Wednesday, February 13, 2008

Dealing with Web Applications

How do new web applications get introduced into your company?

This is a question I began asking myself as I continue to discover fantastic, simple, free (or very cheap) web based applications. My latest discovery is Jing, but that's a story for another day.

I'm betting that employees at your company are as inquisitive as I am. Likely, as they discover these applications, they're downloading them and trying them. They don't want to wait for I.T. to offer a solution. They just want to get the job done or make their jobs easier.

And this phenomenon is likely keeping your C.I.O. up at night.

And the reasons he/she can't sleep, is that they're ultimately responsible for

1. Reliable computing. At some point, this software trial, becomes mainstream within a group or department. It begins to help manage critical processes. It gets taken for granted. And that's about the time the application reliability fails. And no one in your I.T. department can help resolve the issue. You're on your own. Unmanaged and unrestricted downloading onto corporate PCs may cause issues with your standard application image, potentially causing issues with standard applications.

2. Secure computing. What assurances do your end users have that the transactions they're processing on this 3rd party application are secure from prying eyes? If you're a public company, this could pose some significant SOX implications. If you're storing customer information, you may incur privacy concerns.

3. Data Portability. Is there a way to retrieve your company data from the application provider, should you decide to migrate to a different application?

4. Data Recovery. How does your application provider insure data backups and recovery? What disaster recovery plans are in place?

5. Uncontrolled Data distribution. As new applications are adopted, corporate data begins to be distributed across more applications, more platforms, internally and externally, completely unchecked. And no one person knows where it all is!

6. Even free isn't FREE. A new application holds the potential for duplicate functionality within your company's application portfolio. Duplicate functionality usually translates into increased costs - (training, support) not only of the new system, but includes ongoing support and training of the legacy system(s) too. At some point in the future, your new application may completely supplant the legacy application (that's a good thing) but the I.T. folks may never know (that's a bad thing). Active, unused legacy applications suck up resources. Unused applications need to be decommissioned.

7. You can't easily learn from, or leverage unmanaged experimentation. How can you surface the fact that you're testing a new application? How do you spread the word about it's benefits or drawbacks? How does your company learn from your experience? Clearly, if you discover "a better mousetrap", your company might benefit from widespread adoption. On the other hand, if someone else within your organization has already tried the new application and was unsatisfied with it, how do you get the word out, so your company doesn't make the same mistake again?

Rather than trying to stamp out experimentation, I think the answer lies in a cooperative approach to new application adoption. Clearly, it is in I.T.'s best interest to be involved (but not be a roadblock to) the application adoption process.

It's important that your user community understand the potential risks of web based applications and that they try these applications, with "eyes wide open." If you can implement a policy that educates users about security, backup, redundancy, legacy, privacy and data portability issues, you're halfway home.

Next, it's important to put the experiment "on the radar". I.T. can facilitate communication (pro or con) about your application experiment. They interact with employees every day, who may be facing the same challenges that you are. If the new application works out well, it's important to spread the word. If it fails to meet expectations, it's important to know that as well.

In some cases sucessful individual trials could lead to the purchase of Corporate licenses, thus potentially saving some money on the cost of several "individual" accounts.

However new applications are introduced into your computing lexicon, I think you'd agree that some adoption policy and process is required.

Do you have one?