The distinction between the good and the bad of things that are new or unforeseen was on display in a panel at this week’s Society for Information Management SIMposium 2011 in Orlando.
Three well qualified IT leaders representing the defense industry, leisure and entertainment and health care answered a series of questions from a moderator about the priorities relating to things like bring your own technology (BYOT), social media, virtualization and cloud computing. Some of this was pure common sense, but I decided you’d be wise to be culturally informed when sitting down to lunch with these folks.
Though it’s probably fine for me to name the guests who spoke, I’ll stick to their industries for now and follow up later. What they said was as interesting as who they are.
A departmental CIO at a large defense contractor said the best way to sort security concerns with opportunities for productivity and competitive advantage is by working with policy, security and legal teams, the norm for many big organizations.
But we can no longer dismiss consumer tech for the sake of saying “no,” the defense CIO said. The red tape is peeling, and there is pressure to catch the wave and bring useful and popular technologies to the workforce while they are hot.
This CIO actually implements new technologies covertly to learn their effect. “I use the terms ‘band of thieves’ where we purposely have to insert the technology to get moving,” he said. “Otherwise it would all be a threat instead of an opportunity. If we used our traditional way of introducing technology we’d be dead on arrival. We recruit groups of people around the company who use devices to help us get ahead of the curve.”
As you’d guess, testing habits on the new tech wave was less attractive to the health care CMIO on the panel, and, for regulatory reasons concerning breaches and “rogue uses” of technology, he took a dim view of user-introduced productivity.
“If we lose the demographic information on one patient and it becomes public it’s going to cost us $1,000 per patient at a minimum. It’s a tremendously sensitive and emotional topic.”
But the health care exec does expect new tech uses from clever users, so his organization operates a lab with many of the technologies it predicts might come into the field and monitors the edges of his network.
“Surveillance happens before you encounter the equipment in the field. We map a profile of each user and what a day for them might be. When we see them downloading a lot of information we ask them about them.” Sometimes, he says, this means they are going to leave the organization.
“We have to be big brother-ish to guard consumer information,” he says, and adds that if you have legacy information on tape storage, you'd better be sure you’re treating it like it’s a digital information asset in your strategy as well.
The leisure/entertainment CIO, whose employer operates hotels, clubs and casinos, has a more exploitative approach to consumerized technology.
“Access to credit card and personal data is very important to us,” he says. “We treat those things mainly through policy right now. Because we don’t have regulation of personal information like health care, we can deal with it that way.”
Policy can be an effective way to circumvent problems that are only potential ones. “We wipe a phone if it connects to the Exchange server. If someone leaves the company or there’s a lost or stolen phone we wipe it and consider that an acceptable risk assessment.”
The entertainment CIO works so policy doesn’t get in the way of customer analytics and touch points that drive his success. “Social media, it’s a fulltime job to effectively market and communicate with our fans … “We’ll work out security because I see us adopting how consumer trends that are about the sharing of information among the consumers that will use it. That is my speech and I’m sticking with it.”
All three of these IT leaders seem to be taking the advice of those who say the way to deal with things described as “disruptive” is to expect their presence and involve and inform the business, rather than to be surprised when they surface. Their policies vary to the extent they are governed internally and externally, but their actions are about observation more than the “command and control” caricature that has heaped scorn on IT.
Or, as the entertainment CIO put it, “If you don’t like change, get the hell out of IT.”