How many of your colleagues quietly violate corporate policies by using apps that aren’t sanctioned by your company to accomplish their everyday responsibilities?
Nick Jones, vice president and distinguished analyst at Gartner, estimates that “Over 90% of knowledge workers who own a personal smartphone or tablet use third-party apps for work-related tasks.”
Google Spreadsheets. Evernote. Image editing tools. These are just a few examples of the “bring your own app” (BYOA) trend that’s helping employees perform their jobs more efficiently. Another trend is “develop your own app” (DYOA). Mr. Jones noted that this is becoming more common as power users or citizen developers, whose primary job isn’t application development, create their own apps — from spreadsheet macros to apps created using lightweight mobile development tools — to support their work.
Opportunities and risks
This new status quo can unlock productivity and opportunity. But it can also create myriad risks for businesses, said Mr. Jones. Among the risks: “Workers may use apps from untrusted sources, which may share business information. Inexperienced developers may create bugs or behaviors that affect the business — for example, flooding systems with requests.”
Strategies for the make your own app/bring your own app trend
CIOs and IT leaders can’t expect to completely control the groundswell shift toward BYOA and DYOA, said Mr. Jones. He emphasized that they can and should have a plan to manage it. His advice is to:
Establish a culture of individual responsibility: Trying to block BYOA and DYOA will be likely to drive employees to be more secretive about unsanctioned behavior. This will make it more difficult to understand and manage the risks. Position the IT organization as advisers for responsible behavior, and consider tools that make responsible behavior easier to achieve. Also ensure that employees understand that BYOA and DYOA risks will be monitored.
Define guidelines and educate staff: Establish a BYO program framework. It should define guidelines that describe what types of information should never go outside corporate control, and define sanctions if rules are broken. Create policies for the IT help desk to handle questions regarding BYOA and DYOA. You’ll also want to develop a citizen developer program that includes sanctioned tools and training.
Monitor and control what you can: No monitoring or control tools will be completely adequate. To understand the scope of BYOA and DYOA activity, establish a guest Wi-Fi network, which provides an opportunity for monitoring. Network packet monitoring and cloud access security broker (CASB) tools can help monitor devices, while enterprise mobile management (EMM) tools can help manage and audit devices. Create and publish blacklists of apps that you identify as risky.