A quick recap of where we’ve got to in this discussion on BYOD over recent weeks.
I started this discussion because I was interested in the statistics that supported BYOD and it’s impact on productivity. My conclusion was that people instinctively felt that there was a productivity benefit and surveys support it, but there is little hard evidence, and lots of repeated evidence. The primarily benefit stated for BYOD through enabling mobility within the workforce. I received some feedback from people suggesting that the productivity benefit from mobility was only part of the story and that the value was far broader. While reading articles in this area I also came across a number of people focussing on the risks of BYOD many of them from security and virtualisation software vendors.
To bring my thoughts together I created a Concept Map showing what I’d collected to date.
The concept map got me thinking about some of the challenges particularly in the area of personal knowledge management in a BYOD world.
One of the ways that people cover off the risk element is to utilise a Choose Your Own Device (CYOD) approach, actually Forrester made some statements about BYOD being killed off because of this approach. I’m sceptical of the CYOD approach.
My own view is more aligned to that stated by Gartner that BYOD is really an application strategy.
To have a workable applications strategy you also need to have a data strategy and that’s the thought behind this post.
In an interview with the BCS in 2006 Tim Berners-Lee said this:
Customers need to be given control of their own data – not being tied into a certain manufacturer so that when there are problems they are always obliged to go back to them. IT professionals have a responsibility to understand the use of standards and the importance of making Web applications that work with any kind of device.
They need to take the view that data is a precious thing and will last longer than the systems themselves.
Tim Berners-Lee
This challenge was written to IT professionals like myself, and it’s a challenge that we often get disconnected from. We get so wrapped up in storage, compute, networks, operating system, utilities, security, devices and applications that we forget that it’s the data where the value is.
As we create more and more data from an exploding pool of sources we have the ability to derive increasing value from that data. Applications help us to mine and to visualise the data, but it’s the data that is precious. In simple terms, it’s not Excel that gives the value to the spreadsheet, it’s the insights that the data gives.
The opportunity and the challenge of a BYOD world is to think about all of the new ways of using data and to build a rich strategy and a set of operating processes that gain the best value.
The traditional approach for organisations has been to build a network castle and to make sure that all of the data stays inside that castle. In a world where there is massively more data of better value outside the castle walls that approach no longer makes sense.
Data being worked outside an organisation’s control is not always a bad thing, likewise data being worked inside an organisation is not always a good thing. Often the best thing that you can do is to work the data completely in the open and participate in the community.
Organisations and individuals need to think through their approach to data in this new context. Here are some areas where a shift in thinking is required:
Ownership
Modern intellectual property law is vast and complex including patents, copyright, authors’ rights, trademarks and even database rights.
Join any organisation and you’ll be asked to sign a contract that makes a claim over the material that you create. Post pictures to Facebook, Twitter, Instagram or Flickr and each one will make a claim about the ownership of the data posted in their terms of use. When Instagram changed their terms of use in 2012 there was an outcry and the changes were soon reversed. Many people feel the need to put a caveat on their Twitter profile to assert that the views expressed are their own.
Alongside these systems other open systems have been created, such as creative commons, for those wanting to take a more collaborative approach.
Organisations and individuals need to think through their strategy for data ownership. If an individual can create personal data and organisation data how do you measure which is which. It’s no longer adequate to define the ownership of data by the location where it was created or the time of day when it was updated. What data should be placed into the public arena with open ownership? What data should be retained inside a personal or organisational boundary? Relinquishing controlling ownership of data and letting it be used by others may be more valuable than placing it behind a locked door.
Protection
Once you’ve worked out the strategy for data ownership organisations and individuals need to think about how they are going to protect it. What is an appropriate level of protection? What data are others going to be able to modify? What about organisation data on a personal device, what is the appropriate level of protection? The most appropriate answer to this may be to put no protection in place.
Integration
How is the data going to be integrated with other data? Value is often derived from joining pieces of information together but that’s only possible if the ownership and protection of the data allows it.
There’s going to be some interesting opportunities and challenges working across the personal and organisation boundaries.
My friend Stu Downes has recently written about Personal Digital Assistants and the challenge that they are going to create.
Availability
How does an organisation or individual ensure that the data will always be available?
If you store your diary in a free cloud service what guarantees have you got that it’s still going to be available in 6 months time, but more importantly, how can you get your data out and put it somewhere else?
If someone squirrels the organisation data away into a privately owned file store how can the organisation ensure that it has access to it in the future should it be needed?
Integrity
As you see the value of sharing data in the public arena and let others contribute to it, how do you ensure data integrity? Take Wikipedia as an example, for the most part working in the public arena has resulted in a highly valuable asset, but the small number of errors creates a huge integrity problem. If you publish an organisation’s information into the public arena how can someone consuming it be confident in its integrity?
Integrity has been a problem for file stores for a very long time. How do you know that the file in use is the current file? If someone is working on a BYOD device how can you ensure that they’ve got access to the current file and hence the current data?
Another integrity challenge is the reference-ability of data. What is the real source of the data? Does the source have integrity?
Retention and Legal Hold
How does an organisation ensure that it has retained the right amount of data for legal purposes? How do you even define what needs to be retained and build a defensible system of control?
How do you place data that’s on a personal device under legal hold? How do you place files in a personal cloud file store under legal hold?
Life-cycle
There are a number of life-cycle challenges to data. How does someone know that the data being used is the current data? If data has been superseded by other data how does someone know, especially if it’s being integrated into other data?
Does the ownership of data change as it goes through its life? Can it transition from being personal data to being organisation data? Can it transition from being protected within the organisation to being placed in the public arena?
Lots of questions that people are wrestling with every day, or openly ignoring. I suspect that there are more on the ignoring side than on the wrestling side though.
Graham Chastney 