As I was preparing for an upcoming panel
discussion on recent privacy issues affecting the Corporate world, I thought
about two areas of relevancy for most organizations: micro and macro changes in
the realms of privacy and security. See if you agree.
The
major, though subtle, micro change in privacy and security world in recent times
I’ve observed is the loss of power that the mighty IT organization used to
have. Remember back in the day when
IT’s world was gospel. If they
said you couldn’t have this program, you didn’t get it; if they said there was
no way you could access that web site, you didn’t get there. Use your own
device in the office?!?! For work???!!
Fugeddaboutit.
Nowadays
though, it is more apparent than ever that IT has less power to say ‘no.’ Which
of course causes many headaches for the IT department who must deal now temper the tension and
traditional IT resistance of allowing unknown/untrusted devices into the inner
sanctum. The risks are obvious and myriad. These risks have led many organizations
to firmly resist the trend of consumerization by restricting the umpteen amount of variety of
hardware that every C-level executive and their brother bring to their
cubicles.
In
other ways, the fact that the fulcrum of power has now swung to the employee is
a good thing, as I have argued in previous posts. It is the era of
consumerization. This surge of employee power forces the IT department now to
be collaborative, and no longer allows the department to be filled with ‘V.P.s
of No’. I argue that regardless of the formal or
informal position of the IT department, or even the company policy in general,
this faction of users is growing and is in fact disintermediating the IT department by working around them to get
their devices to work at work. And here’s why: people’s personal world and
professional world are drifting closer and closer together with the traditional
lines separating the two becoming blurrier than ever.
For
most business people, the mobile phone is now the mobile office, for example.
The ultimate objective of consumerization is simply work and personal life
converged onto a single device. It’s all about productivity via familiarity of
the toolset. Think about how life was 15 years ago: you had use of all the
great technology and software at work. When you came home, all you had was some
stripped down versions of that machinery and applications – toys, really.
Today, the scenario is reversed: employees who have state-of-the art
technology at home can’t reconcile the fact that when they come to work they
have a Windows XP machine, or worse, that takes 2 days to boot up.
Pent-up user demand should not be underestimated, and consumerized IT can
be the Holy Grail of employee satisfaction if deployed properly.
A
parallel phenomenon that is also of note is the reassignment of power away from
companies and into the hands of the consumer, particularly the power to decide
strategy and business approach. Very recent examples of companies making a 180
degree about face on a business decision are reminiscent of the introduction of
New Coke April 1985, and then the very public reversal back to Classic Coke.
While
the reintroduction of Classic Coke after the debacle of New Coke took 77 days
before the company announced their mistake, many recent example of the power of
the people (largely amplified with the vehicle of social media) are taking less
time. Consider the Bank of America notice to start charging customers $5 for
the privilege of using a debit card with the Bank for purchases – retracted in
a month after the ensuring uproar; and Verizon reversed its plan to charge cell
phone users $2 fee for one-time credit or debit card
payments by phone or on the company’s Web site – retracted after one day! Now that’s power. (And stupidity on the
part of the Corporation’s marketing department.)
Of
the most prevalent macro change I see in the privacy and security space must be
the convergence to the center of the historically very different privacy and
security models of the European Union and of the United States. It used to be
that the U.S. cared only for security and very little of privacy (after all, we
still have no national or federal privacy law), while the countries of the E.U.
cared almost exclusively about the individual’s privacy, and no focus on
security (there is, for example, no breach notification requirements in the
E.U. data privacy laws.)
Now
I see a slow, deliberate convergence toward the common middle as both parties
realize the benefit and practicality of the other parties approach and model. Though
the disparity of the two camps privacy and security laws are still world’s
apart, within the next 3 years – due in large part to both the recently issued
FTC privacy best practices report, and the publication of the E.U.’s Data
Protection Directive proposed revisions - the world will soon finally agree on
the proper blend of both privacy and security controls to benefits of all
customers, consumers and employees on both continents.
No comments:
Post a Comment