Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

Six steps to capture IT consumerisation benefits without compromising compliance


In part one of this two-part post, I outlined the compliance and cost concerns of the bring-your-own device phenomena, described the deeper implications and attempted to define the real problem.  In part two, here, I describe the concrete steps you can take to avoid IT backlash with a balanced approach designed to mimimises consternation while encouraging innovation.


“You can’t always get what you want, but if you try some time you might find, you get what you need.” Mick Jagger

So how does the CIO determine what an end user really needs without having to sanction every decision themselves? In my blog on the IT service broker I recommended establishing and publishing a service catalog that includes both internal and external services. The central idea here is that most shadow IT occurs when users are not even aware that a similar service is available internally (often as a sunk cost and therefore free when compared to a cloud service).


The same catalog is also useful for basic BYOD deployments.  By helping users choose the right device for their needs, IT  maintains its trusted advisor status and is a huge value add for the less technically inclined. How can you get started? CONSOLIDATE demand. Before you can establish a service catalog, you’ll need to add both your own and third-party services. I find that by allowing your Program Management Office and/or your enterprise architects to capture and classify all existing and requested services into one place and establish a plan for qualifying them. Heads up--you should consider declaring an amnesty for the userrs of unapproved services; however, check with your legal counsel before doing so, especially highly regulated industriess.





Photo by atinirdosh - CLARIFY the rationale behind the rules. The “Hacking Work” authors have a point; the dumb rules that don’t add value or protect you from real material risk cry out to be broken. The problem for your users is they don’t always understand the difference between corporate craziness and compulsory compliance. Equally, I’ve known overly zealous risk and security managers that would gleefully place the business in a hermetically sealed Faraday cage purely out of the well-intentioned desire to minimse risk. However that cure is often more debilitating than the disease. I recommend educating your team on a business oriented risk management methodology (Gartner analyst Paul Proctor’s RVM is but one example, your mileage may vary) in order to better understand the the consequences of small actions in the context of the big picture.


Photo by Topeka & Shawnee County Public Library - SIMPLIFY your catalog. If your catalog of services looks like something that only a librarian or airline check-in staff would be able to use (if you’ve ever peeked behind the desk to look at their screens you’ll know what I mean), then you’re making it too hard and they’ll go somewhere else. Think Amazon store and you’re getting closer to keeping your customers rather than confusing them.



Photo by smallritual -

4). MONITOR the actual risks against your model. In a consumerised IT environment, your risk team’s job changes to gathering sufficient intelligence to identify potential patterns. The ability to identify that a large number of low grade risks has suddenly added up to a large scale residual risk for the business is a reason why we built a solution like HP Enterprise View.







Photo by flyzipper - PUBLISH the actual and subjective experience. The number of people who’ve reached out to me saying they bought a trendy device based on the buzz only to find it’s buggier and harder to use than their corporate supplied PC is staggering. That means continuously assessing and publishing not just costs but also quality and risk. Consider establishing monitoring and log management to gather data on the failure rate of devices, unexpected crashes and service outages that reveal the actual experience of users.






Clarity.jpg6). LISTEN to your usersIf they’re unhappy with the functionality (or cost, quality and performance) of the service, then they’re almost certainly going to stray into the open market. Ignoring them isn’t going to make the problem go away, however your end users might start ignoring corporate IT. Get proactive and use social enabled management software to become a listening organisation.


The alternative to all of this is, of course, to place a blanket ban on Bring Your Own anything, a step not far removed from turning off the lights as far as innovation is concerned.


Most of us believe that the IT consumerisation trend is here to stay. Enterprise IT’s collective challenge is to refresh outdated policies, accelerate usability initiatives for “on premises” services and finally to educate end-users in the practical risks they introduce if and when they cross the streams of home and office.



How would you describe your experience with IT consumerization? Nightmare or nirvana?  I’d like to hear from you.

Paul Muller has a wealth of experience working with CIOs and VPs of IT improve IT performance and business alignment.
About the Author


Paul Muller leads the global IT management evangelist team within the Software business at HP. In this role, Muller heads the team responsible for fostering HP’s participation in the IT management community, contributing to and communicating best-practice in helping IT perform better.

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all