This week, remote access application developer LogMeIn announced a new, cloud-based service enabling organisations to manage secure access to enterprise data and systems via employee personal devices. It’s not a new development, but it does highlight a key shift towards the consumerisation of IT in the workplace, as employees increasingly expect to be able to connect to company networks using their own devices.
While many businesses see the benefits of consumerisation, such as cost-effectiveness and reliability, the rapid adoption of personal devices brings many challenges, particularly for CIOs as they look to implement IT strategies to prevent data loss and secure corporate network boundaries. First generation devices like the Blackberry had their roots firmly in the enterprise market; as Blackberry’s star wanes, the gap is being filled by devices designed without any real consideration for enterprise-level security and the regulatory and compliance environments in which all businesses must operate. Market researcher recently reported that security was the biggest barrier to letting workers use their own devices at work, with 83 per cent of administrators saying security concerns were holding them back. It’s not scare-mongering either: Other recent research indicates that one in five employees is putting their company’s network at risk by using non-standard smartphones in breach of their organisation’s security policy.
So what can businesses do to manage IT security more effectively with this increasing challenge?
One of the key issues around consumerisation is the ‘blurring of boundaries’ as staff approach work security in the same way they would approach home security. Adopting a home-style attitude towards workplace security could have serious detrimental effects, not least because the majority of consumer users still haven’t installed antivirus protection onto their devices.
With consumerisation set to stay, businesses need to start viewing personal devices as an extension of the company network and adapt IT security policies accordingly. Education and on-going explanation of web and email policies advising staff of the risks and encouraging them to adapt their behaviour are just two elements of an overall, unified policy that should also include the development of device-agnostic procedures governing all business data, regardless of its origin or destination. For this to happen, all data entering or leaving the network should do so over a secure corporate connection, rather than directly over the internet.
by ClearSwift
No comments:
Post a Comment