In a recent post on TrendMicro blog, Cesare Garlati likens the IT consumerization trend to an iceberg. The visible evidence of personal devices being brought to work (i.e tablets and smartphones) is only 10 percent of the problem. The other 90 percent of the problem lies under the surface and represents the hidden problems of company data leaving the company and potential viruses coming into the environment. The lines between consumer devices and work devices have blurred significantly over the last ten years but as IT professionals we often have not kept up on the problem of security. That security extends to our infrastructure and our networks.
In the early days of computing, there were no personal computers except for maybe the do it yourself Heathkit. Once personal computers came into fashion, there was minimal networking available, so it was a stand-alone device that transferred data back and forth with disks. As networking became more mature, we worked our way through dial-up modems, LAN cables, and then finally wireless networks which are fast becoming ubiquitous. The differences between a consumer device and a work device are quickly disappearing. Is your organization ready for this new reality?
As mentioned above, devices have essentially become smaller and much more sophisticated over the last thirty to forty years, accelerating in the last ten years. Often, employees are asked to carry a device for work so that they can check on work status or to keep in contact with customers and vendors. Increasingly, these are handheld devices, often a smartphone. Where is the line between a company device and a personal device? Applications increasingly have web interfaces so why can’t a person use their personal smartphone to access customer data and then download the latest version of Angry Birds? In the future, as devices continue to become smaller, an astute IT worker won’t even be able to tell when a consumer device comes in the door.
Networks today are becoming ubiquitous and increasingly user friendly. With the advent of 4G networks and widespread wi-fi, many are connected 24/7, no matter where they go. In a recent article, a partnership between Google and Raven Industries is set to launch helium balloons equipped with network equipment to provide connectivity to rural areas in the US and particularly in developing countries. The combination of smaller consumer devices and ubiquitous Internet connectivity is destroying the old command and control mentality of IT departments. No longer do they have the luxury of denying access to a particular device or class of devices. The prudent IT group will work to mitigate any risks involved in unsecured devices and work to educate employees.
Some organizations are now giving a stipend to employees to purchase their own computer. This of course makes it harder to maintain patch images for every make and model under the sun but, if executed correctly, IT does have a say in the security components that are installed.
How does your organization handle consumer devices in the work place? Do you embrace them, tolerate them, or fear them? Let me know your thoughts.
Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.