In Twitter chats, conference halls, reader comments, and the interminable flow of vendor "scareware" white papers, I keep hearing about IT pros' fear of their companies falling apart because someone lost their smartphone or an employee copied and pasted the intellectual crown jewels in an email from their Mac. It's easy to deride these anxieties as paranoia, but it's hard to convince IT pros -- for whom securing information is what they get hired and fired for -- to relax.
Maybe they'll relax if they talk to Kim Stevenson. She's the CIO of Intel, a company that's embraced PC and mobile heterogeneity in general and the BYOD movement in particular perhaps more than any other large firm subject to regulations and compliance requirements. Of Intel's 100,000 employees, 19,000 participate in the company's BYOD program, which means they're free to bring in their own mobile devices. In fact, 58 percent of mobile devices used at Intel belong to the employees.
[ The war between IT and users: Why users are winning. | Subscribe to InfoWorld's Consumerization of IT newsletter today. | Get expert advice about planning and implementing your BYOD strategy with InfoWorld's in-depth "Mobile and BYOD Deep Dive" PDF special report. ]
On their BYOD devices, employees also bring in their own apps. "Personalization is a fact in this world, and in any event, I can't provide an app catalog that satisfies everyone," Stevenson notes.
The result: about $150 million a year in increased productivity (57 extra minutes per day at Intel per BYOD employee) and cost savings, she says. Intel gets $3 in return for every $1 invested in supporting consumerization, Stevenson tells me. By my calculations, that means a return of about $7,500 per BYOD employee for a cost of $2,500 per employee to enable, manage, and secure. And Intel does this without imposing draconian technology restrictions on users.
Intel's radical concept: Trust your users
Instead, Intel does something rare in IT today: It trusts users. That trust is not absolute, of course: Based on the person's role, Intel figures out how much it can trust each person, then extends that trust. And that trust means expecting the user to do the right thing no matter the device, app, or storage system used.
I've talked to more than a dozen security consultants, CSOs, and CIOs in recent weeks, and nearly all of them have revealed that they don't really trust users, so they use technology to contain or neutralize them. A few believe the BYOD phenomenon, including its close cousin of letting users choose from multiple formally supported devices, is a fad that foolish employees adopted, wasting time and money (they often blame Apple). More believe that employees mean well but when push comes to shove will make mistakes that cost IT staff jobs, because IT is responsible when all is said and done.
Stevenson doesn't see her role as the "father knows best" patriarch, as the stifling East German police force, or as the little boy with the finger in the dike keeping the kingdom from drowning. She sees herself as the enabler of and educator about using technology. And she sees employees and their managers as responsible for how they manage the information they are entrusted with. (Fortunately, so does Intel's executive leadership.)