The technical impact of the consumerisation of IT can be disruptive to CIOs, but a less well considered aspect is the impact to organisational management processes.
Consumerisation challenges the traditional balance of CIO and organisational power when it comes to the deployment of IT. Consumerisation alters the way employees think about the business technology they use and the responsibility they have for it too.
Consumerisation has reversed the direction of IT innovation flow. IT departments now find they have to react to user demands where before they used to dictate strategy.
There is a vast number of productivity-enhancing applications that users can download onto their smart devices, without the need for the IT department's input, but it is likely to be the more mundane applications that will have the most impact.
"What we're seeing is that senior people in particular are leading this kind of innovation. They're the ones that are bringing in the iPads and the laptops, so it's very difficult to impose command and control from below," says Owen Powell, formerly IT director at the NHS Inner Northwest London PCT and now Head of IT at The Royal Marsden NHS Foundation Trust.
Simon Callow, head of IT at luxury car manufacturer Aston Martin Lagonda, says the business benefits in terms of working processes are very compelling too.
"What the business is challenging me for is the elimination of non-productive hours and I think mobility gives us that opportunity, and that goes back to the always-on piece," he says. C-level peers at Aston Martin Lagonda have challenged Callow to increase productivity, and consumerisation allows staff to operate wherever they are, in an always-on way.
The key for Callow is to get the most out of every employee, which mirrors the demands of the car-making industry, a competitive business which is always looking for improvements in production efficiencies.
The health sector too is a highly mobile workplace and staff are expected to spend a minimal amount of their day stuck at a desk. Powell recognises that the quicker he can deploy a mobile strategy, the faster the benefits can be realised. If staff are using devices they are familiar with, that process is accelerated.
Digitising NHS processes and applications onto familiar consumer devices offers the health service the chance to reduce the time and money it spends on training.
"Back in the day you'd have users who would see corporate IT as bit of a chore. It's not necessarily something they wanted to do," Powell says. That has all changed now.
Improved collaboration has been a holy grail of the IT department for some time, and the influx of consumer devices has made collaboration easier to achieve.
Aston Martin relies on third-party suppliers who need to be kept in the loop with company developments if the car-maker is to be able to react swiftly to changes in the market. Callow believes his SharePoint collaboration tools help the company do that.
"Why wouldn't we do that down the supply chain? Federation within the supply chain can help us shorten the development cycles of the particular product we are dishing out, which happens to be luxury sports cars," says Callow.
Steve Shakespeare, EU software director at Intel, says the chip giant has the same ethos.
"We have teams in Israel and in the US that have to collaborate together and they have to collaborate electronically. It's not an option to use paper and we have an enormous number of security systems that secure the intellectual property that we hold within the organisation.
"So increasingly, collaboration in many respects is old, but things like video collaboration - it's a great way to be more productive in the business."
Shakespeare says the CIO's role is in adopting consumerisation as a corporate strategy for improving work processes. Data security has to be maintained, even though information is flowing outside the company.
The NHS's Powell is well aware of the sensitivity of data within his organisation, which has to process a huge amount of personal information about its patients.
He has a well-defined approach to managing where that data goes, in terms of security protocols, but this has to be matched with some people management skills too.
Powell recommends that security protocols have to be communicated to all users and that they must acknowledge that they have understood them and will undertake to abide by them.
"Our tactical approach at the moment is to be crystal clear about the sacrosanct nature of patient information. So, people really need to understand that certain data isn't supposed to exist on these things and they are for convenience only," he says.
Powell allows certain types of corporate data to be held on employees' own devices, but he insists that the IT department has the ability to wipe that device. This means the employees' personal documents, pictures and other media will also be wiped.
"Staff need to be crystal clear when they use a personal device for work that they are at risk of losing a whole lot of personal data if they lose a device. They have to sign something to say that they agree to that in advance," Powell says.
Powell thinks that employee awareness of the security impact of processing company data through a personal device has to go even deeper. He says that employees have to be made aware of the potential impact that losing certain data could have on their organisation and take individual responsibility for it.
"In the longer term, not necessarily being deployed at the moment, we need to take a different approach to keeping data safe. My personal view is that end users need to take a more personal responsibility for the data they hold," he says.
"The constraints on where data is allowed to go are disappearing and the responsibility has to flow with the data, to the end users and that's fine as long as it's well understood by them," Powell adds.
Part of this process, he says, is to classify data on a much more granular level so that employees have a better understanding of how they should treat each piece of information they hold. Once they have a clear idea of the potential for harm different data has, employees can be held accountable if they are careless with it.
"We need to update our policies and guidelines because again one of our control mechanisms is that we have we have a policy that people sign up to and if they contravene that policy then they are in trouble," Powell explains.
"This is the key thing to me. Security, as much as a technical issue, is also a behavioural issue. It's what people do with data and how people use the computers that they have."
With data routes becoming non-device-specific and corporate information physically roaming off the premises, security has to become more sophisticated than a mere network of firewalls.
Accordingly Powell is moving away from the firewall-based approach to security to one where data is classified according to its sensitivity and the level of protection is set on that basis. He admits that the granularity of that classification is still quite limited, but he hopes that in time he will be able to set a spectrum of security levels for data going out to mobile devices.
Login systems are strictly applied so that no device, whoever owns it, can be switched on without a passcode. All data that goes out to mobile devices has to be encrypted, and all devices have to be set up so that they can be wiped remotely if they are lost.
"Device encryption has been a standard within the NHS for a long time. We wouldn't countenance anything that wasn't encrypted, because things do get left on buses."
On the move
At Aston Martin Callow sees mobility as the key benefit of consumerisation and his main concern is to make enterprise applications available to mobile users. Aston Martin has recently deployed Microsoft Office 365 and this cloud-based Software-as-a-Service application set allows Aston Martin employees to access shared resources - including email and scheduling - from anywhere and on any supporting device.
Callow explains that actually, much of the workforce remains in a single building, but that doesn't diminish the system's ability to enhance flexible working within the office.
"Linking that through to some of the offerings like SharePoint enables us to then share the information," he says.
Consumerisation carries with it a certain expectation by users of reliability, which is why Callow has chosen an off-the-shelf approach to supporting employees' mobile devices.
Microsoft's unified communications solution, Lync, is also used at the car manufacturer to allow staff to know when their colleagues are contactable. All this contributes to the ease of collaboration Aston Martin needs if it is to stay competitive in the luxury car market.
"Office 365 gives us that ability to share information and share desktops, but also to see the availability of these individuals and have chat-powered conversations," says Callow.
"Whether it's through an instant messaging solution like Lync or whether it be through video and actually talking to a shared desktop, that then improves collaboration."
Aston Martin's internal use of consumerisation is mirrored by an external view. Being a consumer-facing company with a select customer base, the luxury car manufacturer cannot ignore the way its clients have embraced smart mobile devices, and uses social networking technology as a valuable tool for keeping in touch with its loyal customer community.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.