Business processes and BSOs

A BSO is a bright, shiny object. My friend and I walk through the summer neighborhood fairs in Chicago. When she sees something glittery (or with a Dr. Who reference), she stops dead in her tracks, touches it, asks how much it costs, then tries to convince herself why she “needs” it. Kids do it in toy stores. For me, it’s art supplies. What’s the point? Business users, every day, find a cool app that does something nifty, then try to integrate it into their work processes. Back in the old days, if you needed new functionality or wanted to automate a manual process, you put in a request to the information technology department (IT). Then, you waited … and waited.

This was part of the rise of user-driven application development. As soon as users could have their own computers and buy whatever software they wanted, IT started to scramble to fulfill their responsibility to maintain a stable information systems environment with optimal uptime and reliability. Things got locked down, firewalls put up, policies implemented, and people could not just download the latest bright shiny object and attempt to integrate it into business processes. Then came the internet, mobile technology, and BYOD (bring your own device) workplaces. Like most things, the pendulum may have swung too far back to the Wild West.

OK, history lesson over.

Today, so much business information processing has been pushed to the cloud. And, so much of it is accessible on smart phones and tablets. In fact, a tablet may be the only work device needed for many information workers. Recently on a post about how to create fillable forms in Microsoft Word, one commenter said, “why would you do that when you can just use (insert spiffy 3rd party forms app here).” My response was that not all organizations permit usage of one-off apps to create forms to be used inside the organization. For example, here are some of the risks that IT addresses with a No Unapproved App policy.

  • While it’s great that you are collecting data, what data is being collected by the developers or hosting platform for the app? What are their security policies? Are they compliant with the same regulating bodies that your organization is?
  • What happens when the app breaks or disappears? Where is the data collected?
  • Who can help you retrieve your forms and/or data?
  • How much training is required to use these apps? Who will need to be trained?
  • How does the app integrate with, interfere, or infect existing systems?

So, are BSOs always bad? Nope! However, work with those who are responsible for protecting and maintaining your business processing environment. Let them vet the app and the developer, and assess the impact. Also, allow them to uncover features of existing applications you use that may address the same needs. For example, you may have, in the past, put documents out on a freebie Google Drive account just so you could share them with those outside your organization. But, your organization has just moved to Office 365 and you now have something called Business One Drive. Depending upon how access is configured, you could get the same capability, but with additional loss-prevention features.

The trick is, when you find a BSO that you really like, do your due diligence. Use the checklist here to guide this process.

✔ Is there something the organization already owns that can perform the same function and that has already been evaluated?

✔ If the BSO is what you absolutely need, write a business case for it, even if it’s free! Demonstrate how data entered is protected according to your current policies. Evaluate training required and bounce it off some colleagues before submitting it to IT or your management for approval.

✔ Is it free? Free to try? There’s almost always an associated cost to free.

✔ Map the process it is meant to improve and show where this fits and what it replaces, what extra steps can be eliminated, or other concrete benefit.

IT learned a long time ago that it may not be the only team in an organization to find technical solutions to business information processing challenges.

However, they are still primarily responsible for making sure that nothing unseemly leaves or comes into the processing environment.