One of the underlying themes of the past year or so in security is the tension caused by the increasing use of personal devices in the workplace. Processor discusses several related issues. The flip side of the coin is the fact that centralizing on one or a limited number of devices cuts costs and greatly enhances the effectiveness of management tools and procedures.
It makes sense to keep personal devices out of the workplace. In the real world, however, things that make sense often go undone. Telling employees not to bring their devices from home won't work. And, in the case of some organizations, particularly SMBs, it isn't even something the company truly wants to do. The many problems of letting folks use their own devices are outweighed by the fact that it is a cheaper path to mobility.
The exploding power and utility of devices is the great mobile story of the past couple of years, capped, at least in the public's mind, by the iPhone. This O'Reilly post discusses the development of a corporate iPhone application by a team at British Airways. The effort was ad hoc in nature; such projects can be conducted and the applications implemented without security staffers knowing.
Smartphones are but one element -- albeit a big one -- of the story of how to keep a company secure as the workforce grows more sophisticated. There are many questions, issues and challenges raised by "prosumers," the name given to consumers in the workplace. A majority of employees consider high levels of collaboration and mobility as central to the way they live -- and now, work. They are more likely to bring a greater variety of devices into the workplace and to share data more freely. On one level, these devices host applications that can be dangerous. Even more basically, they offer huge storage capacities and easily can access corporate data through USB ports and other hidden procedures.
The generational differences in the workplace may have a far more systemic impact than the fact that younger folks tend to bring their gadgetry from home. The Industry Standard goes into great depth about these differences. The writer says that there are three basic generations at work: Baby Boomers, born between 1946 and 1965; Gen X folks, born between 1965 and 1980; and Gen Y (also known as Millenials), born after 1980. The writer provides some behaviors of each group and suggests that each is prone to their own risky security behavior. The theme of the piece is that adequate security in part depends on engaging these groups, understanding how they are likely to endanger the enterprise, and creating safeguards to respond to that behavior.
The complexity of the new environment is a major challenge for organizations. Indeed, this promotional piece from Gartner describes the basics of an approach the firm is pushing called Managed Diversity. In short, it is impossible to settle on one or very few devices. In many cases, employees will use their own devices. Managed diversity, the firm says, is a framework that enables the balancing of management, security and cost control within the context of this far less structured environment.