Anyone skeptical of the impact that the Echo Boom Generation will have on the way applications are used in the workplace need only look at the proliferation of instant messaging (IM) now in the workplace. This technology, still officially banned from many corporate networks, is a product of a global youth trend that started out as a fad. Instant messaging is merely the first of a wave of technologies that will be forced into the corporate IT environment by this maturing generation. Every enterprise IT user is also an IT consumer in their personal life. Our experiences in using products and services as private consumers create expectations that we bring to the workplace.
The development of consumer technology has been catching up with the corporate and government markets and is, in some cases, overtaking them. In recent years, a significant milestone has been reached where now over half of all semi-conductors produced are destined for consumer markets. Today, we are more likely to encounter new technological advances in our private lives than at work. For technology-savvy users, home computing environments are likely to be more powerful than what is available at the office. At the same time, consumers are becoming comfortable with using Web services, such as online banking. The high level of flexibility and responsiveness they receive using these Web services set the users' expectations, and they contrast them with the services they receive from their corporate IT department. This trend is amplified by a new generation that is starting to enter the workforce. The Echo Boom generation is a significant factor, due to both the sheer size of this generation, and their life-long experience with digital technology, instinctively using it at school and at home. The Echo Boom generation of workers will expect to bring these technologies to the workplace, to complete their job assignments. The resulting proliferation of applications and devices (often consumer grade) will be yet another force moving the consumption of applications further away from the controlled environment, posing additional challenges for those responsible for delivering applications. The following sections analyze the characteristics of these Echo Boomers, and the resulting consumerization of IT.
The Echo Boom Generation and Digital Natives
Demographers use the term Echo Boomers to describe the generational group born between circa 1982 and 1995. The name indicates that this generation comprises the children of the Baby Boomer generation, who were born between 1940 and 1966. Echo Boomers are also a sub-group of Generation Y. The Echo Boom Generation will have a strong influence in demographics due to their large size that is the result of the first increase in birth-rates in Western countries since the early 1960s.
The connection of this generation to the concept of consumerization is in the way they use digital resources. Born and raised during the digital technology boom, these Echo Boomers, or digital natives, have grown up surrounded by technology and, as a result, they use it instinctively. In contrast, digital immigrants are those people from preceding generations that, over time, became accustomed to the increasing use of technology at work and then at home. While all generational groups now in the workforce are embracing technology, the younger generations have technology embedded deep into their lifestyles. A key characteristic of the Echo Boom Generation is their need for personalization and personal control. This manifests in the way they work---digital natives resist being told how to accomplish a task. They would rather be told what to achieve, and then be left to their own devices to accomplish that goal. They also tend to collaborate within and across organizational groups more than other generations of workers. Departmental structures have less meaning to them, and they tend to form ad-hoc virtual teams based on skills rather than assigned responsibilities. Further, their experience in college gives them the expectation that, after they join the workforce, they should be able to connect to their friends during business hours. There are reports of college graduates actually turning down job offers if they find out that the employer has a policy restricting social phone calls and instant messaging.
The Consumerization of IT
Then growing use of consumer grade products within the workplace is known as the consumerization of IT. Instant messaging is just one of the many consumer products and services working their way into the office, or indirectly placing pressure on IT infrastructure and policies. Some of the other prominent examples are:
- Collaboration and social computing. Technologies allowing collaboration across disparate groups, such as blogs, wikis, and social networking sites (for example, MySpace and LinkedIn), are being used within and across organizations. The unmonitored use of these collaboration tools can raise security issues; for example, the threat of competitors gaining access to important corporate information over the Internet, such as through employee blogs.
- Multimedia and e-mail. The increasing use of multimedia in business, such as CTO Office podcasts and the Citrix YouDeliver initiative, means that e-mail inboxes and attachment size limits are outdated. Employees are increasingly resorting to using their personal Web-based e-mail, such as Gmail, for business use, often in violation of corporate IT rules.
- Online gaming. Massively Multi-user Online Games (MMOG), such as Second Life, that allow users to interact in a virtual world through avatars, or digital representations of the user, are already being used by some corporations to promote workplace collaboration across geographical boundaries.
- Social grids. Users are now donating their unused processing power to contribute to established social grids that search for solutions that benefit humanity; for example, the World Community Grid, sponsored by IBM and other corporations.
The Impact of Echo Boomers on Application Delivery
The consumerization of IT that is accelerated by Echo Boomers entering the workforce puts various pressures on corporate IT departments. These pressures are exerted by the evolving user expectations, due to increased comfort levels and the satisfaction of using consumer technologies. Often, today's users do not wait for their IT departments to approve new products before they bring them into the corporate network environment. The security implications of maintaining large numbers of unmanaged end-user devices, and the use of uncontrolled Web-based applications are significant. This trend results in higher consumer expectations, increased security requirements, and competing needs of users and IT departments.
Higher Consumer Expectations
Unlike the corporate IT department, consumer vendors owe their survival to the continuing satisfaction and enthusiasm of their customers. While brand loyalty is not as strong as it used to be, a positive experience with a branded products does influence re-purchase intentions. Web service vendors must constantly tweak their sites to deliver optimal performance and user experience. With time becoming more precious than money, today's retail Web site users will not wait more than a few seconds for a Web page to load, and they expect to be able to complete a transaction in less than 45 seconds. Personalization is popular with the younger generation who are less likely to follow a particular mass fashion like previous generations did. The enormous range of user interface skins for mobile devices, such as phones and MP3 players, demonstrate this trend. This same approach is taken with the computer desktop, which can include a combination of PC and Web-based applications with personal data living in multiple locations. The use of a particular vendor's word processor does not dictate that the same vendor's Web browser or media player will also be used. The main criterion for a user's choice is often the personal fit when using a tool for a task. IT departments are geared towards large scale, and therefore long-term, infrastructure projects that inhibit their ability to respond to accelerating clamor from their user base, to support each user's preferred personal productivity tools. Rather than wait for the IT department to satisfy their expectations at work, users are bringing their consumer-grade products into the workplace as tools to help them complete their projects. Increased Security Requirements
The security impact from consumerization comes in two main forms---threats to the corporate IT environment through unmanaged endpoints, and threats to corporate intellectual property through the inappropriate sharing of company information via social networking Web sites. The threat of an unmanaged endpoint infecting the corporate network with a software virus or other malware attack is increased when workers are allowed to use their own technology to connect to the corporate LAN. Unlike the datacenter, the office cannot be fully secured to prevent users from bringing in their own laptops, PCs, or other personal devices. Further, many users are given the facility to connect to corporate IT assets from home, often using their own PCs. While many IT departments are able to detect unsecure endpoints and, in some cases, quickly provide rectification, this reactive approach is not an ideal method for delivering applications. In earlier and simpler times, a company's intellectual property was relatively secure, except in the rare cases of industrial espionage from inadvertent disclosure when employees from different organizations met during social occasions. Even when this occurred, the impact was generally limited, because the disclosure was verbal and between individuals. Today, with social Web collaboration tools, the impact can be large and long-term, as the information is in writing and available to a global audience. For example, there have been reports of targeted trawling of social computing and blog Web sites to identify sensitive competitive information about organizations.
Competing Needs of Users and IT
An IT department's priority is to maintain stability, security, and control over the enterprise IT infrastructure. Therefore, there is an inherent clash between consumerization and IT. Multitudes of product combinations increase the number of incidents and support calls, and require IT personnel to continually broaden their product knowledge and expertise. Many consumer-grade products do not have the security levels required for the workplace, creating potential security gaps. The high expectations of users and the inability of IT to respond quickly are placing considerable pressure on the IT department. Most analysts believe that the simple weight of numbers behind consumerization means that a partial capitulation of IT department control is inevitable. However, it is not likely that the need for some level of control will ever disappear. Core applications for critical business functions, such as ERP, CRM, and finance, will always need to be properly secured and managed to meet enterprise SLAs.
The Benefits of Consumerization to App Delivery
Despite the pressures that consumerization places on security and stability of application delivery, there are benefits to the business. At a macro-economic level, the growth of the consumer technology market has created economies of scale, allowing for the mass-production of components that are used both in consumer and corporate products. The Echo Boom Generation's familiarity with technology helps reduce the amount of support calls received for trivial problems, because these workers are able to troubleshoot and resolve the problems without assistance. The Echo Boomers, if they are allowed to use their well-developed, personalized methods and technologies, may be more productive and innovative than previous generations. They are also more likely to use self-service capabilities, when available, to meet their own IT needs, such as to provision applications or to log a service request.
Best Practices for App Delivery to Echo Boomers
The key objective for application delivery professionals in addressing this trend should be to implement strategies that enable the organization to support consumerization, while maintaining control over the applications that are core to the business. This can be achieved by implementing the following best practices, as appropriate. De-perimeterize the Network
This means moving the traditional security perimeter away from the outside edge of the corporate network so that it surrounds only the core IT infrastructure in the datacenter. By removing the perimeter from the network, IT demonstrates its understanding that a network is secure only when physical access to the core IT infrastructure is controlled. Central to this practice are access control technologies that interrogate every endpoint that attempts to connect to the corporate network, and determine the most appropriate level of access for each endpoint.
Criteria that should be used in this interrogation process should include:
- An appropriate level of anti-virus protection
- Device ownership - corporate or personal
- User association
Any access control implementation should be policy-based, so that any control action taken in response to a device attempting to connect to the network is consistent and granular. It should also include a remediation facility that guides non-compliant devices into corporate compliance. De-perimeterization starts with the process of identifying and centralizing core business applications and, most importantly, their data. The endpoint becomes unmanaged; therefore, it is vital that all corporate data remains within the secure centralized IT infrastructure. Centralization also offers the benefit of lowering the cost of managing applications, because it eliminates the significant effort involved in client-side compatibility, upgrades, and patch deployment. Select the Best Delivery Method
Once centralization is achieved, you should then determine the best method for delivering the application. There are a number of application delivery technologies that can be used, depending on the application delivery scenario (i.e., the user, endpoint, application, and server platform):
- Desktop virtualization: A trade-off between the Echo Boomer workers' need to customize their endpoint device, and the IT department's need to maintain a corporate standard desktop can be achieved, by using system virtualization to create guest desktop operating environments (including applications if necessary). This guest desktop can then be consumed, either by running it on a hypervisor at the end-user device, or delivering it to users through server-side app virtualization.
- Server-side app virtualization: Enables the delivery of applications to users, regardless of whether or not the hardware and operating system of the end-user device is known. This is useful for delivering applications to a user base that includes users with their own Macintosh and Linux endpoints.
- Client-side app virtualization. Enables end-users to access and use applications offline, and in isolation from the other applications delivered to the end-user device. This isolation is a way to bring the concept of de-perimeterization all the way to the user endpoint.
- Server provisioning: Delivers the entire operating system by streaming it to the end-user device. In a heterogeneous environment, this solution requires an image for each exact device configuration. Server provisioning can also be configured to allow offline access.
- Application traffic management: Web applications are more familiar to Echo Boomers, who use Web 2.0 sites in their personal lives for social networking and other activities. Business applications can be delivered to users as Web applications, without requiring anything more than a Web browser on the endpoint. However, this new generation is generally impatient with Web applications and expects an instantaneous response. Application traffic management technologies optimize Web application delivery to the end-user, and the utilization of Web platforms at the datacenter.
Encourage an IT Self-Service Culture
Leveraging the Echo Boomers' preference for self-service can reduce the cost of support while increasing user productivity time, because these users no longer need to wait for IT to provide them with a service, whether they are deploying a new application or resolving a problem.
Self-service portals
There should be a single point of contact - similar to a help desk - where end-users can access the applications they are allowed to use, determine the best delivery method for those applications, learn how to resolve common issues, and log service requests. The more tools and information allowing tech-savvy users to service themselves, the less likely these users will log a request. These users are aware, from their personal as well as work experience, that it is usually much faster to complete a task without the need to wait for assistance.
In a de-perimeterized network, the self-service portal can also be used in conjunction with access control functionality to address non-compliant endpoints. Access control can enumerate only those applications a user is allowed to access, and can suggest the best delivery mechanism based on the user's current access scenario.
IT stipends
For IT self-service to work, tools are required that enable users serve themselves, and there needs to be a fundamental change in IT culture and policy. Much in the same way that company car financial models were changed in the 1970s, workers can be encouraged to purchase and maintain their own IT assets by paying annual stipends. The stipend must be sufficient to cover the cost of purchasing hardware within a normal depreciation period. Workers are then expected to manage and pay for all maintenance not related to their use of the corporate applications that are managed by IT.
Implement Blogging and Social Networking Policies
While a policy will not protect an organization from the intentional disclosure of confidential information, having written guidelines and educating all users about the guidelines will help to lower the risk of inadvertent disclosure. Most organizations have existing non-disclosure policies and employment contract clauses that may not require much modification to reflect the new security requirements brought about by the new generation's frequent use of these technologies.
