Push BYOD Complexity to the Periphery

The late <a href=http://tinyurl.com/3vzdnql>Einar "Stef" Stefferud</a> was fond of explaining one of the most fundamental principles of Internet architecture thusly:  "Push complexity to the edges, keep the core simple."  As a general principle, you'd be hard pressed to find a sucessful network architect who'd disagree today.  

However, in recent years there have been exceptions, or at least complications, largely centered on the development of complex network services.  The internal complexity of a Cisco router teaches definitively that one man's edge is another man's core.   Complexity at the core of your operation only makes sense if it's part of your core value proposition as well.

The era of cloud computing brings the potential to outsource almost every non-mission-critical complexity in your IT infrastructure, one by one.  The outsourcing simplifies your operations, but doesn't further complicate the cloud provider, which already handles that complexity as its core business.

Lately, IT departments are being asked to allow employees to use all manner of new devices to interact with the supposedly-secure IT infrastructure.  A "Bring Your Own Device (BYOD)" movement can look like open revolution when viewed from the CIO's chair.  The number and types of devices seems to be exploding, yet ***link*** MImecast's research indicates that less than a third of companies surveyed support as many as 3 such devices.  How many people will an IT department have to hire to arrange secure access for iPhones, iPads, Android phones, Android tablets, Windows Mobile devices, the evolving product lines from Palm and Blackberry, and the many other amazing devices likely to be just around the corner?   

The answer, I contend, should be "none."  If anything, depending on your current strategy, you might be able to redirect a few employees to more productive tasks.  But it requires, for many, a major change of mindset; it requires a certain amount of trust in the face of shifting business risks.

A recurring theme in the history of IT has been the shifting boundaries between in-house and out-sourced IT expertise and services.  It's a safe bet that when Remington Rand (now Unisys) sold <a href=http://en.wikipedia.org/wiki/UNIVAC_I>the first UNIVAC</a> to the Census Bureau in 1951, the Census bureau became a major employer of programmers.  Sixty years later, I'd venture that the vast majority of companies that use computers don't employ a single programmer.  Along the way we've seen all manner of technical and support services migrate into service bureaus and software companies of every shade and hue.  

But, until the Internet and cloud computing came along, there were a few firm boundaries.  Data -- at least a primary copy -- generally stayed on premises, on machines under the control of a company's own employees, whether professionally backed up on tape or written to a floppy disk that's now propping up a wobbly table.  And most important, for companies of nearly any size, has been a sophisticated fire wall separating "inside" from "outside."

That distinction is increasingly irrelevant.

In the era of cloud computing, more and more of your most critical data is being stored on remote servers under someone else's control.  If you're keeping your most critical data on the outside -- and yes, it's still a good idea, with the right vendor -- what exactly makes the inside so special?

The BYOD movement closes the circle.  Now you have mobile devices that are "outside" (in many cases inevitably, by virtue of commercial network architecture) communicating with your key data and applications, which are also "outside."  For now, perhaps, "inside" is the guarantor of identity, but that can (and probably should) be outsourced as well.  Eventually, the "inside" of your IT infrastructure may be nothing more than an Internet access point and a few wireless routers in your building.

How should a thousand different kinds of devices communicate with your cloud service?  Who cares?  That shouldn't be your problem -- unless you work for the device or cloud vendor, of course.  It's their job to make sure that your employees can use almost any device with almost any cloud service.  If a few combinations don't work, you'll cross a few device types off your acceptable device list, or you'll swap one service provider for another.  No big deal, as long as you have enough of an IT staff to stay on top of what's happening and make alterations to the lists of devices and contractors as needed.

In Waltham, Massachusetts, on the shore of the Charles River, is an enormous building that used to be a watch factory, and is now the Watch Factory, an industrial-themed office complex where Mimecast has its American headquarters.  Today, it's unlikely that a watch factory would be designed to occupy a long stretch of riverside real estate, but it made sense in the nineteenth century.  Water power drove many industries, and even powered early electrical generators.  There was surely a time when the factory could not have operated without in-house expertise in electric generation.  Yet once there was an efficient electricity distribution network, it quickly ceased to make sense to generate electricity in house at all.  As Stef advised, complexity was pushed to the periphery -- from the watch manufacturer's perspective, if not the electric utility's.

The BYOD movement is a big red flag, telling you that your core is about to get much more complicated unless you make it much more simple.  If you want your company to be in the business of supporting hundreds of device types, start hiring.  If you don't, start outsourcing your IT services to the cloud, and let the vendors deal with the challenge.  That's what you pay them for, right?