Put a load of IT professionals in a room, ask what their definition of Consumerisation is, grab your popcorn, then sit back and enjoy the debate. After all, if a bunch of IT experts can’t agree between themselves – how can CIO’s and businesses begin to wrestle the problem? I’ll stick my hat in the ring here and state that (IMHO) consumerisation isn’t simply bring your own device/computer (BYOD/BYOC), but also encompasses (generally online) services and arguably software.
Next, ask them what their definition of cloud is – more popcorn. Those of us who’ve been around a little while will remember an acronym – namely ASP (Application Service Provider), which was perhaps the predecessor of cloud. But wait a second – was ASP actually what we now know as SaaS? Or is SaaS a subset of cloud? Wikipedia, NIST, and other sites seem to agree on a broad definition; that cloud computing is a method of accessing computing resources (systems, storage, applications) on demand – generally via the internet. But this also has highlighted the need for a completely different approach and thinking – especially when considering Information Management & Security.
Certain bodies have been promoting this alternative thinking for some time – most notably the Jericho Forum. The risk however, is that many organisations may well jump headlong into cloud – seeing it as the current panacea for their IT challenges. There is an additional danger that organisations and their IT professionals build infrastructure and access methodologies that are an extension of the current approaches – i.e. generally an “outside-in” approach. By this, I mean the traditional method of approaching the problem from a perspective of “keeping the bad guys out”
Perhaps a better starting point is to assume that you can/will be compromised so in effect your business information is potentially open to all. Start at the data and begin to think about what information is unimportant, important, confidential, and “secret sauce”. then work outwards – i.e. who needs to access it. Focus your time and money on securing the information that really needs securing – keeping in mind that users could use any device and be anywhere.
One of the biggest barriers to leveraging cloud services is due to concerns around security. To address this, many vendors are offering services that incorporate strong encryption of data – meaning you can leverage economies of scale, yet know that your business information is meaningless to anyone that doesn’t hold the keys. This might be a step too far for an initial foray – and the “secret sauce” may never see cloud – although some organisations are readily using cloud computing having identified the information they need to protect and the information and applications they are less concerned about. One notable example of this is AutoTrader, with a very clear cloud strategy led by Tim Jones. You can see one of Tim’s presentations here
One thing is certain; the rising tide of tablet sales – together with more and more cloud services – mean that organisations need to adapt and change. Of course you could try and resist this advance, but then a guy called King Canute thought he could push back the sea…..