Page 1

Effect of Consumer IT on Institutional IT IT 486—Critical Issues in Info Tech Spring 2011 Central Washington University Prepared by: AzitaB & TharyK Prepared for: Terrence Linkletter Date: June 7, 2011

Page 1 of 9

Effect of Consumer IT on Institutional IT by AzitaB and TharyK Consumer IT is here; it is here not only to stay, but also to proliferate. Consumer IT is growing and changing faster than corporate IT. For example, you get an iPhone 3G today; you see an advertisement of a new iPhone 4G out on the market next week. The effect of the consumer IT greatly affects the corporate IT strategic plan and the business operations as a whole. Companies, institutions, and governments need to address the unexpected influx of these foreign devices whether they want it or not. One of the significant drivers in consumer IT is mobility. Mobility is everywhere—on campus, at home, in government agencies, and in public places. The significant drops in prices in smartphones, mobile devices, and laptops urge people to purchase them sometimes without even thinking of what the needs are of all the features these devices provide. These devices are essential not only to their personal lives, but also to their business, recreation, and education. When people own these devices, they bring them to their workplace, school, and offices. Employees have been bringing personal devices to work and using those for years. They are bringing their personal devices to work because their own machines are so much more capable and faster than their work devices. A significant drop in prices of electronic devices such as smart phones, laptops, and computers encourages individuals to purchase these devices and bringing these to workplace with or without corporate approval. Employees bring mobiles devices and connect them to the corporate network. Employees use their personal devices for both personal and business. On the other hand, both personal life and professional business mix. The mix of personal and business raises some Page 2 of 9

concerns. One of the concerns is personal devices will have business data on them. Another concern is data security. Employees are carrying corporate data on their personal devices without any protection. Corporate data is considered as intellectual property and employees are carrying and using it for personal purposes. Vulnerability of information on personal devices has increased high security risks. The other concern is influences. If an employee has Windows 7 on personal devices, other employees might like to have it too. If they cannot purchase it by their own money, they would expect corporate to purchase it for them. If the corporate will not do that, unhappy employees complain and troubles start. Integration is another concern that causes the mixing of personal and business--meaning if an employee brings windows 7 to work, IT department will support these devices even if corporate standard operating system is Windows XP. This would cost money for IT department to train IT technicians and provide resources for them to support the nonstandard operating system. Another concern that causes the mixing of personal and professional to bring up is disruption. Social media and online virtual communities cause disruption for employees at the workplace. Affordable access to technology enables employees to access applications like Facebook, Twitter, and Linked-In, and it affects corporate business process. Employees access their social media during the work hours, and since they use their personal devices, corporate is not able to control their access to social media or personal emails. For small companies, bringing personal devices to work is considered as an advantage for the companies, because it saves money for them; however, for big companies supporting Page 3 of 9

personal devices and securing data on them is a major concern. Expectation of employees from IT department is also high. IT department has to support unknown hardware and software. As a result, IT will not have standardized requirements for devices because employees bring different personal devices and need support for these devices. The consumerization of IT remains one of the most major forces affecting organizations and companies. Some companies already accepted the fact that the consumerization of IT has already occurred. Some companies use consumerization of IT as an advantage for their business by encouraging employees to bring their personal devices such as Smartphones or even their computers into the workplace. Bringing employeeâ€&#x;s personal devices into the workplace saves money for companies and makes employees happy. However, the role of IT has changed. This is not necessarily good or bad thing; this is just the way the business is. There are advantages and risks because of the changing role of IT. Some of the advantages are mobility, saving money, happy employees, and accessibility to information whenever is needed. Some of the risks are issues such as control, security, mixing personal and professional life, carrying intellectual property on personal devices, etc... On the other side of the growing consumer IT, some companies see the benefits of the mobile technology and try to take advantage of it since more and more enterprise employees are willing to buy their own laptops or use their own mobile devices rather than the one corporate IT provides. For this reason, companies approach a new option by introducing a “Bring Your Own PC (BYOPC)â€? program. Although the BYOPC will change the role of IT, it provides companies with many advantages such as cost reduction in spending for corporate computer upgrades, less IT support Page 4 of 9

