Reigning In Rogue Employees -- and Their Technologies

By Todd Wasserman

From mainframes to minicomputers to Macs and MySpace, as information technology has progressed over the years it has also become much more accessible to the layman.

This has an obvious upside -- the average worker these days can set up Web 2.0 applications like email, blogs, instant messaging and workgroup collaboration tools without assistance from IT staff.

But the trend has some downsides. Among them:

• In highly regulated industries like financial services, where documentation has to be provided, it can be all but impossible to recapture data executed on Google Apps or other software applications that originate outside the company.
  
• Some consumer-focused applications have no productivity application, so valuable company time can be wasted.
  
• The typical consumer software application isn’t designed with the same level of security as a B2B application.
  
• Rogue employees can take advantage of all of the above.

The positives of consumer technology
Most CIOs seem to believe that Web 2.0 tools are, on balance, a good thing. Or they at least feel there’s little they can do about them. In a recent survey, Forrester Research found that 64% of IT decision makers viewed the term “Web 2.0” favorably, and 72% of IT departments are using some form of Web 2.0.

Despite such widespread acceptance and use, the first impulse of some CIOs is to crack down on all consumer-oriented applications. That’s the wrong approach, says David Smith, an analyst with Gartner, in Stamford, Conn.

Banning such apps is likely to be counterproductive, for the following reasons, Smith says:

• It can undermine a CIO’s credibility if she bans consumer apps for security concerns that users know or suspect are fabricated.

• It can alienate users who want to use consumer technology to do their work.

• Doing so may summarily dismiss technologies that may be of real value.

To maintain credibility, Smith suggests providing a legitimate reason to ban certain consumer-oriented programs from the enterprise.

“The tendency is to use blanket security and compliance as reasons to say no,” Smith says. “But when you say no, you need to have a good reason.”

Or as Joshua Holbrook, a Yankee Group program manager, puts it, “A CIO needs to be less like Mussolini and more like Gandhi.”

Analysts like Holbrook and Smith suggest working with the technology, rather than against it. Holbrook provides a positive example of this: At Cisco Systems, the IT system doesn’t support Macs, yet about 6,000 employees use them. So instead of having to cater to Mac users, the IT unit at Cisco set up a community-oriented wiki program that lets users help others troubleshoot Mac problems.

How to embrace consumer tech with limits
Of course, there’s a danger in embracing Web 2.0 technologies too much, as well. Though analysts are uniform in their belief that CIOs should go with the flow, they do offer some caveats and tips on how to embrace the technology intelligently. Among them are the following:

• Assess exposure to consumer software In a February 2008 report, Forrester analysts Matthew Brown, Kyle McNabb and Rob Kopolwitz suggested that the level of risk tolerated by such software varies according to type of industry, company and worker populations. Sectors like financial services have a much greater regulatory burden than other industries. The authors advocate focusing efforts on developing policies about the use of social tools and guidelines “about sources of trusted information.” For instance, an IT department could write guidelines about which consumer devices or technologies could be used at work.

• Try to anticipate and meet employees’ needs When workers aren’t satisfied with enterprise alternatives, they might take matters into their own hands and get what they need on their own. That means making sure IT investments focus on these needs to provide simple, user-friendly applications that workers might otherwise be tempted to seek out elsewhere. The key is to understand workers’ needs. A worker may be using Gmail on the job, for instance, because the corporate email’s storage size is too small, so at that point, a CIO may consider increasing the program’s storage size.

• Form a feedback committee that is open to outsiders Moreover, make the committee’s discussions transparent and consider distributing talking points electronically to all employees. Such actions can go a long way towards gaining the trust of workers.

By developing a plan to deal with consumer technologies within a secure framework, CIOs can help their organizations gain the benefits from these technological innovations while protecting the enterprise from rogue employees.

Todd Wasserman has more than 15 years' experience writing for The New York Times, The Industry Standard and Business 2.0, among other publications. He is currently the editor of Brandweek magazine.