Month: August 2014

Let’s Stop Calling it “Shadow” IT. No One is Hiding.

We’ve heard the terms Shadow IT and Shadow Innovation.  We’ve even seen ways to combat it.

As IT professionals and practitioners, what I think we are missing is that our end users aren’t hiding in the shadows. They’re not afraid of Corporate IT finding out that they’re using a non-sanctioned tool. They’re just trying to get their jobs done, and they don’t (usually) think they’re doing anything wrong.  This is something Brian Madden,  Jack Madden, and Dave Stafford call FUIT. Use your imagination.

FUIT is not a new problem.

2007 — A close friend goes to war against her IT department because they keep attempting to block her use of Google Talk on her work laptop. All she is trying to do is avoid SMS, primarily because her Motorola Razr has a T9 keypad (the “iluv8” and “cul8r” days).  She eventually gets a BlackBerry and started using BBM.

BYOD, BYOA, and BYON in action in 2007.  She wasn’t hiding from IT; she was at war.

2008 — A large Fortune 100 company has over 3000 rogue Macs despite the fact that they are actively trying to use NAC to block them.  Engineers proudly display them. It’s FUIT at its finest.

2011 — This same company starts their IT-only Box pilot. They don’t allow anyone else to use it, even though it is awesome, because of “security” reasons.  Their employees start adopting Dropbox, SugarSync, etc. in droves — none of which have “security” features anywhere near Box.

2013 — Another close friend uses Yahoo Instant Messenger at work (unencrypted!!!) because his IT department refuses to deploy an enterprise collaboration platform.

2014 — This same company finally start scaling their Box deployment because Box solved those “security” issues.  They’ve never seen anything virally adopted this quickly. Dropbox usage plummets.

I’m a firm believer that the traditional blocking approach leaves you blind and ultimately drives employees to wage a very public war against IT.  If you block Dropbox, for example, you would be unintentionally driving your employees to use devices and networks not under your control.  I guarantee this is happening in every Fortune 500 company, whether their IT departments want to admit it or not.  It was happening in 2007 when BYOD and Cloud and Consumerization were twinkles in marketers eyes — and probably long before that.

Instead, IT should strive to maximize security and minimize its impact on user experience.  The ideal solution is one — like Box — that meets security needs and delivers a user experience that drives viral adoption.  By offering something like this, you don’t need to block anything else, because your employees will beg you for an account.  In addition, you should use tools like Netflow and services like Skyhigh to monitor what your employees are using. Finally, you can use Device Management tools (SCCM, Casper, MobileIron, etc.) to identify the most popular apps across your fleet.

Sound off in the comments.

(Photo courtesy The IT Crowd. You should really watch that show. It’s hilarious.)


BYOD 101

BYOD is illegal.  BYOD is also legal.

So which is it?

Both.  Every tech acronym’s definition is materially altered by every tech vendor (disclosure: Cisco employee).  I’ve heard BYOD described as a feature, a strategy, a technology, and a problem to solve.  “I’m going to solve BYOD by writing a BYOD strategy and then enabling the BYOD feature on my BYOD server.”


Let’s break down the acronym’s actual meaning.

Bring = Use for doing work

Your = Not paid for by the company

Own = Owned by the employee (or a third party)

Device = Typically smartphones and tablets. It could also include laptops, watches, cars, refrigerators, game consoles, and anything else with a processor, network, screen, and storage.

The things it excludes, by definition, are…

Network (BYON) = 3G/4G/LTE contract, home WiFi expenses, office WiFi access

Apps (BYOA) = Free, employee paid, company paid

Information (BYOI) = The really important stuff that you definitely want to protect, including your sales bookings data and your Camera Roll

This is really a discussion about liability and entitlement — who pays for what.

The California Appellate Court recently ruled that if an employer mandates BYON, they must reimburse an employee for reasonable usage of their smartphone voice/text/data allowance for business purposes.  This isn’t a BYOD problem; it’s an issue about forced BYO network access. I agree with the Court’s opinion. If you need the device to be connected in order to do work, your employer should cover that cost.  BYOD doesn’t necessarily mean BYO network access, BYO apps, or BYO information.  The problem is that some IT shops are blending these things together and calling it BYOD.

Staying compliant means creating and nurturing relationships amongst IT, Legal, InfoSec, and HR. This group then needs to build and publish a Mobility policy.  No, you shouldn’t just write a BYOD policy. You should write a Mobility policy that includes entitlement and security requirements.  This policy should spell out the model you’re using and what’s included and excluded.

The model I’m most familiar with is a combination of BYOD and either CYON or BYON.  You, as an employee, are required to pay for your own device. Depending on your role, the company will either pay your whole bill or won’t pay any of it. The twist is that those Choose Your Own Network plans come with a device subsidy. If you choose the least expensive model, you might even get a free one. If you want the gold one for $399, take out your credit card.

I’ve also seen COPE (corporate owned, personally enabled) models work well. This leaves the liability with the company while allowing some reasonable personal usage (hello Instagram!).

Then there are the Financial Gymnastics approaches — mainly stipends and expense back scenarios. These tend to have tax implications and operating overhead, respectively, although I’ve seen them work as well.

All of these approaches can work for your company as long as you define what your Mobility policy is and you communicate it clearly to your employees.

The interesting question is whether this court ruling can be applied in the reverse. Will an employee be legally required to reimburse an employer for personal usage of a corporate voice/text/data allowance?  Is COPE dead? Is BYOD dying?

Sound off in the comments.

It Looks Like You’re Writing A Blog Post…


Yes, Clippy, I’ve finally decided to start a tech blog.  I am joining the 9,342,691 other  “thought leaders” who think people should read their ramblings. (Oops. Forgot to turn the <sarcasm> tag off.  And…there we go. Much better.)

In case you don’t know me, I’m a Senior Manager within Cisco IT (@ciscoit).  Our team has responsibility for mobile device selection and security, service provider contracts, our Mobility policy (including BYOD), our EMM deployment and management, mobile app development, user experience, and our enterprise app store and service catalog. We have over 40,000 employees actively using  over 70,000 devices with a broad range of services and apps every day.

TL;DR – We deliver mobile IT services for an IT company full of engineers.  It definitely keeps us on our toes.

If you’ve gotten this far, you’re in the right place. I’ll be posting thoughts about mobility, shadow IT, consumerization, cloud services (primarily SaaS), user experience, and anything else that comes to mind. I’ll try to avoid religion and politics, although mobility tends to be about as polarizing as both of those combined.

For example…

iPhone vs. Android …or… Native vs. Hybrid vs. HTML5 Web …or… BYOD vs. COPE …or… Block vs. Allow

Welcome to Consumerization. This is just the beginning.


Is this thing on?