RSA a security division of EMC released two new studies that show an increase in the use of consumer technologies within the enterprise. The reports show how consumer technology is having an increased impact in the enterprise and how IT strategies are being shaped due to the proliferation of devices such as iPad, iPhone and related mobile devices.
The first study is a survey conducted by IDG Research shows the deep impact of consumer grade technology in the enterprise while the second report from the RSA security for business innovative council shows how IT controls are falling apart due to user-driven IT demands which takes device implementation decisions out of the hands of IT executives.
“The trend toward leveraging non-corporate-controlled assets and using social media for accessing and distributing information is inevitable,” said Security for Business Innovation Council member David Kent, Vice President, Global Risk and Business Resources, Genzyme. “It would be a mistake for any company to put its head in the sand or to dig in its heels; because the tide will be working against you. It would be much better to recognize it and then create the parameters to make it work for you.”
The IDG report surveyed 400 security and IT decision makers and shows that the enterprise is adopting consumer devices due to increased involvement of the end user playing an increased role in the IT purchase decision. Here are some key statistics and findings from the report:
76% of security and IT leaders believe user influence on device and application purchase decisions within the enterprise is on the rise.
While the majority of decisions about older technologies such as desktops and laptops are still made by IT, this dynamic shifts when it comes to newer consumer technologies:
More than 60% of respondents report that users have some input regarding the types of smartphones purchased, with 20 percent reporting that they let users decide.
52% of organizations allow users to provide input on or make decisions about netbooks while 50 percent involve users in tablet decisions.
Even when it comes to desktops and laptops, users have input into purchasing decisions at 35 percent and 47 percent of companies,
Just over one-quarter of the respondents report their companies currently allow employees to use their own personal computers or mobile devices for work purposes.
Though most companies have policies aimed at preventing or limiting the connection of personal devices to the corporate network, nearly 60% of respondents said that unauthorized connections to the corporate network still occur and 23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.
More than 80% of companies now allow some form of access to social networking sites. Of those companies, 62 percent are already using it as a vehicle for external communication with customers and
The trend to enable users more access to consumer technologies is viewed in a positive light by most respondents. As many as 63 percent believe that using devices such as netbooks, tablets, smart phones and social media would increase productivity.
Many companies are not fully prepared to confront this trend from a security standpoint. Just 11 percent feel very confident that they have the right level of security in place to accommodate increased access to consumer devices and applications.
Only 22% of companies surveyed thoroughly calculate the risks associated with consumer technologies and applications before users begin using them for business purposes, 38 percent assess the risks in some cases, but have gaps in their strategies and up to 40% of those surveyed don’t calculate the risks at all.
The research further demonstrates how companies are underprepared to manage the risks associated with the new reality of end user increasingly adopting and introducing consumer technology in the enterprise.
In addition, RSA’s Security for Business Innovation Council released its sixth annual report entitled, The Rise of User-driven IT: Re-calibrating Information Security for Choice Computing. This study brings together accomplished global security leaders who explore how the adoption of consumer technologies such as smartphones, table pcs and the use of social media is transforming IT.
“Like it or not, personal and professional computing have collided and the fall out is being felt in enterprises worldwide,” said Tom Heiser, Chief Operating Officer, RSA, The Security Division of EMC. “User-driven IT has the potential to deliver huge benefits to users and their organizations. The companies that figure out how to unleash user know-how and consumer technologies while managing the risks will win this high stakes game. This is the moment for information security teams to step up and be the most valuable players.”
Here is some specific guidance from the report to help create strategies that can transform consumer technology from a liability to a benefit in the IT enterprise infrastructure:
1.) Shift Minds to the Times: As users increasingly make decisions about how technology is used in the enterprise, security teams must shift their attitudes from command and control to oversight and business enablement. The Council introduces a new way for security professionals to think about their roles and what’s actually important to protect.
2.) Reframe Users as Assets: The average person has become a sophisticated technology user. Instead of treating user education as one-way communication, security needs to re-invent it as a two-way conversation. The Council outlines how security teams can begin leveraging user populations as powerful tech-savvy armies that can be activated for business advantage.
3.) Support Calculated Risk-Taking: User-driven IT introduces a whole new set of risks that are compounded by escalating compliance and legal obligations and an evolving threat landscape. To help keep the risks to an acceptable level, security professionals must know and understand the risks and be acutely attuned to their organizations’ risk appetites. Council members share guidance on how to approach issues of ownership and representation, e-discovery, the growth of mobile malware and phishing dangers on social networking sites.
4.) Get in Front of Technology Trends: To gauge the risks and rewards of user-driven IT, the security team will have to get up to speed on consumer devices and applications as well as the technologies that enable enterprise deployments. Council members share advice for keeping pace with future-critical technologies including virtualization, thin computing, cloud computing and advanced authentication and security technologies.
5.) Own the Future: In the rapidly changing world of consumer technology, the ability to anticipate changes before they happen will be more important than ever. The Council provides advice on how to set up cross-functional teams, establish flexible budgets with built-in contingency funds and use pilot projects to limit exposure and gain enterprise experience.
6.) Collaborate with Vendors: Council members explore the key role vendors can play in enabling user-driven IT and provide guidance on how to best partner with them to understand what’s on the horizon and shape future enterprise offerings.