Why Don’t We Change?

In July, Ashton Kutcher attempted to start a dialogue about gender equality in the workplace and was roundly savaged for his trouble:

“This is grossly offensive”, noted one person.
Joelle Emerson, the founder and CEO of Paradigm tweeted, “Yikes. These are definitely *not* the right questions. Most rely on flawed assumptions and perpetuate problematic myths.”
Someone else commented, “Aston [sic], you embarrass yourself for a very good reason. Your questions tell me more (again) about how you perceive women, not how women are! Please pull together the correct questions, and a dialogue that deals with the issue, instead of reiterating the sexist view in the workplace will begin to heal us.”

While not addressing the specifics of Kutcher’s comments, I’m troubled by the fact that people are permitted less and less to posit ideas or do new things without being trashed for their trouble. One of the fundamental rules I learned many years ago about brainstorming sessions — the goal of which is to foster an environment in which people are encouraged to present ideas to help solve problems — is never to criticize ideas as they’re presented. It’s fine to present alternative or contradictory ideas, but criticizing the brainstormer is antithetical to the ultimate goal of solving the problem because it discourages people from trying to be innovative. Sadly, in our hyper-politically correct environment, we are moving ever further away from the ideal of encouraging people to be innovative or disrupting the status quo. And without that kind of disruption and a culture that supports it, we just can’t solve our problems.

This is also the case for ideas in the workplace that have nothing to do with third-rail issues like politics, gender equality or immigration. Early in my career I did not have a computer on my desk and didn’t have email (the dinosaurs had just recently gone extinct and we just weren’t as technologically savvy in those days). The first company (a leading market research and consulting firm) I worked for out of university used a Wang word processing system and we were expected to dictate our reports into a handheld recorder, hand the tapes to the word processing staff, and wait for the printouts to appear on our desks. When I opted to do my own word processing, I was severely criticized by not only the word processing staff, but even made the company president quite upset. Two years later, all of the analyst staff were expected to do their own word processing.

If you’re a change agent, and if Vendor X is firmly entrenched in your enterprise and you suggest migrating to Vendor Y that offers a better user experience, you might be shut down without getting a hearing about the merits of your suggestion. Perhaps you want to deploy a social network that allows people to share information with the goal of increasing employee engagement, but management believes that people surfing the web and sharing articles with others is a waste of time — be prepared for a rough ride in many organizations. The good news for change agents in those types of organizations is that you probably won’t be working for that company for very long.

The bottom line is that we need to be open to new ideas, be polite to those who share them, and be willing to change. Innovative people and companies do that — those who orbit the status quo don’t.

BYOD OK?

We have recently completed a survey of IT decision makers that are knowledgeable about security issues in their organizations, and we found something surprising: the concern about “shadow IT” — employee use of unauthorized cloud apps or services — is significantly lower in this year’s survey than it was just over a year ago. While there can be variability between surveys because of sampling and other issues, the difference we found is not explained by sampling variability, but instead represents a significant shift of concern away from the problem of shadow IT and BYOD/C/A (Bring Your Own Devices/Cloud/Applications).

Why?

Three theories:

First, we have not seen big, headline-grabbing data breaches result from the use of personally owned smartphones, tablets, laptops and other employee-owned and managed devices, cloud applications and mobile applications. While these breaches occur and clearly are a problem, the horror stories that were anticipated from the use of these devices have been few and far between.

Second, senior management — both in IT and in lines of business — have seemingly acquiesced to the notion of employees using their own devices. They realize that stopping employees from using their own devices to access work-related resources is a bit like controlling ocean surf with a broom.

Third, there are some advantages that businesses can realize from employees using their own devices. While lower business costs are an important advantage because IT doesn’t have to purchase devices for some employees, another important benefit is that IT doesn’t have to manage them either. For example, when an employee leaves a company and company-supplied devices need to be deactivated, some organizations aren’t exactly sure who’s responsible for doing so — IT, the employee’s manager, HR or someone else. A survey we conducted some time back asked, “when an employee who had a company-supplied mobile phone leaves your employment, how confident are you that you are not still paying for their mobile service?” We found that only 43 percent of respondents were “completely confident” that the mobile service was deactivated, and 11 percent either were “not really sure” or just didn’t know. Employees using their own devices and plans gets around this problem nicely.

To be sure, unfettered and unmanaged use of employee devices in the workplace is not a good idea. It can lead to a number of problems, such as the inability for IT to know where all of a company’s data is stored, the inability to properly archive that data, the inability to produce all of it during an eDiscovery effort or a regulatory audit, lots of duplicate data, a failure to establish an authoritative record for corporate data, a greater likelihood of data breaches if a device is lost, and the potential for not being able to satisfy regulatory obligations.

That last point is particularly important, especially in the context of the European Union’s General Data Protection Regulation (GDPR). A key element of the GDPR is a data subject’s “right to be forgotten”, which translates to a data holder’s obligation to find and expunge all data it has on a data subject. If an organization cannot first determine all of the data it holds on a data subject and then cannot find all of that data, it runs the risk of violating the GDPR and can pay an enormous penalty as a result.

In short, BYOD/C/A offers a number of important advantages, but it carries with it some serious risks and should be addressed as a high priority issue in any organization.

You Need to Archive Mobile Text Messages

Osterman Research has found that roughly one-third of the typical information worker’s day is spent working on a mobile device, and an even greater proportion of work-related content is accessed using mobile devices. The impetus for the growing use of mobile devices is driven by a number of factors, although the use of personally owned devices is a key factor in their adoption in the workplace. As shown in the following figure, the use of company-owned and personally-owned smartphones is on the increase.

The use of messaging applications on mobile devices, such as email and SMS/text messaging, are among the most common applications of mobile devices in the workplace. The vast majority of users who employ a smartphone for work-related uses employ some type of messaging-related application on a regular basis.

There are a number of difficulties associated with the archival of text messaging content. For example:

Text messages sent using telecom carriers are often retained only for brief periods, and so these providers cannot be relied upon a source of archived text messages for long periods.
Since some companies operate in multiple countries using carriers that often do not provide any sort of text messaging archival service, enterprises often employ different methods to archive text messages, such as doing a physical backup of a device.
Further complicating the archival of text messages is the lack of commonality for archiving content depending on the device in use. Some solutions pull content directly from the server (e.g., with the BlackBerry Enterprise Server), while others install an app on the mobile device that transmits text messages to the archive. Other tools, such as SMS Backup+ for Android devices, will move text messages into a user’s Gmail account where they can be backed up or archived indirectly.

The bottom line is that organizations using various and inconsistent methods for archival of text messages makes the process inefficient, expensive and prone to error. The result can be incomplete archives of text messages and the consequences that go along with this level of inconsistency. Therefore, it’s essential to choose the right vendor that can provide a consistent and unified method for text message archival.

We have recently published a white paper on text messaging archiving that you can download here.