What does people-centric IT mean, anyway?

People-centric visions of IT need to be broad-ranging, says Danny Bradbury. Now, don't bother him while he's trying to play Call of Duty: Ghosts.

Satya Nadella has news for IT users: it's all about you.

Microsoft's new CEO is touting a concept that he calls "people-centric IT". He wants to create an environment where "the end user gets the experience they want and IT gets the control that they want". It's a nice - if not new - idea.

There's no doubt that tensions between the IT department and the users have been developing for a long time. Users increasingly want to access the stuff that they use at home, while IT doesn't want a free-for-all on its network.

"The whole idea of people-centricity is to accept that a group of 10,000 people are 10,000 consumers who are used to driving their own world," says Clive Longbottom, founder of IT advisory firm Quocirca. "You have to let the user work in the way that they want."

That's lovely. But if users all decide to use their Dropbox accounts to upload their corporate documents, then IT loses the ability to index them - and to secure them. That's a problem. So Microsoft is trying to balance the need for a better user experience with the need for IT control.

But can IT departments really maintain an iron grip, while wearing a velvet glove? And if so, how?

Microsoft's people-centric vision spans several areas. It wants to enable end users, it says, while unifying their environment. The former focuses on devices, and resources. Users should be able to register their own devices, and access company resources consistently across them, it says. That includes accessing corporate desktops and applications from personal devices, in addition to work ones, connecting to internal resources where necessary.

From an end user perspective, unifying your environment means accessing all that stuff with a common identity. From an IT standpoint, it means managing all of the devices from the same place, whether they're in the cloud, or on-site. And management policies should reach across all of those devices, too.

Finally, people-centric IT means protecting your data. That means remote data and application control using those centrally set policies. And it also means remote wipe. It all sounds quite a lot like well-managed bring your own device (BYOD), in other words. It's about finding a balance between letting users bring in their sexy fondleslabs and access company resources with them, and not having them turn IT's well-controlled network into an awful mess.

But it's also about who those users are, says Andrew Conway, senior director in the product marketing group at Microsoft UK. He says that the firm is moving from device management through to managing IT at a user level.

"It's about the employee's identity, and who they are in active directory. It's what groups they existed in. It's what relationships and permissions they have," Conway argues. "Some of the research shows that users have 5-7 internet-connected devices, and so we provide a set of tooling for IT to deliver everything that those people need across all the different device types."

The role of identity

This implies a more granular view on the part of the IT department, says Hugh Simpson, CEO of Oxford Computer Group, a consultancy that works with ID and access management. "Traditionally, IT has locked the system down by saying you're either in the network or outside it. People-centric IT is about building a policy based on who you are," he says.

In the Microsoft world, identities live in Active Directory, and the firm has been massaging that technology to make it more flexible for users, rather than focusing on devices alone. For example, IT can now configure it to allow "workplace join", rather than "domain join", providing a lightweight way to put a certificate on a known user's device and get it into a workgroup.

All of this can be fed back into systems management policies, Simpson says. Systems can take account of various parameters, including where the users are. "Then we can create policy-based access that suits both the business and you. There's stuff you should get to, and stuff that you shouldn't."

Weren't the likes of Citrix doing some of this in the mid-2000s, though? The firm would let admins set access details for users based on role, location, and whether they were using a trusted machine, for example. BYOD may be new, but this role-based access is more a restatement of existing tropes.

Teaching new clouds old tricks

Ah, but now, there's added cloud, says Andy Langley, CTO of IT consulting firm NTegra. That's what's pushing more innovations.

He uses enterprise social network Yammer internally. "It feels like a paradigm shift in terms of what people used to do," he says. "In the past they'd have to raise a ticket with a help desk to get a group working together, and wait for days." It's a good example of how the balance of power is shifting from the IT department to the end user.

Cloud technology not only enables apps to be rolled out to users more quickly, but it also makes it easier to manage identities across all of them. Azure Active Directory is emerging as a place where firms can easily control access to these SaaS apps, balancing access with control.