“What happens when an irresistible force meets an immovable object?” I was a teenager when I first heard this question. It was an interesting thought exercise at the time, but the practical application in business is more about two forces that go in different directions. For an example, look no farther than when an IT leader sees things differently than a business leader.
This typically crops up when a business leader wants something new or different and the IT leader feels like it couldn’t or shouldn’t be done (or at least not in the way the business leader wanted). Both leaders were driving toward specific objectives which didn’t align. This story still happens today, but one of the places it comes up the most is with mobility decisions.
Mobility is a no-brainer from the business side. Between experiencing the power of consumer solutions first hand and recognizing the impact of being able to take business actions at any time and place, business leaders know that preventing mobile work is crippling.
What does it look like from an IT side? IT organizations live under constant pressure to support existing applications while delivering new capabilities and keeping costs down. At least one industry survey has shown many of the first apps companies build cost them hundreds of thousands of dollars. Even though cost is such a substantial element, security remains the largest opposing force from IT.
Why is security the largest “irresistible” force pushing back against business value? It’s a combination of complexity, pace of change and difficulty in assessing risk. Enterprise security is inherently complex. Big companies have IT environments with many systems and possibly different kinds of authentication. Global companies deal with varying laws around privacy, data retention, etc. Companies in specific vertical industries like finance have specific regulations as well. The modern IT security leader has to take into account this entire picture and try to weigh the impact of any particular change or addition.
The problem is further complicated by the incredible rate of change in technology. Cloud-based systems have emerged and rapidly matured over the last few years. Mobile phones and platforms have been updating at a tremendous pace. And threats continue to evolve as well: new attacks and attackers show up in news stories every week.
No is Not an Option
Given both the complexity of the problem and the rate of change, it’s extremely difficult to assess the risk. At the upper end of the risk spectrum, data breaches have cost executive jobs or shut down whole companies. On the other hand, most companies already provide mobile access for many capabilities. It’s hard to imagine a modern company that doesn’t have some kind of mobile email solution for example. But when your job as a security officer is to mitigate risk, most of the time you’ll probably err on the side of seeing the high risk outcome.
So given the nearly immovable object of security objections, how are companies making progress on enterprise mobility? The most successful ones match their starting use cases with their risk tolerance. If accessing financial systems looks too risky as the first thing to try, possibly distributing company news or entering vacation requests makes more sense as a first step.
They try small experiments with limited numbers of users and simple activities. Companies in more risk-averse sectors may often look to see successfully implemented use cases from other companies first. This process of letting others blaze trails is one that many have used for other technologies.
When looking at the two irresistible forces of enterprise mobility, it’s worth pointing out the compelling push that business value provides. In our current global market, having your workers be happy and productive is critical to competing. The risk that you get out-innovated and out-performed by more nimble competitors has never been greater.
So while you may not see all the business and IT leaders flying in formation like the Blue Angels, everyone is aware that just saying “no” to enterprise mobility is not an option. Bigger and more risk-averse companies are taking careful steps, but they are following in the footsteps of companies who are starting to sprint. 2015 may be the year that the majority of companies realize they need to align their forces, or risk being left behind.