For the average worker, it might seem like a dream come true. However, I suspect that some information technology folks consider it a nightmare. What’s the issue? The advent of the consumerization of IT; something Scott Finnie calls “CoIT.” Dion Hinchcliffe describes the elements of CoIT in the following way:
1) businesses taking more local control for IT, 2) workers using their own preferred computing devices and apps, and … 3) manageable processes for rapid uptake of enterprise apps, mashups, and devices matched with IT support processes that scale to match.
While this may not seem an ideal scenario for the traditional IT department, it most likely is within the limits of what can be tolerated. However, what happens when the business gets “carried away” and starts driving IT initiatives? Here’s Dion Hinchcliffe’s explanation:
The overall trend towards ad hoc adoption of personal and cloud technology at work seems to be inexorable. More and more IT is moving out from under the CIOs budget, just over 30% by some estimates. Perhaps most disruptive of all, however, is the sudden appearance of extremely stiff competition for IT services. While the move to self-service IT in general has been a steady trend for a decade — and which is starting to be called CoIT — it’s the outright diversion of business budgets directly to external IT providers, whether they are the newer SaaS vendors and app developers or the more traditional IT consulting firms and VARs. In short, the business likes the selection and service it’s getting elsewhere, and routing around IT in many cases. [emphasis added]
Suddenly, we have a situation in which the IT department no longer is in complete control and may well have trouble imposing a locked down computing environment. Now, if you’re working in the financial or legal services industries, consider what happens when you couple the move to CoIT and external IT providers with growing incursions by hackers. According to a recent report in Bloomberg News, there’s been disturbing hacker activity directed towards law firms lately:
Over a few months beginning in September 2010, the hackers rifled one secure computer network after the next, eventually hitting seven different law firms as well as Canada’s Finance Ministry and theTreasury Board, according to Daniel Tobok, president of Toronto-based Digital Wyzdom. His cyber security company was hired by the law firms to assist in the probe.
[…]
`As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry,’ said Mary Galligan, head of the cyber division in the New York City office of the U.S. Federal Bureau of Investigation.
Galligan’s unit convened a meeting with the top 200 law firms in New York City last November to deal with the rising number of law firm intrusions. Over snacks in a large meeting room, the FBI issued a warning to the lawyers: Hackers see attorneys as a back door to the valuable data of their corporate clients.
To be honest, I don’t envy law firm IT directors. They are faced with the difficult task of imposing stringent security measures even as they watch their internal clients scurry out the door, exercising their right to choose their own IT tools and chasing self-service IT as a means to get out from under the control of their organization’s IT department. While security concerns have often trumped other considerations in the past, it will be interesting to see if the newly emboldened IT consumers will insist on using their preferred devices and self-service IT despite heightened security concerns.
It’s a nightmare scenario, coming to an IT department near you — soon.
[Photo Credit: Terry Freedman]
Above and Beyond KM 
The recent Bloomberg story cited is a good reminder on how law firm IT departments need to be very focussed on security. And this post does a good job illustrating how CoIT interacts with heightened security concerns and gives law firm IT departments one more thing to worry about. It is important to note though that, from what has been published on firm hacking attempts, attacks have been directly on firm IT infrastructure. Not to say an outside IT provider isn’t also hackable, or that firm IT departments shouldn’t inquire into security at outside IT providers. But the Bloomberg story is about firms getting successfully hacked. Outside IT providers can have very good security. So while CoIT may mean additional screening work for firm IT departments, it does not need to mean less secure firm data, depending on the outside IT provider.
Nice post, Mary. I don’t envy the IT department either. But I would like to help them change the threat of consumerization to the coordination of IT. Just like Comms, HR and Marketing, these department will have to move away for control and centralization to facilitation and coordination. So, it’s from CoIT to CoIT! (BTW: Dion describes this shift as well. I got the concept of ‘Coordination of IT’ from him.)
Thanks, Samuel. It will be interesting to see which IT departments embrace and exploit this coordination role. It will require new competencies and, most likely, a new approach. Unfortunately, change is tough.
– Mary