The consumerisation of IT is driven by employees who buy their own devices, use their own personal online service accounts, install their own applications and then connect to the corporate network, often without the organisation’s knowledge or approval. Is this new wave of autonomy a friend or foe to the IT department?
The potential perils of personal connectivity in the workplace can be a difficult issue for companies to address. Known now as the consumerisation of IT, this term not only refers to the use of personal consumer electronics at work – such as iPhones and tablet PCs – but also online services, including online data storage, Web-based email services and social media or social networking sites like Facebook and Twitter.
The widespread use of personal devices and connection to personal and social accounts shows no signs of slowing down. This makes the separation of personal and professional technology use ever more difficult. With this in mind, employers need to be aware of how this can affect IT security.
As expected, the growing accessibility to devices and connectivity is driving the consumerisation of IT trends. Gone are the days when having a mobile phone indicated that the owner was on the cutting-edge of technology. Now, it is a bigger surprise to find an employee at any level within a company that doesn’t own one – or more commonly, multiple – smart devices.
This kind of ubiquitous access to technology develops personal preferences and technological autonomy in employees. “People are bringing their own devices to work because they like the user experience,” explains Kenan Abou Lteif, Sales Director, Citrix Middle East and Africa. “They are downloading their own apps, using their own mobile network, and essentially, creating their own IT experience. Consumerisation is in turn transforming the way people think about computing, as workers demand the ability to work from locations that best enable them to get their jobs done.”
A tech savvy workforce is certainly a desirable thing, and there are many benefits to employees with intimate knowledge of their devices and online access. Farukh Ali, Regional Technology Manager, Global Technology, Asia, Middle East and Africa, IHG, gives some perspective from an IT Manager’s point of view. “Giving freedom to employees has the potential to increase their productivity. By allowing them to utilise their preferred devices and not restricting their access, employees can focus on their work rather than waste time finding ways to connect and check their email or Facebook.”
With such freedom comes responsibility and risk. Companies – even those who want to grant autonomy of device and connection to their employees – must mitigate the potential risks the blending of personal devices and professional use presents. Maged Eid, Regional Director, Nexthink, believes that the real challenge lies with enforcing the pre-existing IT security policies across the varying and widespread consumerisation of the IT landscape.
Eid believes that in order to do this, “Enterprises need to implement innovative IT analytics solutions that gather and analyse data in real-time from the end-user perspective. IT analytics can quickly and easily show the end-user the processes running on a device, and correlate this data with data on the network services, resources and other factors, to provide the most complete IT security analysis available.”
Another approach to risk mitigation in a time where BYOD policies are rapidly becoming the norm, involves meeting the employee where they already are – the app store. Lteif explains, “While installing applications directly on non-corporate devices can increase risk, a BYOD programme based on enterprise mobility management, Windows app and desktop virtualisation and secure file sharing manages and reduces risk. This way, all business information remains secure within the data centre, residing on the endpoint only when necessary. In cases where data does need to reside on the endpoint, it can be protected through isolation, encryption and remote wipe mechanisms.”
Ali believes that informing users is key. “Education is important in ensuring security. The modern IT landscape is wrought with malware, security risks and bad actors. Ensuring that employees have up-to-date and comprehensive information about security risks can help arm them against potential security problems.”
Companies must also beware of the risks posed by IT security overkill. BYOD policies and the consumerisation of IT may feel like clear blue skies to most employees, but to the IT department tasked with mitigating the security risks, these policies can feel like a raging tempest.
“The natural instinct of the IT department is to favour security and, as a result, try to limit peoples’ choice of devices or constrain the endpoint environment, even if it means sacrificing the benefits of greater productivity and flexibility,” says Lteif. “But simply barring the door to consumer device usage and BYOD is neither realistic nor desirable. It is inevitable that IT will face increasing pressure to provide access to any kind of app, anywhere, on any type of device.”
However, it would be a misstep to place the responsibility of meeting the challenges IT consumerisation solely on the IT department. Eid reminds us, “Embracing the consumerisation of IT is a collaborative effort between end-users, IT teams, and management. Once a policy is created, managing security depends on an enterprise’s ability to educate end-users, implement effective device management and support, and enforce the consumerisation of IT policies.”
As technology continues to evolve and blur the lines between our personal and professional lives, a need has risen for a more holistic approach to IT policy. The consumerisation of IT presents challenges as unique and varied as the employees themselves, and so too are the solutions. Companies willing and able to embrace this new wave are sure to reap the benefits of a happier, more productive workforce.