Last week, I wrote a post on the Fujitsu UK and Ireland CTO Blog about the need to adapt and evolve, or face extinction (in an IT context). IT consumerisation was a key theme of that post and, the next evening, at my first London Cloud Camp, I found myself watching Joe Baguley (EMEA CTO at Quest Software) giving a superb 5 minute presentation on “‘How the public cloud is exciting CEOs and scaring CIOs; IT Consumerisation is here to stay'” – and I’ve taken the liberty (actually, I did ask first) of reciting the key points in this post
Joe started out by highlighting that, despite what you might read elsewhere (and I have to admit I’ve concentrated a little to heavily on this) the consumerisation of IT is not about iPads, iPhones or other such devices – it’s a lot bigger than that.
In the “old days” (pre-1995) companies had entities owned called “users” and, from an IT perspective, those users did as they were told to – making use of the hardware and software that the IT department provided. Anything outside this tended to fall foul of the “culture of no” as it was generally either too expensive, or against security.
Today, things have moved along and those same users are now “consumers”. They have stepped outside the organisation and the IT department is a provider of “stuff”, just like Dropbox, GMail, Facebook, Twitter, Betfair and their bank.
Dropbox is a great example – it’s tremendously easy to use to share files with other people, especially when compared with a file server or SharePoint site with their various security restrictions, browser complexities and plugins.
If you’re not convinced about the number of systems we use, think back to the early 1990s, when we each had credentials for just a handful of systems. but now we use password managers to manage our logons (I use LastPass) for systems that may be for work, or not. For many of us, the most useful services that the company provides are email, calendaring, and free printing when we’re in the office!
So, how does a CIO cope with this? Soon there will be no more corporate LANs and where does that leave the internal IT department? Sure, we can all cite cloud security issues but, as Joe highlighted in his talk, if Dropbox had a security breach it would be all over Twitter in a few minutes and they would be left with a dead business model so actually it’s the external providers that have the most to lose.
CIOs have to compete with external providers. Effectively they have a choice: to embrace cloud applications; or to build their own internal services (with the main advantage being that, when they break, you can get people in room and work to get them fixed).
Ultimately, CIOs just want platforms upon which to build services. And that’s why we need to stop worrying about infrastructure, and work out how we can adopt Platform as a Service (PaaS) models to best suit the needs of our users. Ah yes, users, which brings me back to where I started.
How do you think that this applies across the various different sectors? As we’ve discussed before, the role of a CIO for a government network is very different from the role of a CIO for a corporate network (where much of what you, and Joe, said above).
As a public sector CIO, where you have to abide by significantly more restrictive requirements, I think there’s still (broadly) a culture of ‘No’. Does this mean that we’ll see less drift of CIOs from public sector to private sector, and vice versa, since there’s less common ground now?
Ultimately, the public sector has to meet certain requirements, just as other any other sector does. Arguably financial services is more security-oriented than the public sector, but government has a clearly-documented set of standards. The culture of “no” in the public sector has to change, as more and more budget restrictions bite – but it may be that there is some requirement for public sector CIOs to compete (perhaps using private cloud offerings) more than to embrace public services.
I’d love to see this change – but, in my experience, the CIOs of government can be as ‘agile’ as they want, but by the time it’s been discussed with the various security teams, and through the external ‘auditors’ you just can’t do ‘new’ stuff. There are plenty of examples we could discuss… but perhaps here isn’t the forum!