BYO iPhone – At your business's risk
Consumerism is definitely asserting itself in the business IT market.
Two recent surveys demonstrate that business staff are becoming more confident in asking their managers to provide them with consumer technologies at work – or bringing in their own. And both surveys reveal bosses are going along with the concept called, in IT jargon, ‘choice computing’.
In June, IDG Research reported on a survey commissioned by my employer which sought out the opinions of 400 security and IT decision makers. Our business also conducted some security research on behalf of the global Business Innovation Council.
The results of both surveys confirm the rise in consumerism within business organisations.
However, there is an issue: while enterprises are adopting consumer technology, many are neglecting the risks of doing so.
Users choose
Key findings from the IDG survey show users are playing an increasingly important role in selecting the technology their employers provide. Three-quarters of the security and IT leaders who completed the survey believe user influence on both device and application purchase decisions is on the rise.
Conversely, the majority of decisions about older technologies – such as desktops and laptops – are generally still made by the IT experts. In fact, the survey reports that one in five security and IT leaders even let users actually entirely decide on the technology. A further 60% say users have "some” input.
Netbooks and tablets are high on the list of technology users provide input into, while slightly more than a quarter of those surveyed report their companies currently allow staff to use their own PCs or mobile devices for work purposes.
However, problems do arise when it comes to security. Though most companies have policies that prevent or limit the connection of personal devices to the corporate network, six out of 10 of those surveyed say unauthorised connections still occur. Worse, nearly a quarter of the largest organisations surveyed have experienced a serious breach or incident via a personal device.
Of course, there is another gateway to a company’s vital information that is even more commonly used – social networking sites.
In fact, more than 80% of companies now allow some form of access to these sites and 62% are already using them as a vehicle for external communications. Because of the personal content they contain, these types of sites are like manna from heaven for cyber criminals.
Positive light
Most respondents view access to consumer technologies in a positive light, with more than 60% believing productivity is improved by devices such as netbooks, tablets, smartphones and social media.
The big issue is security – only one in 10 of those surveyed feels "very confident” they have the right level of security to accommodate increased access to consumer devices and applications.
In fact, only 22% thoroughly calculate the risks associated with the technologies before staff begin using them for business. Up to 40% don’t even gauge the risks!
RSA’s security report for the Business Innovation Council was designed to investigate why traditional IT control models are quickly crumbling. It confirms employees are taking the reins when it comes to dictating which devices and technologies will be used.
The survey interviewed accomplished security leaders from around the world who also agree that in future, many business IT assets – both hardware and software – will be user-owned.
However, while the shift is inevitable, it doesn’t have to be a threat to the business. Instead it can be an opportunity to bolsters the company’s value. But to reap the rewards, organisations need to manage the risks.
Finally, here are a few tips on how you can ready your business for choice computing:
1. Think like a user and focus on the task rather than the tool.
2. Put together a team within your business so you can gather all perspectives.
3. Slowly, slowly, catchy monkey – don’t rush in; calculate the risks and then devise policies to diminish them.
4. Allocate funding for the technology you need.
5. Constantly work with providers to pinpoint problem areas and develop solutions to reduce risk.
Greg Singh is ANZ Pre-Sales Engineering Manager for RSA, the security division of EMC, providing security solutions and services to companies in New Zealand and around the world.
For more info visit www.rsa.com