If user supported and supplied technology is as reliable as the systems provided by IT, then there is no real savings benefit provided by IT departments in regards to reliability.

So, a question to ask yourself as a technologist is how much time users in your organization spend keeping their IT supplied systems running or waste time due to systems being down.

We all know that users have varying degrees of technology expertise. Some users are smart enough to keep most of their technology running in tip top shape, many are not.

I believe an argument against or for user supplied and managed technology is the maintenance and support argument. If your employees are spending time keeping their laptops running or updating them then this is costing the business money. Unfortunately, the alternative in some companies may be fault prone IT infrastructure that saps employee's valuable time.

The preeminent question in my mind as an IT manager is "Where's the value?". I'm supposed to be the expert technologist that can deliver technology that provides value to the company. I also understand that my salary is part of that equation.

Technology is becoming less complicated for the end user and is providing more value for the dollar. Users have access to technology that can provide value to the company.

IT managers are the wrong people to be saying �no� to employees. The employee�s manager needs to say �no� and for a good manager to say �no�, there needs to be a demonstrable connection between that "no" and a value equation that agrees with it. Business mangers need IT to explain the technology part of the value equation. It�s up to the business manager to make the final decision and to ensure that the expectations placed on IT are well understood. When you make the value calculation for new things your users want, you need to include the value provided by the technology they want into the equation. In other words, you can't default user's requests to a default value of null or a negative value. If you do, you�ll probably look like a fool.

If you don�t work in an organization that employs business managers who can be involved make these type�s of decisions, then you are fighting a loosing battle. You are being placed in a situation that is intolerable and this problem can probably only be rectified by finding another employer.

This is in response to "IT Manager's" post...

You currently talk about two options:

1: User provided IT solutions
2: IT organization provided IT solutions

However they're both lose-lose battles. There is a third option, which is to get your IT solutions from a 3rd party expert that offers such solutions as "Services". For example, the entire Software-as-a-Service (SaaS) market is bypassing IT organizations, around the world, to provide businesses with far more advanced solutions than they would normally get through their own IT staff simply by pointing your web browser to an enternal infrastructure and running someone else's solutions. Why is this happening? Because they can provide solutions to businesses 1: faster; 2: better; and 3: cheaper than dedicated IT staff can.

IT is too big of a space for "any" dedicated IT organization to be capable of worrying about everything that "is IT". So why fight the battle? You're better off going to expert service providers and simply strap in their services, at a fraction of the time, money and energy that it would cost you to do it yourself.

The reality is that businesses are starting to realize that having dedicated IT is not the "core" competency of the business that pays for it. Instead, they're realizing that IT is a "chore" function. As a result, the businesses will almost never fund the IT organization to deliver the most adequate solutions. In the end it's a vicious game of catch 22... The business won't fund IT to do what it needs to but will blame IT for not receiving what it wants. IT will blame the business for not funding it properly but will never admit that to do so is far beyond the scope and capabilities of the business.

Realistically, the only feasible, long term option is to go to service providers that focus on providing such solutions, full time, all day, every day, and who can provide higher quality services and solutions at a fraction of the cost, time and energy that it would take internal IT organizations to do so. The reason is because these Service Providers are experts and can offer economies of scale that an enterprise will never be able to achieve on its own. This is exactly what is making options like the SaaS market so attractive these days.

Why do businesses bypass IT and go to SaaS providers? Because they can.

My Best,

Frank Guerino, CEO
TraverseIT

This is not a simple topic by any means. There are too many variables to take into account. Certain companies have a higher level of technical knowledge in their workforce, others have very little. Also, the line of business has a significant impact on such decisions. Financial institutions have many regulatory issues to deal with. Therefore allowing their users to bring their personal technology could cause a compliance issue.

Also, software licensing can be a significant legal liability. Certain software is license for personal use only and it is not maintained and patch with the same diligence as some enterprise level software.
System configurations can become a huge problem. No user can be expected to be an expert for all the applications installed in a system. Take a look at the list of processes running on systems sold by retail stores. Without taking a fair amount of time to go and research the list, you can't possibly know what it is needed and what is not.

Custom application troubleshooting could be a nightmare without limited standard OS build.

Yes, many enterprises can not keep up with technology and it is becoming a problem. However, there are many considerations that must be assessed based on their risk/benefit factors for any business/enterprise.

"You're fired", is the short answer to hint of diversity. Quote, "CEO, Heads, Mis-Managers"
Keep your heads in the sand, Heads of IT, CEO's and "You'll be fired". The sands of time are ticking.
Now that you are fired up, listen up.
Many heads are more knowledgeable, more informed, about more technology than any single selected lone star CEO, limited by 24/7.
Why hire hundreds and restrict capability to one star 24/7.
Hundreds times 24/7 equals hundreds of times the capability of a single self appointed star.
About employees - use them or loose them.
Respect their full capability and encourage diversity. Go suck up your gut, Mr. CEO and find a way to reward highly motivated employees.

