The music industry has undergone quite a transformation over the last 15 years. Of course, we can often apply lessons from other industries to our own.
Back in the 1990s, if I heard a song I really liked on the radio and wanted to buy it, I’d have to make a trip to the record store. After battling traffic and jockeying for a parking spot, I’d rifle through the CD selection and — if it was in stock — I’d pay $15–$20 for the privilege (even if there were just a few songs on the album that I wanted).
This was a great model — for the record labels. But for music lovers, it was inefficient and expensive. Then Napster came and changed everything.
In many ways, Napster is like the BYOD trend. Read on: I’ll tell you why and I’ll give you my top tips to avoid creating your own security nightmare.
“Users loved Napster, but deep down we all knew that the model wasn’t sustainable.” Bring your own piracy
With Napster, if people heard a song they liked on the radio, all they did was type the name into a search box; they could download it instantly, for free. And they could share it with their friends.
Users loved Napster, but deep down we all knew that the model wasn’t sustainable: Napster lacked a way for musicians and labels to monetize and protect their intellectual property.
To cut a long story short, all that changed in 2003, when Apple released the iTunes Music Store: It helped resolve the conflict between the old and new models of music consumption. But iTunes wasn’t quite as convenient as Napster. Downloaded songs were protected from sharing by digital rights management (DRM) and they cost 99 cents each.
However, iTunes did allow users to buy music from the comfort of their own home, while letting the music industry monetize and protect their songs. Apple was able to satisfy both parties.
Standardization vs. Cowboys
The consumerization of IT is now driving a similar transformation in enterprise hardware and software. The traditional IT model is what I call Standardization, where employees are issued company-owned mobile devices, and forced to use infrequently updated software that’s only accessible inside the firewall.
There are benefits to Standardization, but it’s increasingly untenable: Employees have come to expect the same ease of use and performance from the software they use at work as they do from the software they use at home, like Facebook and Twitter.
Frustrated with the inefficiencies of the old Standardization model, many employees are embracing a new model, which I call Cowboy Consumerization. They’re buying their own phones and tablets, and installing their own software to store and manage company data.
Just like Napster, Cowboy Consumerization provides users with efficiency and productivity. But also like Napster, we know that Cowboy Consumerization simply isn’t sustainable.
“70 percent of organizations know or suspect their employees are using personal online file sharing.”So how widespread is it?
According to an August 2012 Enterprise Strategy Group report, 70 percent of organizations know or suspect their employees are using personal online file-sharing accounts without formal IT approval.
Recently I spoke with a group of CIOs at Citrix Synergy. They were seriously concerned about the security risks that personal file-sharing solutions pose within their organizations.
Among their top security worries:
+ How do I protect corporate data and intellectual property if an employee leaves the company or loses a device?
+ How do I ensure that we’re honoring customer and partner contracts that require their data to be stored on-premises, in specific geographic regions, or with certain encryption standards?
Ultimately, IT needs to follow the example of iTunes and create a solution that combines elements of Standardization and Consumerization. There has to be a happy medium between those two models.
Here are some guidelines on how to square that circle:
+ For company-issued mobile devices, use mobile device management or mobile application management (MAM) software for application provisioning and application/device wiping.
+ For BYOD mobile devices, use a MAM solution to manage business apps on the device while letting the end user manage personal apps. That way, if the employee leaves or the device is lost, you can wipe just the corporate data from it.
+ Enterprise apps need to be updated more rapidly than IT typically considers acceptable. Remember, you’re competing with consumer apps like Facebook and Twitter; employees have higher usability expectations. If you can’t keep pace, consider using a cloud vendor to deliver your apps.
+ Different enterprises need to comply with different laws and regulations. Make sure that the software you adopt provides you with account-level preferences to allow you to tweak security settings. You need to meet your needs today and be able to revisit down the road based on user feedback.
+ Make sure that the new tools you adopt allow you to take advantage of existing investments, such as network shares or SharePoint.
As you evaluate the right BYOD strategy, think about Napster and the importance of creating a happy medium between security and convenience.