required because of employees‟ own support plan with their service providers, increasing workflow and productivity because employees‟ familiarity with own personal devices, and more user empowerment or increased sense of ownership. Risks to data security in mobile devices are obvious. However, companies, businesses, and governments, with careful planning, prudent strategy, expert advices, and good protection system, may benefit by embracing the consumer IT instead of banning it. For example, Microsoft Corporation is one of the biggest companies that adopt consumerization of IT as “Microsoft is no longer trying to reinvent the wheel—at least when the wheel is big and has some serious momentum.” (Mary Jo Foley, Redmond Magazine, May 2011) Microsoft jumps on the consumerization of IT bandwagon based on three primary concepts—influence, integration, and immersion. Microsoft uses a Microsoft System Center Configuration Manager 2012 to provide necessary services for the mobile devices to connect to its corporate network. Furthermore, companies may also benefit from the consumerization of IT when they provide cloud-computing services to the consumer mobile devices. Allowing employees to connect their personal mobile devices to connect to the company‟s cloud services not only make the employees happy and productive, but also benefit the company because the employees will be using their personal mobile devices for the company‟s business. Nonetheless, the consumerization of IT has both negative and positive effects on institutional IT. These effects are summarized as follows: Negative Effects: 

Mixing personal life with professional life

Page 5 of 9

Carrying intellectual property on mobile devices and using the devices for personal purposes

Incompatibility of personal devices at work environment and integrating them to function properly

Vulnerability of information on personal devices which creates security risk

Lack of face to face communication could cause developmental problems in children and adults with regard to social interactions

Data security

Users purchase their own devices and then expect companies to use these devices for both personal and work-related purposes

Expectation to get support from IT staff for unknown devices and unknown issues

Lack of knowledge of IT staff to support different devices would lead in a lack of control over the device's settings as well as security issues

Employees do not always update their devices or keep them secure from viruses

Data redundancy (Example: losing an important business document that stored on personal phone)

Losing intellectual property

Privacy issue for employees who use personal devices at work

Data transmitted through VPN is considered as company‟s property

Software licensing issue

Increasing cost of support (due to varying products)

Lack of control to protect network

Compatibility issues Page 6 of 9

Viruses and spyware

Technological strategies should be match with the company's overall operational procedures

Security data issue

Lack of knowledge for supporting unknown device

Possible creation of a dual network

Lack of proper maintenance

Positive Effects: 

Cost reduction for companies

Increase workflow and productivity

Use remote client software to connect to the corporate network

Implementing more security through encryption

Personal devices are fast and modern

Less IT support required when using thin clients

Employee familiarity with personal device

User empowerment/increased sense of ownership

Train employees to be aware of security data issue when using personal devices and also train them how to protect data

Organizations need to modernize their IT environment in order to protect and control security data

Enforce acceptable use policies and support users in using the devices in any way they want.

Page 7 of 9

Organizations should provide fast and good equipment, so employees are able to do their jobs without having to use their personal devoices which are faster

Virtualization can let employees run corporate applications on a virtual partition

Safeguarding company information starts with physical security and protecting the company‟s network against external threat

Implement standards/criteria for devices that could be supported in the business

Improving organizations marketing strategies and flexible work arrangement enables employees to do their job virtually from any place

Provide cloud-based storage and application for employees while ensuring the company can maintain some level of security and ownership over its data

Virtualization and with this virtualization comes more remote access/VPN utilization

Written guidance, rules, and requirement an employees must follow

Security configuration management tools to set and enforce asset usage policies

Training for IT staff and some kind of standardization in regard to how employees connect to the organization‟s network through their individual devices

Implementing device encryption, transmission encryption, and single-factor authentication to enforcing a security policy will put limitations on who can access what

Organization can benefit to not buying devices for employees when they use personal devices

Hiring developers to create application to manage devices

Mobilizing employees is more productive

Addressing support costs, recommend families of products for support.

Page 8 of 9

Sources: Consumerization of IT - good, bad, or just the way things are now? By Ryan Faas. Retrieved from: The consumerization of IT: is resistance futile? By Andrew Nusca. Retrieved form May Jo Foley (May 2011, Vol. 17, No. 5). Microsoft and the „Consumerization of ITâ€&#x;. Redmond Magazine (

Page 9 of 9

Effect of Consumer IT on Institutional IT  

Critical Issues in Info Tech