"Don't ask, don't tell" is a dominant approach among IT organisations regarding users exploiting non-approved applications, Web sites and devices, a recent Gartner research report says.
The report is based on several public debates that examined IT control over user devices and software and were held at the Gartner Symposium/ITxpo 2007 event in San Francisco.
The majority of attendees favoured increased user autonomy, despite knowing all the major reasons for greater user control.
"There is a deep disconnect between the control and security dogma in the IT industry, and the beliefs of Symposium/ITxpo attendees," says the report.
"These results fly in the face of conventional wisdom and seriously upset outstanding industry dogma and doctrine as to how IT organisations should control, manage, approve, monitor and otherwise take responsibility for what users do, what applications they run and what devices they use," concluded the group of Gartner analysts who authored the report.
"These results are shocking, at least to some - but they are also a source of comfort to the majority that has refused to dogmatically lock down and otherwise subjugate the breadth of their user community to use only that which the IT organisation has certified and approved for use."
Uncontrolled use debate
The first debate was built on the question, "Do you think it's a good idea to allow consumer software, services and devices in the workplace?"
Attendees of the Gartner Symposium/ITxpo were able to vote for "control communication," "open communication" or "undecided".
Seventy percent of attendees said employees should be allowed open (not controlled) use of consumer devices, applications and services.
The second debate was built on the proposition that "IT must endorse every piece of software or device an employee will use". Only 28% of attendees agreed. Gartner believes fewer than 5% of enterprises today maintain a total lockdown on user devices.
The third debate was built around the following issue: "For much of the history of IT organisations, control has been considered high value - whether implemented through standards, repeatable procedures, restrictions or enforcing mechanisms. Many of the newest ideas in IT reject control - examples include mesh and social networks, and wikis - and the consumerisation of IT acts as another forcing function towards autonomy."
The proposition attendees were asked to vote on was "which direction will guide IT management objectives during the next decade? Continued control or increasing autonomy?" - 53% voted in favour of providing users with increasing autonomy.
Insecurity guilt
Gartner analysts concluded that IT professionals need to get over their "insecurity guilt" - not by promoting anarchy or by applying draconian controls - but by rethinking the core issue of who should assume responsibility for what and how far to go with various technical alternatives.
"From an innovation point of view, we believe no IT organisation can stay on top of innovation on the Web and that users can (and do) produce innovative ways of exploiting new and existing technologies with far greater speed, volume and effectiveness than an IT organisation.
"Over the history of our industry, most of the innovation has come from users, and this applies to every stage of the value chain, from subcomponent manufacturer to system manufacturer to IT organisation to end-user; the further down the value chain, the higher the level of creative innovation.
"Consider the spreadsheet. It was end-user innovation that applied the abstract concept to real business problems, and it was end-users who sold other end-users on the value of using the technology. It was only begrudgingly that IT organisations, a decade later, embraced it."
* This subject will be discussed at the Gartner Symposium/ITxpo Africa 2007 from 27- 29 August 2007 at Cape Town International Convention Centre.
Share
