Your Employees Are Consumers Too: Enterprise IT and Consumer Applications

Ben Worthen at CIO magazine has been blogging about “consumer applications” in enterprise settings since at least last spring (see “I’m violating our corporate email policy . . . and I love it!” for an early example).

Now in the October 15th print edition, his colleague Susannah Patton has put together an examination of a number of cases in “Consumer Appeal.”

Basically the article outlines the challenge corporate CIOs face in responding to consumer-driven technologies being brought into the workplace:

Not long ago, corporations were on the leading edge of technology adoption, providing employees with better equipment and software than they could purchase on their own. Now, however, consumer applications are easy and fun to use, and often free; in many cases, they also work better than corporate software. And the tables have turned on CIOs, as employees download software from the Internet, bring their handheld devices to the office and merge their home computing life with work.

Rather than trying to “hold the line” and keep such consumer applications out of the workplace, Patton lists five specific technologies which can have business benefit “if you manage them well.”

  1. Social Networking Software (MySpace, Facebook, LinkedIn,, Flickr are the consumer examples; Contact Networks and Visible Path are the corporate examples)
  2. Skype (interesting that Skype has really become eponymous – this is the only category in which the application is the name of the category)
  3. Desktop search (Google, MSN, Yahoo all have desktop search tools)
  4. Handheld Devices (PDAs, iPods, SmartPhones, etc)
  5. Mashups (examples are, and “the combination of Google Maps and . . .” – not sure if she means this one)

There are a few places in the article where the finer points get muddled.

One is the assertion that “Mashups are less complex, and developers concern themselves less about complying with technical standards because the applications are browser based,” which Patton attributes to Dion Hinchcliffe.

Developers of mashups don’t have to worry about complying with technical standards? Anything that is browser based can ignore technical standards? In my experience mashup developers are all about standards, since it is standards adherence which make mashups possible.

(My guess is that Hinchcliffe was making a contrast between the whole WS-* set of standards versus more lightweight APIs and that it just didn’t come out well in context or in translation to the article).

Another misstep is when Patton writes that “some mashups that use Ajax scripts . . . expose their code in the browser,” creating a security risk – not perhaps recognizing that all JavaScript code is “exposed” in the browser, since that’s where it runs.

(Of course, recognizing this fact is critical to developing Ajax applications which don’t, in the process, reveal more about the server-side security infrastructure or business logic than they need to, and don’t trust any input from the client. It’s just as possible to develop insecure Ajax applications as it is to develop insecure Web applications).

Despite these oversimplifications, though, the article is a whole is right on target in its conclusion: consumer applications are coming into your enterprise, and your best bet is to try to understand and manage, rather than just resist, their intrusion.

After all, the end users are interested in these technologies because these technologies help them get work done. It’s understandable that CIOs worry about proliferation of different applications, security risks, and potential exposure – but they need to do so in a context of full knowledge and understanding of the applications in question.