I was on the BBC's website the other day, gettin' my intellectual on, when I came across an article about spying on the U.S. military.
The gist of the story: Government officials should assume that foreign spies have infiltrated military networks so thoroughly that they shouldn't even try to stop them. The key line: "Cyberdefence should be about protecting data, not controlling access."
If that sounds familiar, it's because that same advice applies to the consumerization of IT. Jack touched on that in his story about mobile data management last week, and I covered the focus on data, not devices at Interop last fall. Cyber-espionage and consumerization are seemingly as far apart on the technology spectrum as you can get, but they have more in common than you may think.
For example, the BBC article says the military "drowned under the weight of maintaining its network defences," which include 15,000 networks and 7 million devices. Of course, very few businesses are that large, but most are having similar trouble as more users bring their personal smartphones and tablets to work. And while nuclear war won't break out if your consumerization efforts fail, they're still important. Every company has sensitive information that could be dangerous in the wrong hands.
There is one important distinction, however: For the military, the enemies are foreign governments that want to exploit American intelligence for their own gain. For enterprise IT, the enemies aren't really enemies at all. They're users who just want to do their work more efficiently.
The military, with all its classified documents and retina-scanning systems and other cool stuff I learned about from watching "NCIS," can afford to be super restrictive in how it secures its data. But if corporate IT takes the same approach, one of two things will happen: Users will either find ways to get around IT, likely in a less secure way, or they won't be able to get their jobs done. Neither outcome is good for IT, users or the company as a whole.