Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

‘Tis the season for consumerization of IT

As the Millennial generation -- those born in the 1980s or later -- becomes the dominant group in the workforce, the trend of personal devices in the enterprise continues to grow. 

In August 2011, Bomgar, in conjunction with Isurus Market Research and GigaOM Pro, conducted research  on how Millennials approach and interact with technology, uncovering some interesting findings related to the consumerization of IT.

In addition to embracing the use of personal devices (40 percent said they utilize one in the office on a weekly basis), Millennials also tend to be largely independent and attempt to resolve technical issues themselves before involving IT.  While there are certainly some benefits to this self-sufficient behavior, it also underscores the importance of ensuring sound IT policies governing the use of personal devices in the workplace. After all, if employees are attempting to troubleshoot devices without the knowledge of their IT team, there is serious potential for enterprise harm.

Based on the influx of personal devices caused by the increased prevalence of Millennials in the workplace, it's safe to say that smartphones and tablets will be popular gifts this holiday season.  As 2012 kicks off with the possibility of more mobile platforms infiltrating the enterprise, what does IT need to know to securely prepare for this trend?

The ultra-mobile nature of many consumer devices makes it easier for users to misplace them, as opposed to more traditional enterprise technologies. This alone can pose a significant threat to the enterprise.

Think about all the media buzz that surrounded the iPhone 4 prototype in 2010. Now picture an Apple employee unintentionally leaving it in a San Francisco bar. In that situation, the result was only leaked details of the new phone's functionality. But what if an employee from a Fortune 500 company had a similar situation with a tablet containing information on an upcoming acquisition? That's just one example of an unfortunate scenario that could arise if the use of personal devices isn't properly policed by IT.

To mitigate against the threat of lost or misplaced devices, enterprise IT departments must ensure they are able to remotely access and wipe devices if they are lost or stolen. This can be done by instituting policies requiring users to install remote wiping software on their device before it can be used for business purposes. This way, should something happen to an employee's device, IT can efficiently delete all sensitive information before it gets into the wrong hands.

IT should also ensure its ability to tie personal devices accessing the corporate network to the individual user's identity and role. This enables IT reps to apply the same role-based privileges a user might have on his PC to his mobile device and also to differentiate access by employee or device type.

The mobile platform is evolving, becoming more and more prevalent in the enterprise. As such, policies should be regularly reviewed and help desk data analyzed to better understand the realities of employee device usage. Should this analysis yield new information about policy violations or previously unknown security risks, IT should adjust policies accordingly and ensure the changes are clearly communicated to the end user to avoid further risk.

While the bulk of supporting personal device usage in the enterprise certainly falls on IT, employees can also be asked to share some of the burden. Many organizations require employees to sign a formal document agreeing to individual conditions before they can access the corporate network from their device. These acceptable use agreements, or AUAs, can cover things like what happens if the device is misplaced or what the repercussions are for accessing non-sanctioned websites.

Most importantly, IT should be educators. By making internal resources and corporate policies easily accessible for employees, IT teams can help them better understand the consumerization trend, and what is and isn't expected of them as the use of personal devices evolves in the enterprise.

As with all things, there will inevitably be some pain points between IT and employees. However, the tips outlined above can help ease the stress of allowing personal devices into the enterprise, while also keeping the environment secure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.