When Paul Tang first downloaded Google’s desktop search application, he was impressed by its speed and power. Instead of painstakingly looking for data and files on his hard drive, he could find them with the ease of a Web search. However, Tang, chief medical information officer at the Palo Alto Medical Foundation (PAMF), quickly realized that the slick application could also be dangerous.

Tang saw that this early version of Google Desktop (it was released in 2004) would index encrypted webpages from the hospital’s online patient health system, caching the data on his PC. “We take great pains to avoid leaving personal health information on PCs, and we noticed that the search tool was doing that by default,” says Tang. Tang didn’t ban the software, but the hospital advised users to change its settings so that encrypted webpages—including those within its medical records system—would be excluded from searches.

Tang isn’t as worried now. Google has since changed that default setting, so it no longer leaves cached information on a user’s computer, and Tang counts himself an enthusiastic user of the software, among other consumer applications. But as a guardian of patient privacy, Tang knows he has to keep his eyes open for potential vulnerabilities. “Consumer technologies are useful and powerful—and difficult to regulate,” he says. “You have to be careful and conscientious about how you use them.”

The Consumer Tidal Wave

Not long ago, corporations were on the leading edge of technology adoption, providing employees with better equipment and software than they could purchase on their own. Now, however, consumer applications are easy and fun to use, and often free; in many cases, they also work better than corporate software. And the tables have turned on CIOs, as employees download software from the Internet, bring their handheld devices to the office and merge their home computing life with work. Concerned about losing control of their networks, some IT departments have banned all unauthorized software and electronics from the workplace.

While it’s true that consumer technologies such as desktop search, Internet telephone services such as Skype and devices such as iPods can weaken network security, the trend is hard to stop. In many cases users are downloading software unbeknownst to the IT department. In a Gartner survey conducted last year, half of the respondents reported that more than 60 percent of their IT users were employing consumer-grade software, whether approved or not.

Furthermore, employees may be on to something: Emerging consumer applications, when adapted to the enterprise, can make workers more productive and cut IT costs. In fact, Gartner predicts that between 2007 and 2012, the majority of new information technologies that enterprises adopt will have their roots in the consumer market. (For more about the impact of consumer technologies on enterprise IT, see “Enterprise Software Gets a Face-Lift,” Page 66.)