[ISN] Users Who Know Too Much (And the CIOs Who Fear Them)

From: InfoSec News (alerts@private)
Date: Tue Feb 20 2007 - 22:28:48 PST


FEBRUARY 15, 2007

An April 2006 survey by the Pew Internet and American Life Project found 
that 45 percent of adults who use the Internet said it has improved 
their ability to do their jobs a lot.

These are your employees, and their message couldnt be clearer: 
Technology, at least in their eyes, has made them significantly more 
productive. But CIOs shouldnt be patting themselves on the back just 
yet. For this productivity boost the study credits the Internet, not 
enterprise IT, not the technology you provide, not, in short, you. And 
while Pews finding undoubtedly includes people who use the Internet to 
access your corporate applications, Lee Rainie, the Pew project 
director, says the research is not pointing to what a good job CIOs have 
been doing.

It tells a different tale.

The big story is that the boundary that existed in peoples lives between 
the workplace and the home has broken down, says Rainie. Almost 
unlimited storage and fast new communication tools allow people to use 
whatever information they choose, whenever they want to, from wherever 
is most convenient for them.

According to Pew, 42 percent of Internet users download programs, 37 
percent use instant messaging, 27 percent have used the Internet to 
share files, and 25 percent access the Internet through a wireless 
device. (And these numbers are all one or two years old. Rainie would 
bet the ranch that the current numbers are higher.)

Does that sound like the tools youve provided your companys employees? 
Do you encourage them to download programs and share files? Do you 
support IM? Have you outfitted a quarter of your companys employees with 
wireless devices?


A consequence of the blending of worlds is that people bring gadgets 
from their home life into the workplace and vice versa, says Rainie. For 
example, a December 2006 survey by Searchsecurity.com found that only 29 
percent of companies had a corporate instant messaging tool, a number 
that seems relatively small when compared with the percentage of people 
Pew says use IM in the office.

Users have a history of providing their own technology, but the 
capabilities of todays consumer IT products and the ease with which 
users can find them is unprecedented. Thumb drives, often given away 
free at conferences, provide gigabytes of transportable storage. Google 
spreadsheets and other online documents let multiple people collaborate 
in one file. The Motorola Q, a phone that uses the cell network as an 
always-on high-speed Internet connection (and can be yours for just $125 
on eBay) lets users forward their work e-mail to their phones without 
ever touching a mail server. And thats only three examples. Theres a 
consumer technology out there for every task imaginableand if there 
isnt, theres a tool that will let someone create it tomorrow.

The era in which IT comes only from your IT department is over.

So where does that leave you?

The Shadow IT Department

The consumer technology universe has evolved to a point where it is, in 
essence, a fully functioning, alternative IT department. Today, in 
effect, users can choose their technology provider. Your companys 
employees may turn to you first, but an employee whos given a tool by 
the corporate IT department that doesnt meets his needs will find one 
that does on the Internet or at his neighborhood Best Buy.

The emergence of this second IT departmentcall it the shadow IT 
department?is a natural product of the disconnect that has always 
existed between those who provide IT and those who use it.

And that disconnect is fundamental. Users want IT to be responsive to 
their individual needs and to make them more productive. CIOs want IT to 
be reliable, secure, scalable and compliant with an ever increasing 
number of government regulations. Consequently, when corporate IT 
designs and provides an IT system, manageability usually comes first, 
the users experience second. But the shadow IT department doesnt give a 
hoot about manageability and provides its users with ways to end-run 
corporate IT when the interests of the two groups do not coincide.

Employees are looking to enhance their efficiency, says Andr Gold, 
director of information security at Continental Airlines. People are 
saying, I need this to do my job.? But for all the reasons listed above, 
he says, corporate IT usually ends up saying no to what they want or, at 
best, promising to get to it...eventually. In the interim, users turn to 
the shadow IT department.


Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Tue Feb 20 2007 - 22:39:53 PST