National Geographic started with 10 basic corporate apps for employees available over the Intranet and Okta mobile app, such as Gmail, Google App Drive, AnyMeeting, VPN Remote Access from Citrix, File Transfer Service from Accellion, HRG Executive Travel, PeopleSoft and NGS Helpdesk. After opening Okta up to any app—an employee can simply add an app in a self-service way—the number of apps in the library reached 60 in less than a year.
Employees added all sorts of consumer apps, such as Facebook, LinkedIn, Twitter, Confluence, JIRA, GitHub, Dropbox and LogicMonitor. National Geographic's IT department doesn't blacklist any apps, and adding apps is easy without any IT approval process. However, the IT department doesn't necessarily support or train employees on self-service added apps.
By putting apps behind Okta, IT gains some security measures. Okta provides the same kind of data protection for a consumer app as with a traditional one.
"By bringing it under the umbrella of Okta and your other management systems like AD (Active Directory), once an account gets de-provisioned, they lose the access to their data and those applications, so they can't take it with them," says Karen Huffman, manager of SaaS, cloud apps and collaborative technologies at National Geographic.
Security Risks Come From Surprising Places
These security measures aside, an open door policy for consumer apps surely invites risk. After all, sensitive data can find its way into personal cloud storage and file-sharing services and out of IT's control.
You'd probably never guess who some of the worst offenders are.
A recent Workshare survey found that nearly seven out of 10 employees use free file sharing services to share corporate documents. A whopping 88 percent of employees in legal and professional services lead the pack, followed by 78 percent in financial services. (For more on Workshare's survey findings, check out this infographic.)
"So the legal department hates Google Drive, they won't use it," Backer says. "But they actually really like Dropbox, because they can put in all their stuff and mark changes. Isn't that crazy?"
Taking the IT Out of IT
For years, CIOs have used security requirements as a top reason why technology must flow through their office. But National Geographic's IT department has given up on this tactic. Instead, IT mostly relies on business unit managers to make sure their workers are doing the right thing when it comes to technology in the workplace.
Sure, the IT department educates users through short videos and cool pictorials rather than wordy guides—after all, it is National Geographic. But by letting business units work things out, IT shakes off its draconian reputation shrouded in complicated technical jargon and instead becomes a trusting and supportive partner.
In other words, you can get further with a whimper than a roar.
"I think IT talks too IT-ish," Huffman says.
Sign up for CIO Asia eNewsletters.