Take the App Store, and Apple’s well-known policy that before you control what you install on your iPad, Apple first controls what can’t.
When Apple prevents you from doing what you want with a gadget you bought from it, it gives ownership a bad name.
As a metaphor for how IT might support end-user computing, on the other hand, the App Store provides excellent guidance, especially compared to the lockdown that’s purported to be industry best practice.
Which brings us to the End-User Computing Manifesto. I last visited this subject five years ago. An update is long overdue. Here it is.
End-user computing devices have multiple uses. They are the entry point for enterprise applications; tools for increasing the effectiveness of individual employees; and platforms for innovation by those employees capable of original thinking. What follows supports these uses while providing a prudent level of protection from inadvertent and malicious damage.
• IT will provide standard desktop and laptop computers, and will support iOS and Android smartphones and tablets.
• Employees may use their own computers, smartphones and tablets so long as IT certifies they adhere to all security standards, either natively or through the deployment of company-managed virtual desktops.
• IT will maintain an internal “App Store” of tested and approved software. Each package will be the company standard for its functional purpose.
When an end-user requirement can be satisfied by App Store software, the standard supersedes individual preference (if Microsoft Office and SharePoint are in the App Store, for example, end-users won’t insist on Google Apps).
IT is, however, responsible for finding out what about its standard is so seriously deficient that an alternative seems like a good idea.
• Where the App Store can’t satisfy a manager-approved end-user request, end-users are free to purchase and install software so long as their manager approves it and certifies that the purchase has a business purpose. Except for software listed on the “App Blacklist” — software known to contain malware, serious security holes, or severe bugs.
Through automated software inventory tools, IT will scan end-user computing devices connected to the company network on a regular basis to detect newly installed software, and IT will research any new packages for possible inclusion in either the App Store or Blacklist.
• IT will, to the extent possible, automatically back up end-user data and configurations, providing tools for user-controlled manual backups when automated facilities aren’t practical.
• IT promises no support for end-user-purchased software, but may choose to help out as time and staff are available.
• IT will never say, “We don’t provide this kind of tool and we won’t let you buy it either.”
• If a device goes haywire, IT will recover its data if possible, and restore or replace it, if possible to the most recent stable configuration, otherwise to a standard build.
• IT will provide suitable tools and support for end-user software development.
• IT will never say, “We won’t build it for you, and we won’t let you build it for yourself either.”
• If an end-user develops an application that is redundant to an existing IT-supplied application, IT will give that employee’s manager the old hairy eyeball. It will also find out what about the official application is so seriously deficient that building an alternative seemed like a good idea.
• IT will provide training for business managers on how to manage small-scale application selection, development, and maintenance. Responsibility for the accuracy and integrity of applications developed (or purchased) without IT’s involvement is the responsibility of the business manager.
• IT and internal audit will provide consulting and review services for end-user-developed applications, if requested or if the situation demands it.
• When business management decides an end-user developed application has achieved mission-critical status, IT will take responsibility for providing a functionally equivalent replacement that adheres to all IT application standards and is managed as part of the IT applications portfolio.
• End-users may only upload information into production databases through audited validation programs provided by IT for that purpose.
• IT will provide secure, convenient facilities for remote systems access. End-users may never, under any circumstances, install and use their own.
• End-users are not allowed to install software that tunnels through open firewall ports to bypass IT security.
Feel free to cut-and-paste as much of this as you want into your company’s policy manual, with this restriction: If you do, you’ll let me know and provide an occasional status report so the KJR community can benefit from your experience.
Bob Lewis is author of Outsourcing Debunkedand eight other books on business, information technology, and where they intersect. He is president of IT Catalysts, Inc., a consultancy specializing in these and related areas.
Bob Lewis is a senior management and IT consultant, focusing on IT and business organizational effectiveness, strategy-to-action planning, and business/IT integration. And yes, of course, he is Digital. He can also be found on his blog, Keep the Joint Running.