Agency CIOs Need to Be Aware of the Dangers of Consumer Tech
Agency CIOs must be cautious when procuring IT products developed for consumers.
Jeff Gould is president of SafeGov.org and CEO and director of research at Peerstone Research.
We’ve all heard about the benefits of consumerized IT for large organizations. Consumer technology is more innovative and faster moving than its enterprise counterpart. Just look at Apple, Google or Facebook and compare them to IBM, Oracle or SAP.
There is some truth in these claims. Consumer tech product cycles do move faster, in part because they are freed from the constraining requirements of backward compatibility and technical stability imposed on the enterprise. Consumer tech consists mostly of highly interactive websites or mobile apps that update themselves without being asked and increasingly runs on inexpensive devices destined to become obsolete only a year or two after release.
The intense disruptive pressure exercised by consumer tech on enterprise IT has undeniably benefited the latter, forcing it to modernize and make itself more accessible to users, system managers and developers alike.
Beyond “webification” or “appification,” the greatest positive impact of consumer tech on the enterprise undoubtedly lies in the move from premises-based computing to the cloud. While the transition is still in its early stages, it is difficult to doubt the economic and technical advantages of consolidating the IT assets of many organizations into a few large data centers managed by specialized firms.
Despite these benefits, the consumerization of enterprise IT also has drawbacks.
Contrary to common belief, the problem is not security. Consumer tech and cloud data centers are no more vulnerable to hackers and accidental breaches than traditional enterprise IT shops. On the contrary, greater scale and scope of cloud operations require resources to deploy the best security expertise and tools available. This attribute will arguably make the cloud a safer platform for enterprises to secure their most valuable information than in-house facilities.
The real danger of consumer IT lies not in its technology, but in its advertising-based business model and vendor control of how products are used. The consumer Web and app economy, dominated by firms like Google and Facebook, is all about advertising. Giant Web firms earn their billions through the relentless tracking and profiling of users.
The controversy that has dogged Google in its effort to repackage consumer services like Gmail for government and education users under the Google Apps and Google for Work brands serves as a cautionary example.
A year ago, after heavy media criticism, Google announced it had “permanently removed all ads scanning in Gmail for Apps for Education” and promised to make “similar changes for all our Google Apps customers, including Business and Government users.”
Google did not explain why it had failed to remove ad scanning from its apps at the outset before offering them to schools and government agencies. This functional gap between consumer tech and enterprise requirements is a common pitfall IT managers must guard against.
Another drawback of consumer IT is the tight control vendors exercise over how their products are used, which conflicts with enterprise requirements for flexibility and customization. A recent case in point is Samsung’s Knox suite of security applications for Android smartphones and tablets. Samsung has made an admirable effort to layer enterprise-like encryption features on top of a consumer operating system created by Google to maximize its mobile advertising revenue. But it has proven difficult for Samsung to extract Android from the consumer market.
Google does not allow device makers like Samsung to build in features Google has not approved, particularly if those features compete with Google’s own services. The European Commission has even launched an antitrust investigation of Google for this practice, which the EC alleges is an abuse.
Perhaps even worse, Google itself does not control the distribution of Android or its updates to consumers. Rather, to maximize its market share, it has handed off that critical job to wireless carriers like Verizon or AT&T. As a result, users of Verizon-supplied Android devices recently found that Samsung’s Knox was automatically disabled when the carrier decided to update devices to the latest Lollipop version of Android.
In short, while the benefits of IT consumerization are real, the “impedance mismatch” between consumer and enterprise requirements remains a constant source of risk and uncertainty for IT managers. In this context, the old saying retains all of its relevance: “Let the buyer beware.”
(Image via Bloomua/ Shutterstock.com)