November 08, 2013, 12:12 PM — If National Geographic taught us anything over its 125-year history, it's this: Survival depends largely on adapting to constantly changing conditions.
So it is with National Geographic's prized printed magazine morphing into a digital publication. Behind the scenes, the company's IT department must also adapt after having been de-clawed by employees empowered by the consumerization of technology in the enterprise.
"The old IT was, 'We're going to do a release once a quarter and test for 10 weeks out of that quarter and on the first day of quarter two, you're going to use it and love it,'" says Dan Backer, director of infrastructure systems at National Geographic, speaking at Okta's user conference in San Francisco this week. "That's the part of IT that's eventually fading into irrelevancy."
"People started coming out of the woodwork with all their shadow IT cloud apps. They said, 'We want to do the right thing and get on board with you guys.'"
-- Dan Backer
Director of Infrastructure Systems
The corporate computing environment today is one where IT can no longer dictate to its users. Business line managers and employees have quickly climbed up the food chain and are now choosing what apps and mobile devices they want to consume. CIOs must find ways to lure employees into the folds of secure and compliant best practices and sound technology investments. If they can't, then employees will simply cut IT out completely with stealth tech and rogue projects.
Mobile Apps Lurking in the Shadows of IT
A Mobiquity-commissioned survey found this to be especially true with mobile apps. Employees love the simplicity and ease-of-use of consumer apps and shun unwieldy enterprise ones. The report found that two out of three employees "go rogue" and download apps from public app stores that they prefer over those that their IT department wants them to use. This, of course, leads to security risks.
The survey also found that IT is trying to regain control by preloading apps onto mobile devices and creating app blacklists, which further fans the flames between IT and employees.
Slideshow: 10 Popular iPad Magazines
National Geographic's IT department took a different approach: It opened the floodgates and let employees use whatever apps they wanted. IT promised to make life easier for employees if they put their consumer apps under Okta's single-sign-on purview. With a single password, they could access all their business apps in one place. IT could also help business managers with cloud contracts and security.
"People started coming out of the woodwork with all their shadow IT cloud apps," Backer says. "They said, 'We want to do the right thing and get on board with you guys.'"
National Geographic started with 10 basic corporate apps for employees available over the Intranet and Okta mobile app, such as Gmail, Google App Drive, AnyMeeting, VPN Remote Access from Citrix, File Transfer Service from Accellion, HRG Executive Travel, PeopleSoft and NGS Helpdesk. After opening Okta up to any app--an employee can simply add an app in a self-service way--the number of apps in the library reached 60 in less than a year.
Employees added all sorts of consumer apps, such as Facebook, LinkedIn, Twitter, Confluence, JIRA, GitHub, Dropbox and LogicMonitor. National Geographic's IT department doesn't blacklist any apps, and adding apps is easy without any IT approval process. However, the IT department doesn't necessarily support or train employees on self-service added apps.
By putting apps behind Okta, IT gains some security measures. Okta provides the same kind of data protection for a consumer app as with a traditional one.
"By bringing it under the umbrella of Okta and your other management systems like AD (Active Directory), once an account gets de-provisioned, they lose the access to their data and those applications, so they can't take it with them," says Karen Huffman, manager of SaaS, cloud apps and collaborative technologies at National Geographic.
Security Risks Come From Surprising Places
These security measures aside, an open door policy for consumer apps surely invites risk. After all, sensitive data can find its way into personal cloud storage and file-sharing services and out of IT's control.
You'd probably never guess who some of the worst offenders are.
A recent Workshare survey found that nearly seven out of 10 employees use free file sharing services to share corporate documents. A whopping 88% of employees in legal and professional services lead the pack, followed by 78% in financial services. (For more on Workshare's survey findings, check out this infographic.)
"So the legal department hates Google Drive, they won't use it," Backer says. "But they actually really like Dropbox, because they can put in all their stuff and mark changes. Isn't that crazy?"
Taking the IT Out of IT
For years, CIOs have used security requirements as a top reason why technology must flow through their office. But National Geographic's IT department has given up on this tactic. Instead, IT mostly relies on business unit managers to make sure their workers are doing the right thing when it comes to technology in the workplace.
Sure, the IT department educates users through short videos and cool pictorials rather than wordy guides--after all, it is National Geographic. But by letting business units work things out, IT shakes off its draconian reputation shrouded in complicated technical jargon and instead becomes a trusting and supportive partner.
In other words, you can get further with a whimper than a roar.
"I think IT talks too IT-ish," Huffman says.
Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at firstname.lastname@example.org