An IT lesson from Anonymous: Even lawless groups need rules

Recruit a bunch of anarchists and — surprise, surprise — you get anarchy

Anonymous’ global cyberwar on ISIS — which we recently noted has the potential for undercutting the terror group’s recruitment and fundraising efforts by making social media useless for it — has been running into some structural problems. Mostly, it involves volunteer supporters going off in different directions and thereby diluting the overall mission.

But the problems that Anonymous has been having in its ISIS war offer some good lessons for enterprise IT. IT’s equivalent of lawlessness involves independent workgroups, the cloud, open source and crowdsourcing. The great connections and crowd power that the Internet has enabled allow for great things, but the very elements that create this power make it difficult to control.

The strength of Anonymous has been its success in recruiting a huge number of coders from across the globe. One attribute many of those coders share — and that probably made Anonymous of interest to them initially — is a rebellious nature, an anti-authority view. Surprise, surprise, but a group of thousands of these unpaid people tend to resist rules and instructions.

Such an army of coders can be a massive force, when their efforts are organized and coordinated to focus in a single direction. Without that, it delivers little beyond anarchy. The little good done by those following the rules is undone, or at least undercut, by a far larger number that are doing their own thing.

In any enterprise, groups going in the same consistent direction, even the wrong direction, is almost always preferable to different groups going their own way. That is the premise behind chain of command.

A few years ago, an IT executive at a very large retailer spoke of the attraction of early cloud efforts, dubbing it the Wild West. The exec happily saw this as a place where experimentation could happen, experiments beyond the rules and regulations of IT governance.

Although it sounds attractive, rogue IT efforts still have to live within the rules. The size of the rogue team must have a strict ceiling, and the duration of their rogue efforts must similarly be capped. As Truman Capote once said, “The problem with living outside the law is that you no longer have its protection.”

To extend the enterprise analogy a little further, the struggle that Anonymous is having is not about recruitment. It appears that many of the recruited coders have the right skills and the right attitude (in that they seem to hate ISIS). In theory, that should be a great starting place for an organized group.

But even angry, torch-carrying mobs need leaders. The issue is that ISIS sites are not labeled in a consistent way. You’d think that a global terroristic effort would at least have a consistent naming convention. This has caused some members to shut down sites that have nothing to do with ISIS or ISIS affiliates. This is not merely diluting their efforts and distracting the team, but it’s hurting public support as innocent sites get hurt.

From an IT governance perspective, the more freedom and flexibility offered by Internet-enabled group efforts, the less ability you have to control execution. And if there’s one thing enterprise IT needs, it is to stay in control of projects. As long as you’re to be held responsible for results — and you are — you need that control.

This story, "An IT lesson from Anonymous: Even lawless groups need rules" was originally published by Computerworld.

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)