The democratization of software that has occurred with the development of social computing raises some important issues about IT governance. When we are dealing with consumer to consumer applications like Facebook or YouTube issues of governance are not that significant. That is, where netizens are connecting with each other and choosing to create or co-create applications and/or content. However, when we move into enterprise computing and business-to-business (B2B) or business-to-consumer (B2C) applications governance does become an issue.
What is easy to manage in the private realm often becomes much more complex for the corporation. For example, some jurisdictions require companies to be able to roll-back a website to exactly the same version as on any date in the past, thus giving rise to the need for sound version control. Or, if the system in question has life and death impact – e.g. medical systems, water treatment systems, or building management systems – version control and system integrity become paramount.
While ordinary netizens can and do create and share software artifacts it becomes an issue when they undertake these same activities in their roles as representatives of a corporation for which they work. Who owns the artifacts? There is an assumption that the employer will own it as with other intellectual property created in the workplace. But who then has liability for harm that flows from creation of that artifact? I suspect that it would be the employer, and the question arises as to how the employer might protect themselves.
Spoke with some folks at the Australian Computer Society event recently after my presentation on the Future of Technology. One factor that really came out as important in our discussion was the impact of social computing on ICT governance within organisations. Governance has been enough of a challenge for ICT up until now, and it is about to get a lot more complex due to social computing.
The democratization of computing is one of the important consequences of the web 2.0 social computing movement. And it has consequences that flow on into the realm of IT departments everywhere. It is giving rise to a kind of a ‘shadow‘ IT department. Users are no longer constrained in their use of systems to those provided officially by the IT department. Instead, now users can often access equivalent systems via the cloud (often through port 80) and the IT department can be oblivious.
One company I know of had an entire department start using a cloud based accounting package and it was only noticed when the quarter ended and their numbers were missing from the central ERP system. When asked why they had done this the business users commented that the functionality offered by the external provider was easier to use and better suited to their business needs than that offered by the IT department.
It is interesting to consider what will happen as individual business units start to vote with their feet like this. This is especially true as cost constraints hit home and business units start to assess if they are getting real value for their money from the centralised IT department offerings. Perhaps we could be about to see the balkanisation of centralised IT over the next few years?