Vitality trumps security, says panel at CISO Executive Summit
These were the topics under discussion at a panel session, Aligning the generations, held on March 8 during the CISO Executive Summit, a day-long conference that precedes this week's InfoSec World in Orlando, Fla.
Panelists included Linda Gravett, senior partner, Gravett and Associates; Kathy Kirk, director of information security, Prudential; Joyce Brocaglia, CEO, Alta Associates and founder of the Executive Women's Forum; and Tom Walsh, president, Tom Walsh Consulting.
The overall message that emerged from the discussion, which included a good deal of audience participation, was that a younger generation is entering the workforce with different sensibilities than those of the graying members of the audience. They can multitask and are used to working with social media and Web 2.0, which keeps them connected to a plethora of people and threads of activity.
Rather than fearing that they are surfing the web for their own entertainment, rather than focusing on their tasks, panel members posited that it's imperative that corporate honchos gain a better understanding of the needs and desires of these employees.
So, should the enterprise be flexible in its staid policies or allow these innovative processes and styles? The consensus leaned toward yes, with restrictions imposed owing to security concerns.
“Embrace technology, but use it in a responsible manner,” said Prudential's Kirk. She pointed out that these workers – baby boomers, Gen Xers, Gen Yers and Millennials – are asking why they can't use their iPhones on the corporate network.
“Technology makes life easier, but we need to keep the corporate network safe,” she said.
Emerging technologies are a concern for several reasons, other panelists said. For one, the risks are still not clearly understood by those charged with protecting the networks. Also, the security controls lag behind the fast pace with which technology is evolving.
But, should mobile technologies be unconditionally permitted? While some said outside devices should be forbidden and only company-issued mobile devices should be allowed, others on the panel, and participants from the audience, seemed to agree that there's no stopping its use in the workplace owing to the fact that the convenience factor so far outweighs security concerns. Further, restrictions may limit a company's ability to move forward.
And besides, said one audience member, it would demoralize those employees so used to being plugged into the grid from wanting to work for the company.