I have the fortune (or misfortune) of getting Information Week delivered to my door. This year has seen a lot of articles about iOS, Android, Personal Technology, and custom application development. Of course, the executive team at work gets Information Week as well - from the CIO down to the department managers. We have been fairly forward-looking for a while - when Apple released the iPhone 3Gs we were able to support deploying those on a corporate level, and allowed users to bring them into the environment (on a personal level) if they were configured with a profile as detailed in the Apple iOS Enterprise support documentation.
Sadly, we were unable to support droids for a while, since they didn't even conform to ActiveSync security policy (this has changed, fortunately). This has been going on for a couple years, and for a business that is very concerned with privacy (we are a hospital, after all) it was very forward looking. The hospital did not choose to go the route than many others are on - hiring a team to develop custom applications for iOS or Android connectivity to our various data silos, but that wasn't a problem.
This year, however, has been the year of "personal technology" in the trade rags. And as the hospital desperately wants to be at the forefront of technology, they are pushing for support of personal technology at every level.
I am a fan of supporting personal technology. It helps your employees feel attached to your business. It makes them believe that you care about them, and their wishes. But sometimes, you have to balance that with security, business needs, and legal concerns. A strong leader in IS doesn't just give in to the employees, no matter how important they are, if what they want to do compromises the security of your business, and even more important if it compromises state or federal law. I thought we had a strong leadership team in our IS department. Turns out I couldn't be further from the truth.
Leadership knows one word when it comes to "I want" from the VIP/high-profile users: "Sure!"
Can I bring my personal device to the hospital, put explicitly restricted patient information on it, without any oversight or data security managed by the IS security group?
"Sure!"
Can I buy hardware that is blatantly incompatible with our environment, and connect to the internal network with it, so that I look important at conferences and meetings?
"Sure!"
But when we (as the IS team on the ground with the technology) attempt to raise red flags, or warnings to the leadership team that we need to have some sort of structure around these things, and they have to work (function) within the legal and moral scope of our business, we are ignored, or (worse) chastised for even considering such things.
Personal Technology is the "Next Big Thing" in IS - it makes sense because it can save money, it invests your employees in the business on a personal level, and it can improve the effectiveness of your employees - when your environment is able to support it. Before you take the time to let every smartphone, tablet, and personal device into your environment, you need to evaluate the devices, develop a plan, and implement it in a measured way with continued review to determine if what you are doing works for your employees and your business.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment