I forgot to point everyone to Cory Doctorow’s essay in Harvard Business Review, “The High Priests of IT — And the Heretics,” but it should be mandatory reading for anyone who manages or deals with the IT group in a corporate environment.

The dirty secret of corporate IT is that its primary mission is to serve yesterday’s technology needs, even if that means strangling tomorrow’s technology solutions. The myth of corporate IT is that it alone possesses the wisdom to decide which technologies will allow the workers on the front line to work better, faster and smarter — albeit with the occasional lackluster requirements-gathering process, if you’re lucky.

The fact is that the most dreadful violators of corporate policy — the ones getting that critical file to a supplier using Gmail because the corporate mail won’t allow the attachment, the ones using IM to contact a vacationing colleague to find out how to handle a sticky situation, the incorrigible Twitterer who wants to sign up all his colleagues as followers through the work day — are also the most enthusiastic users of technology, the ones most apt to come up with the next out-of-left-field efficiency for the firm.

Like I quoted from Barry Schwartz’s TED Talk, “Rules prevent disaster, but what they guarantee is mediocrity.”

William Gibson wrote that, and I’m pretty sure this was not what the designers had in mind when they put a bar code scanner in the G1 Android Handset:

Now imagine that was a video store or friend’s house rather than the developer’s room. This is what real innovation looks like. It’s not more efficient ways for companies to separate people from their money, but rather how people can seize the moment in whatever way works for them.

Cory Doctorow is in love with an app for his Android G1 smartphone which shim’s the dialer of android devices to make calling card calls without him having to dial the entire series of numbers to get the cheap rates:

…today I downloaded my first game-changing app: Android Calling Card, which auto-dials any cheapo calling card you buy down at the corner store, and the PIN, and then any number from your address book, automagically. It supports multiple cards (the cornershop card-array is very country specific — Eastern Europe, USA, China, and other nations all have their own cards) and unobtrusively shims itself into the phone’s built-in dialer app.

I just used it for an hour-long overseas conference-call — the kind of thing that used to cost me £20 or £30 — and the total cost was £0.51!

Of course, I wonder how far behind it the malware version which shims the dialer to route your call through Tunesia or some other hyper-expensive billing fraud channel is. And what are our options (if any) to protect ourselves against it?

Bob has raised some really good points, so I’m going to throw my own thoughts on the pile here.

First, while we, as corporate citizens, talk about cost, we’re really talking about “need” versus “want.” For example, with email,

The time when an enterprise can afford to supply email from internal system has left us.

Sure, once upon a time the only way to have email was to run the servers yourself. But not any more. Unless a company has some regulatory or contractual reasons why email data cannot be put at risk of third-party access (in which case, it’s probably airgapped), then it can be moved to The Cloud. It’s about “need” versus “want.” Companies need email. They want to have it in-house. Even if many large entities now have it pseudo-in-house, meaning they pay for the servers and the people, but it’s all outsourced.

All if which is a long-winded way of asking, “So why are we still paying for a Very Large (==”Enterprise”) version of a departmental mail server? Why not just go buy it as a service? We can get the exact same set of eatures, for a lot less money if we’re willing to be honest with ourselves about how much of keeping things “in house” is about control and passed off as risk management. Sure, we’re going to ask a bunch of very responsibility-averse decision makers to now accept risks that they ignore/live in denial of (i.e. accept) today. But making the senior leadership feel better about themselves should not be why a company exists. In theory, they’re paid the big bucks because they’re the least afraid of these decisions. In reality, I’d argue they’re walking examples of Loss Aversion in action just like everyone else, aggravated by the fact that the losses would be direct and personal but the gains would be to the company.

Similar arguments can be made for most of the services Bob listed. Throw in the fact that if these things go away, the people go away with it, and making the hard decisions become that much harder since very few people are going to voluntarily to make themselves redundant or reduce their budget and prestige, even if they know it’s the Right Thing to do.

The enterprise need to change how it provides services to the desktop.  What services do the users really need from us and how can we continue to provide them?

Internet/Intranet Web Services

More and more of the services we use are based on the big bad Internet standard W3C.  The enterprise needs to deliver these services with out proprietary tools that limit what computing systems they can be run on.    see: http://www.anybrowser.org/campaign/.  Oh and maybe we should start moving some of this out of our costly data centers and on to systems like Amazon EC2.

Email

The Internet community has developed email standards that serve millions of accounts.  IMAP/POP and SMTP deliver email to client computers with lowest cost and in the most effective manner.  The time when an enterprise can afford to supply email from internal system has left us.  Tools such as Gmail/Postini or Zimbra can deliver email without the need for any infrastructure or staff.  Just move the MX record folks.

Calendaring

Calendaring is an interesting problem.  The enterprise seems to think that Notes or Exchange can deliver the goods, yet neither of these can deliver free/busy to the extended family that is our supply chain.  Since standards such as CalDev are not deployed, we have to fall back to something like Salesforce.com and Google Calendar or Zimbra to fix this now.

Instant Messaging

Instant Messaging is both the bane and the boon for end users, we hate it but we have to have it.  What works out in the real world: XMPP / Jabber.  You can put your own in and link out or just use what is out there depending on your needs and fears.

Desktop applications such as word processing, data management, etc..

The desktop software industry would make you think that you have to run Windows so that you can have the applications you need.  While I am a bit of a Mac fan boy mostly due to a bit of ego and the enjoyment of fine hardware the software that Apple supplies fills the needs of many many individuals.  The only issue for Mac in the 2009 enterprise is the fact that we have to run on the existing hardware that we cannot afford.  While there are some who  actually need Microsoft Office as well as some who need Photoshop, the vast majority do not.  Open Office is the great wedge we have to fill this gap.  Open Office is also a big stick and being a large software package it needs significant support.  Systems like Google Docs are now good enough for most work and the collaboration tools they provide go way beyond anything commercially available.

File storage

There are two major needs for file storage: First is for end users to keep stuff around for others and to share.  Second is for backup of local data.  While it is a grand vision to keep all of your data in the Cloud with Google Docs, Dropbox, or Backpack; users will make files and want to manage and keep them.  The enterprise must provide services to manage that data.

Computing to support the above items

As you can see from the above list of services the actual desktop does not really matter that much.  If it supports a standards based browser such as Firefox, an email client like Thunderbird and some sort of networking you are in the the pink.  Today the key is the cost of ownership and what you need to support that desktop are where you get hit!  What do we really need to do in the enterprise, Count-em, Authenticate-em, Update-em. We have to stay away from targeted solutions that limit the OS we are using.  Looking at the existing hardware in the enterprise we are limited to something that is x86 based.  In the final analysis Linux is the right tool for the time.  You need very little to be a Linux shop:  LDAP, SYSLOG, maybe SAMBA, and wine for the needy.  For now, no viruses, no spyware, etc.; how much money and time does that save?

Pull down Ubuntu 8.10 and install it!  Start a project to really save money in your enterprise!  The savings here are real as are the productivity gains, the improved user satisfaction, and complexity reduction.  Overcoming the inertia and thinking differently about your services is hard.  The morass of legislation along with corporate governance rules may scare some off of this but simplifying your environment and freeing up resources to improve the speed of the enterprise is the goal here.

If you do this please help by contributing resources to the community.  It pays you back instantly!

- Bob

The current enterprise infrastructure is expensive, designed and based on the need to preserve the status quo rather than deliver optimal services. Thinking in terms of services we must deliver, the platform becomes less and less relevant. Look at the percentage of services we can get from the Cloud (both external and internal), the platform becomes nearly irrelevant.

We have to “buy” the most cost-effective platform. Microsoft Windows is not cost effective — it requires its own set of services just to provide a minimal platform. No, it will not all go away with Linux, but many of them do, or become a much smaller problem and require a lot less engineering & architecture to provide required services.
Change happens in volatile times.  This is a volatile time…

Bob

Now that he’s finally gotten to push the big “publish” button, I’m pleased to welcome my friend and co-worker Bob to Not Bad for a Cubicle.

