Several recent articles (http://bit.ly/oZEmvS, http://bit.ly/n5oOhj) have discussed the rapid consumerization of technology and the difficulty that corporate IT groups are having in keeping up with the changes. The statistics show that use of consumer devices (smartphones, tablet devices) and social media services (Twitter, Facebook, blogs) for and about work is increasing rapidly, swamping the ability of Corporate IT to support, implement and control. At the same time, the number of high profile security breaches and losses of personal data is at an all-time high, leading to increasingly draconian regulatory remedies and pressure on IT to keep data secure. I’m going to address these trends in the context of the impact on Citizen Schools and other non-profit organizations and some of the ways that the Force.com platform and consumer technology can be used together to mitigate some of the issues.
At Citizen Schools, about 40% of our staff are recent college graduates, a generation known as ‘digital natives’. These people have grown up with ready access to the Internet, social-networking service and consumer-friendly technology. In college, they became used to collaborating with other students on Google Docs, sharing files, music and movies via peer to peer networks and coordinating their lives via Facebook and all of those tasks were easy to accomplish. When we hand them their Windows-based laptops, tell them they have to use Outlook for email and to try to collaborate with colleagues on Sharepoint, they aren’t happy (and sometimes revolt), even though the tools themselves are perfectly functional and make sense from a business perspective. They want to use their Macs, their Android and i-phones, and (increasingly) their tablet computers to do their work.
From an organizational IT perspective, all of these factors cause problems. For my small tech team supporting nearly 500 staff, our first instinct is to want to standardize, to minimize the number of different devices, browsers and applications that we are expected to support (despite expectations, not all computers are the same, nor do we have expertise in all software). Each time that we say ‘No’, however, we become less relevant to our staff, and increase the likelihood that they will go around IT to accomplish what they need to do. Of course, each time someone uses their personal laptop (which may or may not have virus protection or a strong password) or shares a file through an online service like Dropbox, they put their organization at risk of a breach of personal data. Smartphones and tablets add even more to the risk, being that much more portable and desirable, and in many cases, even less secure.
Fortunately, non-profits aren’t yet subject to the same requirements as other industries, but state and federal regulations are becoming increasingly strict (and are already more so in Europe). The consequences of a breach, however, remain high, potentially calling into question the operational capabilities of the organization in the minds of funders and impacting the organization’s reputation.
So how do we let our users have the tools and devices that they’re used to working with (and with which they’ll be more productive), yet try to minimize our organizational risks? We’re nowhere close to having all the answers, but here’s the approach we’re taking, keeping in mind that our primary platform for data and CRM is Force.com and that we use Sharepoint for a lot of document management and Microsoft Office for most document creation and editing:
- Devices: Although we’re not going out and purchasing iPad’s centrally for the organization, we are strongly encouraging staff to use their personal iPads for business purposes, subject to a few constraints (and have purchased a few on a pilot basis). First, if they’re connecting to our Exchange email, iOS forces you to create a security code, which eliminates one of the up-front biggest concerns about having sensitive data on the device (no password at all). Second, we’re requiring staff to install and activate the free Find My iPhone application, and agree that in the event of loss/theft that they’ll wipe the device. It’s not as strong an approach as central control of devices (as with our Blackberry Enterprise Server), but it gives us an extra level of security. We’ll be implementing a similar policy on personal smart phones within the next few weeks (as soon as we identify a good app for Android phones – suggestions welcome).
- Collaboration: We’re headed full on for Force.com Chatter deployment across the organization, with all users who don’t have Chatter-enabled licenses scheduled to receive Chatter Free licenses. We’re still working out the launch campaign, usage guidelines, etc, but this is too powerful a product for us not to take advantage of it. We anticipate using it for regional team coordination and management, cohort-building across the network, collaboration around internal projects and general subscription-based communication.
- File Sharing: Personally, I’m a big fan of Dropbox and I use it for personal purposes all the time. Professionally, however, I have some concerns, particularly in light of their recent data breach. There are certainly other services out there, but the landscape is changing rapidly and we’ll want to have a solid contender in place. Sharepoint continues to be our primary platform for document sharing and management, but browser compatibility issues and limited functionality on mobile devices are problematic. As a result, we’ll likely be using some combination of Sharepoint and Chatter files for internal file sharing and probably use something like Dropbox for one-time/short-term external file shares.
- Force.com: As we roll out Convio Common Ground this fall, we’re going to make a big push on mobile for our Senior Management and other external relations staff. This will initially be accomplished through use of the full Salesforce Mobile license and application, which will give key staff the ability to manage their accounts, contacts, opportunities and many of the custom items that we’ve created while on the road, particularly for managing tasks and logging calls and meetings. The mobile application not only provides additional security for our data by requiring an additional key code to access the application, but also has a remote wipe feature that allows us to delete the Salesforce data if such a need arose.
Force.com is going to be a key factor in our ability to be successful in this approach, as we’ll be able to leverage all the existing functionality that’s provided by the platform, including role and profile-based security, access our data through APIs like the Chatter and Apex REST API and then present the data using powerful technologies like JQuery Mobile or Phone Gap that are focused on a great user experience. It’s not going to be a small project, but it’s one that’s got a much greater chance of success than building apps the old fashioned way because we’re meeting users on their terms, rather than trying to prescribe how they do their work.
For technologists, how do these challenges resonate for you? What are you doing to mitigate them? For end-users, how about you? What do you need from tech to be successful?