Mr It manager makes a point - Mr Guerino advertises the niceties of his business but did not address the IT Managers points at all (free advertisement?).The securitie concerned makes a point as well and cornstove sounds drunk!. Well..... here it is.
IT policies must be adhered to for the sake of security, BUT the IT group really needs to stay on top of their game or users will go rogue and bring in their own technologie, in a "tech" companie. Regular companies (non techie employees) do not have alot of these issues because they really are not involved enough (robots). So the real issue is, how does the corporation in the tech field let their IT group make the best of what they have? its simple, one phrase.
Train your staff on company time. It is an investment, but it will pay back big time, SAAS companies only want that service contract signed so they can under deliver what they over promised anyway. Thats how they make their profit. In IT what you dont know will bite you in the backside.

IT Manager makes a good point that managers need to manage their employees. Sometimes that means they need to become smart on other areas that directly impact the company (and potentially it's profitability or liability). When managers at any level abdicate that responsibility, they need to be brought to their own managers (CIO, CFO, CEO or whoever they report to) for a little management of their own. Security Concerned brings up a very valid licensing point that users bringing their own hardware and software into the business environment need to be held accountable for not only licensing liability, but the security concerns of the network. (When was the last time one of your star salespeople cancelled or rescheduled a client visit because it's Patch Tuesday and you can't work on the network until your personal system has completed the latest SP or HotFixes?) Finally, Frank, I think you miss on one point; that being that enterprises are basically the only ones who ARE capable of providing the IT economies of scale that make internal solutions possibly equal to outsourcing, but even that is a stretch and most organizations cannot. Cornstoves...all I can say is, HUH??

IT Manager has it right and Mr Guerino isn't exactly an independent reviewer.

Even if one uses SaaS, users still must access that service, usually over the Internet and with a PC of some sort. Given the number of direct exploits available to "hackers" and the problems users can run into with various incompatibilities (like version of JVM), there's still a place for IT, whether in- or out-sourced. In addition, SaaS cannot be expected to provide those capabilities which are significant competitive advantages to a business.

Yes, there ARE some applications which are unique and make a business a better performer than its competitors. IT is not all generic like MS Office / Star Office / Google apps and services like SalesForce don't do everything a business needs. Would Coke give its secret recipe to an outsourced bottler-as-a-service provider? Would Coke want its employees accessing the secret formula from a personal PC that's been compromised by a keylogger from a SaaS site?

"The sands of time are ticking."

It is clock not sand that is ticking.

"Now that you are fired up, listen up."

When somebody is fired there is no need for him to listen up to anybody.

There are no easy, one-size fits all answers here. There is an inherent tension between flexibity and speed on the one hand and centralized control (and usually cost efficiencies) on the other.

But it seems to me that one part of the solution .. well maybe "influence in the organizationally wise direction" ... is Service Level Agreements and incentive-laden chargeback rates for support, esp. IT support for things that guerilla IT efforts break.

Simplistic example: IT to organizational mgr:

"You may allow your cost center's employees to install s/w on their company PCs if you want. But if anything breaks, your cost center will be charged $100 / hr to debug and fix. Furthermore, we work these problems on a first-in, first-out basis, using X-amount of resources that the organization budgets us to have. If your guy chumps up the PC he has to have to do his job, and the look-at-it queue is a week, your guy may be unable to do his work for a week. That would be your problem, not ours, since you would have decided to accept that risk. Also, if your people doing their own things impact other departments' activities or revenues, your cost center may be charged for their recovery efforts or lost revenues."

"If you would like to permanently fund an FTE or two's worth of PC support that would be dedicated to first-level responses to your department, we can help you set that up. But understand that the IT field is very wide, and there will be problems that have to be referred to someone other than your dedicated FTE, and we cannot guarantee you will get immediate priority attention when that happens."

"On the other hand, if you want us to be accountable for the uptime of your systems/PCs, here are the required enterprise guidelines and procedures you must adhere to in order to get 'free support.'"

"Ball's in your court, Mr/Mz Dept'l Manager ... how would you like to proceed ? "

Bear in mind that you cannot be too heavy-handed with this approach, because if the prices are too high you incentivize every part of the organization to set up its own little IT shops, which makes long-range strategic enterprise coordination and planning of IT efforts much more difficult. But one of the root causes of outbreaks of guerilla IT is a perception by user-depts that they're not seeing the benefit of centralized controlled IT ... it's not working for them, or at least they don't understand/ appreciate the value and benefit they're getting from the formal centralized function.

In other words, the corporate IT people may think there's a great benefit from centralization, but the main business-side managers who pay the bills may not agree. Being a hard-headed "IT Nazi" in that situation is unlikely to be the road to long-term success.

