Several things got me thinking about this; the first was an interview with Tim Weber for BBC Online but turned into more of an interesting discussion as Tim is a smart guy very much into technology and its business use. He has a great way of explaining things, I liked his views on the ever tricky topic of cloud computing back in May 2010 and is on Twitter at follow@tim_weber. We were discussing exactly what is happening with people using new technology and what it means to enterprises particularly around security. However as part of this we also got onto people centric usability and I mentioned I was using a Microsoft Windows Phone 7 on an HTC Trophy which has really impressed me with its oh-so-easy and intuitive interface. Tim thought the same, and also knew of an iPhone user who had converted. But here is the point; it doesn’t have a conventional menu approach as any computer device would normally have, it just provides everything easily and naturally through navigating its ‘tiles’ arranged in ‘hubs’. PC World went as far as to call it ‘the genius of tiles and hubs as an interface’. It may or may not be better than Apple, and personal preferences will be the deciding issue, but the point is that just like an iPhone or an iPad I’ts not a PC, it’s not running client-server applications, and using it is a thoroughly liberating working experience. Notice the word working experience and that’s what I have been thinking about.What is it that I am doing that my Windows Phone 7 is supporting me in so well? The answer is that the majority of my time is spent interacting with people, events, and content in a Web 2.0 environment, usually mobile. Everything in the ‘tiles and hubs’ approach makes this easy, fast, coherent and frankly intuitively easy in a way that frankly my PC does not. I guess that’s why mobile executives love the iPad. It’s the same reasoning, and we shouldn’t be surprised because there is evidence from all sorts of directions to tell us that our roles and actual work has changed. One of the most widely known formal definitions of roles is the Margerison-McCann Types of Work Wheel. This was used in another study that unfortunately I don’t have permission to publish online to prove that other than the one role that is based on process execution, the average of the others shows less than 7% of our time is now spent on this type of work. In fact I ‘park’ anything that requires formal process using a traditional application during the day to be dealt with in the evening or early morning from my PC. Instead collaboration is 43%, knowledge work is 38% and relationship management is 12% of our working time, and there is the answer as to why I am finding Windows Phone 7 (or I guess an iPhone/iPad) such a great tool. But is all of this Web 2.0 social working stuff really of any value? Well no less than the McKinsey Review came up with the evidence that it does with an article entitled; ‘The Rise of the Networked Enterprise; Web 2.0 finds its payday’. So now we have two drivers; one is that many managers and working colleagues have already decided it works and invested in their own devices, or sometimes in the increasingly number of enlightened enterprises even been given the right devices; and the other is that the management consultants can prove it works. Back to where I started – the security and risk issues that all this introduces. Or does it? My question is, are we looking at this the right way? If we look at this in terms of fully functional devices, accessing the enterprise applications and databases for example, then we have every right to worry. But surely that’s not actually what is required in most cases? We are facing the same challenge as the telephone and email in respective generations introduced, a new untried and unsupervised form of communication between people in different enterprises with the attendant risks of what they might say! Okay, it is more worrying for both the retained form of the communications and the amount of communication etc, but it’s still fundamentally the same argument. The big question therefore becomes should we worry about computer access and compromise in a classic manner, or should we instead be concerned with the ways people can compromise themselves and the enterprise? So my points are; 1) should we allow these devices any connection to the enterprise applications and data or should we say that there prime use is entirely different? 2) Should we appreciate that education of the users and introduction of a human centric security policy is the most important starting point? 3) Do we need to reach some new agreements with auditors about what and how this new environment should be functioning, and note the term functioning, not regulated!?