Bob is one of the people in the world who Just Gets It when it comes to security, risk and technology, especially end points and mobile devices. He’s the source of one of my favorite statements about information and technology, too, which I’ll attempt to paraphrase as, Data seeps into every nook and corner of every device we own.

He’s also famously willing to tell the truth, no matter how much people might not want to hear it. As you can imagine, he’s exactly the sort of person I think we need more of. The sort of person who consistently forces me to expand my own thinking simply by expanding his own.

For example, he recently passed me a draft of a white paper he’s been working on regarding EUC 2.0. My comment to him over Skype was:

I was reading your EUC paper and was simultaneously thinking, “This is awesome!” and “This is scary as hell from an information protection perspective!”

I can’t wait to see what else he puts up here, because EUC 2.0 is something that’s going to happen, whether we want it to or not. By getting risk and security involved in the conversation early on, we at least have a chance to build an environment which both works in an agile, mobile manner and gives us half a chance . Or we can try to hide behind “Personal Device Policies” and other attempts to hold back the future until it’s already around us and we’re once again scrambling to bolt on protection at the device or the non-existent perimeter.

So please join me in welcoming Bob to the Cubicle.

Hello,

My name is Bob; Chandler and I have known each other and worked together for several years. He kindly invited me to be a guest author on the Cubicle. I have been spending a lot of my time in IT Security thinking around alternate computing styles and ways to get the cost out. With the modernization of the Internet, broadband access expansion, and high speed wireless data gives us some interesting new ways to run a business. This is the first in a series and I hope a good discussion around new computing models.

If you still have a small amount of credit in this crazy market you can build and mobilize your business without building big buildings, data centers, or buying lots of new computing hardware. So lets build a business! And buy a few new toys.

If you have an office you have to equip it with Internet access and I would make it wireless. Get the best, it fastest Internet service you can afford. Buy a decent router that has at fast wireless For around $500 get a good double sided color ink-jet printer that has wireless, fax, scanner,etc. You will need one real land line and a REAL phone that does not need batteries. Note that you can maybe save some money and hassle if you set what is called e-fax or electronic fax. (more on this later, there are alternates!)

You need email , the world uses email to do business. For $50 per year per user you can get a Google email account with your own custom domain, web hosting, calendaring, document, storage, and on-line editing. Add a few dollars and Google will provide you advanced features in email controls, filtering, and archiving. Good solid enterprise class tools, storage off of your local computer to keep your data safe and a decent environment to work in.

Now how are you going to access all these fine tools and data? I am a big fan of mobility so I would issue laptop computers and cell phones. But lets be smart about this.

In keeping with the lower cost model (the machine has to have WIFI) lets get a bit lower tier laptop and here is the shocker; run Ubuntu Linux on it. Most of your day to day work will be in Firefox as it works very well with Google. When you need offline access Ubuntu has Open Office and make sure you have the 3.0 version so you are more compatible with all the Microsoft stuff out there. For almost all of your needs you will not need to purchase ANY software! Over time we will talk about applications that will just get the job done for you.

We still need telephones and in today’s world I feel it is important that everyone have a telephone. This is going to cost you a bit of money but the productivity is worth it. With all that nice Google stuff out there you need your email, calendar, and data access on the phone. Well guess what Google got together with some other folks and built a phone operating system called Android and with HTC and T-Mobile made the first Android phone. The phone is good, T-Mobile is getting better all the time so for around $150 for the phone and around $75 per month you have all you need. When you get the phone you sign into your Gmail account and it pulls down your email,contacts, and calendar in just a few seconds.

So now you have the basic end user computing hardware and software you need to operate. No software licensing costs, better performance and best in class communications.

Oh hey maybe a business plan would be cool, but you knew that already. Welcome to Enterprise 2.0 and End User Computing 2.0.