Doug D
Florida

Gee Frank.

SaaS sounds like it is the perfect solution to everything.

However, maybe you should look at this article by John Dvorak on PC Mag.

http://www.pcmag.com/article2/0,1895,2176192,00.asp

In my experience as a user, IT departments exhibit two major attributes:
1) They forget who generates the revenue, IT departments are supposed to be a "Service Organization" that enables the frontline users to be effective, efficient, and generate revenue. The typical IT department seems to think that it is the center of the world.
2) IT departments tend to propose "Cookie Cutter" approaches to everything because it makes their job easier. If their "Solution" doesn't fit the requirement, they tell you to change the requirement.

I work on a ski resort. I seriously doubt I'm going to run my ticketing, Food&Bev or lodging applications as a 3rd party service. SaaS isn't an option in many cases. We have certain aspects of IT outsourced, spam filtering through postini for instance, but the majority need to be in house.

We process credit cards over the internet. If an employee brings in their home laptop with a heavy DoS style virus on it, then we can't process credit cards. That equals loss of revenue.

There's real issues that your average employee is clueless about.

The statistic that 50% of employees feel they have more advanced personal technology is very misleading in my mind. Maybe, the new pc they have at home is more advanced, but they're connecting that pc to their home network on a cheesy 4 port d-link router, with maybe an external hard drive for backup.

We're a relatively small operation, but we still have over 50 servers, 2 SANs, 4000 network ports, 700 connected network devices. And 6 people to manage it. When we don't control things, bad things happen.

The idea that the end user should be allowed to connect whatever they want is not realistic. Thankfully there are more technologies out there to help us restrict this type of activity. IDM, 802.1x etc..

For Mr. SAAS Frank,

I have just been on the implementation end of several SAAS initiatives, and they are overrated. The "Service" part isn't there. They get you hooked on a piece of software, then charge you through the nose to make the minor modifications necessary for YOUR business.

I'm sure it's a great model for you, but I'll stick with our homegrown stuff that works and is supported.

Interesting article and debate.
As outsourced IT for a number of companies, we are looked at to be the "authority" on all things tech. Now that being said, ultimately it is always the A and B level executives who make the final call for policy. Our job as "experts" is to present a plan/roadmap they can see value in. After a few times of getting burned by ignoring early adoption of IM and web usage policies, they start to listen. (Spyware clean up of a reception computer costs the same as cleaning the boss's laptop, sometimes more.) Once you have their ear then you can get management to start acting like the adults in the employee daycare.

While new tech is very cool, not all of it belongs in a business environment. And you would be amazed at how quickly people start leaving their toys at home when a policy of checking a device in with IT is implemented. Something like - Computing/communication machines used in the proximity of the business network will be secured and sanitized regularly by IT and only used for business purposes of the company. (Remember computers are tools like hammers and screwdrivers) That means sure you can bring in your Wireless AP, but IT will secure it & password manage it. Employees are guests of a network, not owners of the network with personal rights to make access policies for it affecting everyone.
Although I personally now despise Apple products as cost/value negative, if some B grade insists on bringing his/her i-phone into the building, IT will have to give it a clean bill of health every day, and connection of it to any internal AP of the company should be grounds for immediate termination. It is just too big of a bundle of security holes to allow near a non-sacrificial network. (It's internal "features" have been compromised to the hardware level in less than 3 weeks. A few Black hats say 50 updates are a good start but they still have a "legion" of back door holes they can drive through.)
It's a good example of hip/stylish tech that although is pretty, it's current business dangers outweigh the "cool" factor. Now the adults must tell the kids to leave the the stove alone because they will probably get burned or start a fire.
I'm really not trying to invoke the Apple religious fanatics here, it is just the best example I could think of regarding brand new, unproven personal technology being brought to work regardless of risk, just because it is "pretty" or "cool." Now can we keep the execs acting like responible adults or will they revert to acting like children who didn't get a certain toy on their birthday.

What about the privacy issues? Does the laptop owner still have to provide access to the boss on demand as they do in case of a company owned PC?

When an employee leaves, can the company format the drive?

here here to Aaron.
the fact is, that IT should be saying no to some things that do not belong in business.
20 years in this business tells me that there is more like 5 - 10 % of users who have a clue.
the rest need to be managed as well as their equipment if it is to remain up and running.

this article is nothing more than a troll
to the age old question about the validity
of an in house it dept. some businesses need one, others do not. it is more of a case by case basis
dependant on their needs. When things break as they do, where is the money best spent, an outside company at 150.00 an hour ? how many people are affected by the downtime, 3 to 5 or 5000 ?

While I would like to think that most IT depts operate properly with quality service goals as the objective, there are likely to be equally as many poorly managed IT depts as there are poorly managed businesses.

cut costs if you will, but be careful not to shoot yourself in the foot...