On any given day, I’m likely to have some form of conversation that includes a discussion of why no one should have administrative privileges, or why everyone should have them and IT shouldn’t care. To paraphrase Mr. Kenobi, both arguments are correct, from a certain point of view.
The core of the issue comes down to determining what is most important to an organization. Some organizations need extreme control and security. In these organizations, having computers and devices locked down and only capable of performing approved tasks is required, often by law. Many other organizations may not be bound by these laws or have as great a need for security and may instead place greater value on creative freedom and the flexibility to be productive according to an individual’s own work habits and quirks. Since the locked-down model has been the IT standard for decades, we’ll leave that topic alone for now and instead discuss some of the ideas behind a consumerized model.
What Is Consumerization
The consumerization of IT is a topic that is in relative infancy, but rapidly growing, sort of like “cloud computing” was just a short few years ago. Being a young and evolving concept, it’s not uncommon to to find varying definitions, and what follows is my own working definition as of December 2011.
“The Consumerization of IT” describes a trend where organizations expect employees to own a computer, be able to use said computer, and be able to obtain service and support for that computer.
Similar to the fact that most employers expect their employees to own and maintain phones and the means to get to work, a company following a consumerized IT model expects employees to own and maintain a computer. These organizations may give employees a stipend to purchase the computer or may even provide a computer, but offer little to no support for the device or common commercial software. This approach is often referred to as a bring-your-own or “BYO” model.
The primary goals of IT in a BYO scenario are to provide access to proprietary data and software tools that the user community needs to accomplish the organization’s goals rather than duplicating the support efforts of Apple, Microsoft, et al. Schools worry about the educational process and a bread company worries about making and selling bread. Both leave the business of Mac OS X support to Apple, Word support to Microsoft and Photoshop support to Adobe.
Why It Works
At the dawn of IT, we had to cope with baby boomers who grew up with slide rules and musty encyclopedias. These people needed legions of helpers to translate the digital voodoo that would allow them to do their jobs. Baby boomers are now retiring in droves. Their children and grandchildren don’t need the same kind of handholding.
Also consider the fact that the young people who have entered the workforce in the past several years, and will be entering it going forward, have grown up with computers almost since birth. These people came through school using the Internet, word processors and cellular phones. Children born on the day the Internet was opened to commercial activity have bachelor’s degrees now. These young adults may have been using an iPhone for as long as or even longer than their employers. Aside from having a level of competence with technology, and perhaps because of it, these employees are more likely to chafe against a tightly locked system.
Some Management
Whether it’s software distribution, managing compliance with legal guidelines, providing critical software patches, or configuring an email account, even organizations that have consumerized IT will benefit from some degree of client management.
Since the end user will be in ultimate control of the computer, it is important to have clear communication between IT and the user regarding the management tools used and what is expected of each party. A balance must be struck between the privacy needs of the employee and the security needs of the employer, and the stipulations of that balance should be well understood by both parties.
How It Works
Since the end user has administrative privileges, common IT terms like “push” and “lock” don’t apply. To have effective management, we need to link compliance with desired and/or required items. Examples might include automatically locking out a user’s directory service account if their computer doesn’t comply with security requirements or removing network access and/or email configurations if the device fails to meet other agreed-upon management requirements. In this way, we are able to give the end user the tools they need, but only when they agree to and comply with the organization’s policies and requirements.
Software installations and even many management tasks may be delivered by a client-driven mechanism, such as The Casper Suite’s Self Service tool or similar mechanisms; although there will likely be some settings such as those discussed above that will be enforced as a mandatory requirement of participating in the BYO program.
It is important to design the systems and processes involved to be as simple, user friendly and foolproof as possible. While today’s end users tend to be more savvy than their predecessors, not everyone is a technology nerd, and shouldn’t be expected to be one. Apple users in particular expect things to “just work.” Maintaining that same high level of usability should be a requirement of any BYO project. If something can be done in two clicks, don’t make the user do it in three. Make sure interfaces are labeled well and consistently. Finally, always use the system yourself. You can’t relate to your users’ frustrations very well if you never use the systems they use. If you find yourself not wanting to use a system, that’s a great indication that the system needs work.
I hope this overview proves useful. We may explore these concepts further in future articles if there is significant response.
The Mac Admin 