Consumer Appeal: Skype, MySpace and Other Consumers Apps Pose Risks, Opportunities

1 2 Page 2
Page 2 of 2

Tang and other CIOs see desktop search applications growing in popularity, and they are putting together policies to determine when these tools can be used. Chris Holbert, CIO at Launchpad Communications, which operates an inbound sales call center in Los Angeles, says he currently sees no business need for desktop search. However, Holbert worked for seven years as head of IT at a biotech firm, where researchers made frequent use of a customized desktop search tool. Even some CIOs who currently ban desktop search applications say they are preparing for the day when they might have to change their position. “Desktop search seems to have a lot of momentum and we won’t be able to ignore it,” says James Kritcher, VP of IT at White Electronic Designs.

The risks: Company data may be exposed inadvertently. Once the tool is installed and files are indexed, a snoop can theoretically search someone’s hard drive for information. At PAMF, Tang went out of his way to help users understand how to make sure that sensitive data doesn’t get indexed, but freewheeling users may not always pay attention. Google’s desktop search software also has a feature that lets users search for content on multiple computers. The “search across computers” feature stores copies of PDFs, Word files, spreadsheets and other documents on Google servers. In theory, Kritcher points out, storing documents even temporarily on an external server could expose a company to litigation for violating its privacy, security or document retention policies.

Handheld Devices

What they are: Pagers, cell phones, iPods and PDAs have been around long enough that plenty of companies sanction them for everyday work (think BlackBerry). The devices are becoming so entrenched in daily life that lots of people (including you, probably) bring their own devices from home too.

Business benefits: While at many companies handheld devices are disdained as providing little more than a distraction during meetings, early adopters of the technology on an enterprise scale use them for more than idle chat or diversion. A doctor in Geneva, for example, has reportedly devised a software program that allows physicians to view medical images on their iPods.

At Mintz Levin, IS director Pretorius is testing a proposal from an associate suggesting that the firm build a podcast library of attorneys’ legal presentations. Some managers at the PAMF use PDAs to read e-mail that is not patient-related, look up information about drugs and check medical protocols.

The risks: Mobile phones and PDAs are usually not password protected; therefore, companies risk compromising corporate data if it is downloaded onto the devices. The same goes for iPods, which can be used as backup storage devices. Data security standards set by the Payment Card Industry Security Standards Council could prohibit most pagers and cell phones from being used in offices where information about cardholders is known by employees, such as in call centers or at e-commerce sites.

Mashups

What they are: Mashups are applications that combine data from two or more online sources and run within a Web browser. Think of mashups as Web services lite. Mashups were born a little more than a year ago when Paul Rademacher, an animation expert at Dreamworks, created HousingMaps.com, which merged Craigslist and Google Maps to help people locate real estate listings. Since then, mashups have gained ground among developers; there’s competition to create the most innovative applications. One of the most talked about mashups is the combination of Google Maps and the CRM application Salesforce.com.

Business benefits: Mashups offer faster and easier integration of some services than may be possible using Web services within a service-oriented architecture (SOA). Mashups are less complex, and developers concern themselves less about complying with technical standards because the applications are browser-based, according to consultant Dion Hinchcliffe, president and CTO with Hinchcliffe & Co.

One way mashups are making inroads into the enterprise is when corporate developers adopt the mashup approach for integrating data internally, says John Musser, a consultant who operates the website Programmableweb.com. Investment management company T. Rowe Price, for example, has combined data from multiple applications in order to simplify its call center systems. Kirk Kness, VP of architecture and strategy at the company, says he prefers to call the development technique “composite applications,” because “the term mashup implies that we might be winging it, and we’re not doing that.” Kness and his team are using portal software from IBM and Ajax, a development methodology for generating interactive Web applications.

Meanwhile, IBM is working on a project called QEDWiki (so called because it uses wikis, a tool that allows multiple users to edit a webpage) that is designed to let businesspeople create their own webpages by dragging information from both private and public websites. Using QEDWiki, an employee could integrate weather data, information from an ERP system and the location of company facilities in a single webpage.

“Companies have been wrestling with integration for decades,” says Musser. “Mashups offer a whole new level of power and sophistication that comes for free.”

The risks: These applications can have a lot of security holes. Some mashups that use Ajax scripts, for example, expose their code in the browser, which may allow the mashups to be used maliciously. What’s more, passwords for accessing components of a mashup may also be exposed in the browser, putting the underlying services at risk. Hinchcliffe says that many mashups pull code in live from the Web (think of any service using Google Maps) and run without being previously tested. The danger there, he says, is that the code from an underlying source could change the next time the mashup is loaded, and users won’t know what’s in it.

How to Manage the Consumer IT Invasion

There are several steps CIOs can take to manage consumer technologies as they make their way into the enterprise:

  • Find out what’s happening. By determining which consumer technologies are popular with employees and why they want to use them, IT leaders can figure out the best ways to adapt them internally. Some technologies that have taken off on the consumer side already have offshoots better suited for enterprise use. For example, Google Desktop 3 for Enterprise, currently in beta, allows administrators to disable features they don’t want employees to use. X1 Technologies, which has partnered with Yahoo, offers a competing enterprise search tool.
  • Identify and mitigate risks. If employees need a particular technology to do their work, companies might need to shore up their network security or add bandwidth to support it. If a company allows the use of Skype, for example, it will want to block unsolicited incoming connections to Skype clients to discourage malicious activity.
  • Govern usage. If you’re going to ban an application, set up controls to prevent it from slipping in. Among the options: identity management systems, network access controls and intrusion prevention. “Rather than trying to create a secure perimeter and keep the consumer technology out, you should assume a hostile environment and drive security deeply and broadly into everything you do,” says Gartner analyst David Smith.

If you’re open to experimentation, make sure users know how far they can go. “You don’t want to lose control with what’s happening on your network,” says Mintz Levin’s Pretorius. “But at the same time you don’t want to stifle creativity and innovation. Balancing the concerns and benefits related to consumer technologies is a constant battle, but I see it as a major part of my job going forward.”

Copyright © 2006 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Discover what your peers are reading. Sign up for our FREE email newsletters today!