Platt Perspective on Business and Technology

Navigating the bring your own tech puzzle – 4: cyber-security and related due diligence concerns

Posted in business and convergent technologies, HR and personnel by Timothy Platt on December 19, 2011

This is my fourth installment on the emerging bring your own tech phenomenon (see HR and Personnel, postings 73, 75 and 76 for parts 1-3.) I have discussed this trend in general terms and have written about how Information Technology and Human Resources would jointly develop and own organizational policy as it would govern acceptable bring your own tech behavior and employee practices. I turn here to consider a fundamental asymmetry that drives both employee action and organizational response in this, and if not as a universal and consistent pattern, at least as is commonly observed.

• Employees tend to look at bring your own tech primarily in terms of the benefits this offers, and there, particularly in terms of their own work and their own work/life balance needs.
• Businesses tend to look at this primarily in terms of risk and the potential for risk that it creates, and both for standard risk management issues that are already in place, and from concern regarding new and emerging risk vulnerabilities. Businesses tend to look at this primarily if not exclusively from their own perspective too.

Any effective policy for including and managing bring your own tech is going to have to reconcile and align employee and business perspectives here, maximizing benefits gained while managing and limiting risk – and with the positive value of those benefits outweighing the negative value of their accompanying risk. This approach, I add, applies as a general principle when considering and operationally planning for incorporation of any new technology or any new practice as to how technology is to be used. This principle becomes particularly important when disruptively innovative technologies or technology uses arise and have to be dealt with.

This leads to a crucial question:

• Who decides relative values in all of this?
• And to the extent that this is decided by the employing business, how is their approach going to be best enforced, when monitoring and rules enforcement are not going to be consistently available as an option?
• I add that by the very nature of bring your own tech as an open movement – the more successfully and fully it is implemented, the less centralized oversight and control can be possible.
• That has significant implications where breach of implemented usage and connectivity policy is a distinct possibility, and where with time that becomes a significant likelihood – and that is certainly to be expected if a standard one-way policy development approach is followed.

One immediate consequence of that is that policy per se has to be reconsidered as to how it is formulated, implemented and enforced. Policy for technology inclusion and use cannot simply be top-down authoritarian in nature, and certainly where employees have the option and see personal incentives for bringing their own technology with them. So a business has three basic choices:

• They can take a strict no-exceptions and no policy-violations allowed approach and risk driving out their most creative and productive people, or
• They can enter into what amounts to a firewall versus outside technology arms race with ongoing need to continually add to the defenses and in competition against the business’ own employees, or
• They can seek to develop self-enforcing policies that both sides will want to adhere to.

I am going to post a continuation series in follow-up to this on self-enforcing and self-reinforcing policies. Meanwhile, you can find this and related postings at Ubiquitous Computing and Communications – everywhere all the time and also at HR and Personnel.

Tagged with:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: