How IT can adjust to the new reality, without endangering the businessSo how does IT function in this new world? PwC came up with the framework shown in this slide, which I think is right (both because I contributed to it and because it's enjoyed a good reaction when I've made this presentation to various IT audiences). The full PwC report laying out this framework is available as a free download.
It's a different way for many in IT to think, as it starts with "soft" values and requires IT to share ownership of risk management and technology decision making with employees and their business departments. (It requires the same of the legal, executive, and HR teams.) But as the consumerization trend is fueled by "soft" human issues, it only makes sense that the management response to it be grounded in human approaches.
On the technology side, the framework favors policies, not rigid barriers, to steer employees to the right outcomes while allowing appropriate freedom and creativity. It says the IT monoculture at the endpoint level is a dead direction, so IT instead should think of technology as an onion with multiple layers. The outer, employee-oriented layers should be flexible and individualizable, while core systems should be standardized and safeguarded as much as possible. A simple illustration: Allow any mobile device that conforms to your routine information access policies, but add layers of authentication and security measures such as encryption for those information resources that are truly sensitive within the network. Even if you let an employee access their workgroup share drive from an iPad doesn't mean that same employee can open your HR database.
The bad news is that not all the technology is available to manage this onion skin -- the notion of information rights management is rarely implemented in typical enterprise data objects or systems, and rarely in user apps and devices. The good news is that by shifting risk from an IT- or CSO-only job to a shared one, you incentivize the business to reduce that risk through other means.
The other good news is that consumerization is not new. The first IBM PC or Apple IIe owned by an employee or department started this journey. The Internet pushed it to a whole new level, as information became unbounded, not just computing capability. Yet organizations have not only survived, they've thrived with that new power. Think back to the notion that Internet access had to be strictly controlled; it once seemed necessary and scary, but ended up not being so bad. Then you adapted as it became clear you had to, finding many positives to exploit along the way. Now apply that thinking to this newest set of waves: mobile, cloud, and social media.