September 4, 2014 Leave a comment
Recent research publications do suggest there is an increase in the number of employees using their own applications for work purposes. With so many publications discussing the ‘bring your own applications’ phenomenon but with many of them lacking any new insight or substance, it is no wonder that technologists and non-technologists alike look at the industry and find it befuddling.
Whilst the antecedent of ‘BYO’ suggests that BYOA will originate from an employee, the concept is not entirely new. Business units (mainly in financial services and institutions) have always devised ways of meeting their own business requirements by creating applications e.g. MS Excel add-ins, add-ons to vendor supplied applications etc. A recent publication suggests that 70% of organisations already have applications brought into the enterprise by employees. Although the publication does not provide information on the number (volume) of employee owned applications as a percentage of total number of applications deployed in enterprises, it is not uncommon to come across up to 25% of applications within organisations that are not supported by the Technology function. Such applications are owned by either the business units or the employees, and mainly installed by the employees. The scenario is commonly encountered during operating system migration projects (it is the only time the Technology function sometimes does a total and end-to-end software inventory and audit of applications in use).
With the impending growth in BYOA according to research carried out by LogMeIn, organisations must think through the potential challenges BYOA will introduce and provide a governance framework and structure to manage the adoption of BYOA in their organisations.
Some of those challenges and questions that arise as a result of this phenomenon are discussed below:
- Fragmentation and Data Integrity. When multiple users bring their own applications to work in order to process the same set of data, how would it affect data integrity? What is the impact of multiple applications on the defined business processes? How do other users within those business units who continue to use an application provided by the business access data contained in the user owned application? Will the data be shareable?
- Security. Despite the application being owned by the user (it does not matter if it is a vendor supplied or user created) the same security considerations and governance framework you adhere to when procuring software should be adhered to. You do not want to wait until after a security incident to find out that the user owned application is a malware.
- Support Cost. There must be an agreement with the user on how the cost of supporting the application will be handled. Who will pay for upgrades? Is the application still supported by the vendor? Does the user have a support contract with the vendor?
- Process Deviation. Will the introduction of the application cause a deviation in the business process? How will this deviation affect other stakeholders?
- Licensing. Are there specific terms and conditions in the licensing agreement prohibiting the use of the application for business purposes? Is it a single user, single device license?
- Disaster Recovery / Business Continuity. Is the source media for the application available in the organisations’ software catalogue (it might be required to be re-installed in an emergency)?
- Criticality of Service. The criticality of the associated processes needs to be defined. All interfaces into business processes that form part of a critical service need to be known and if a user owned application is being utilised to undertake any task, it is time to re-evaluate the user and business requirement.
These trends – consumerisation and prosumerisation will not go away; in fact some say it is unstoppable. The technology savvy generation (generations Y and Z) are in the workplace and technologists cannot ignore their demands. Generation Z will even be more demanding than the generation before them. Technology service providers within organisations have to be forward thinking and become value adding partners to the business. This entails proactivity; it is time we loosen the shackles we impose on the business in their drive for consumerisation and prosumerisation. Technologists in organisations also have to embrace the advisory function in order to remain relevant otherwise employees will continue to bypass them when procuring services (applications).
 CIO. 2013. Bring your own applications. [ONLINE] Available at: http://www.cio.co.uk/insight/devices/bring-your-own-applications/. [Accessed 04 September 14].
 TechRadar. 2013. ‘Bring Your Own App’: risks and solutions. [ONLINE] Available at:http://www.techradar.com/news/internet/policies-protocols/-bring-your-own-app-risks-and-solutions-1162372. [Accessed 04 September 14].