is absolutely right when he proposes 'Wise CIOs will gravitate toward services, become more data-driven, and factor more frequent usage spikes into their capacity planning'. The bigger question is will their culture enable this (and realize the value from doing this) and will those tasked with policing non static IT have viable rules to enforce while allowing agility and innovation to flower unimpeded?

I've spent countless hours in client meetings this year discussing this question, often with a great deal of friction from various parties, but each culture and contexts are unique. New things are possible when you remove the old guard rails and replace them with appropriate new ones, but this is much harder than many people realize and is all to frequently underestimated.

Editorial standards