IT Managers Must Embrace Their Consumer Shadow
Consumerisation has piled the pressure on IT departments to provide enterprise-level security for mobile devices, says Sophie Curtis
As workforces around the world turn their attention from the PC to the smartphone as the primary tool for office productivity, IT departments are coming under increasing pressure to provide enterprise-level security that will protect the company’s confidential data while enabling employees to work remotely.
This job is becoming particularly difficult as employees become ever-more tech-savvy, seeking out software and applications on the web that fulfil their needs, albeit with a lower level of security than the organisation would necessarily approve of. IT managers and CIOs need to find the right balance between giving employees room to innovate and protecting the interests of the company.
Bringing devices under corporate control
Historically, BlackBerrys have always been considered the de-facto smartphone for enterprise use. This is largely due to of Research In Motion’s BlackBerry Enterprise Server, which enables enterprise-grade mobile device management, centralised security, configuration and application controls, as well as secure collaboration and synchronisation between accounts.
While companies such as Apple and Google have attempted to deliver similar enterprise functionality for their iPhone and Android devices, BlackBerry Enterprise Server still rules.
BlackBerry smartphones, on the other hand, are falling out of fashion. As iPhones and Android devices have gained popularity in the consumer market, enterprise users have started to ask why they must be restricted to clunky BlackBerry devices, when powerful new devices from other manufacturers are just as capable of carrying out the same tasks.
A recent report by Forrester Research revealed that most IT managers are unable to keep up with the demand for different smartphone platforms in the enterprise because they are failing to recognise two emerging segments of employees: mobile “wannabes” – who are often at their desks and therefore not counted as mobile workers – and mobile “mavericks” – who buy their own smartphones and download their own applications to do their jobs on the go.
These two groups are forming a layer of ‘shadow IT’ within enterprises, whereby employees bypass the IT department and company policies in order to get the technology and applications they need. No matter how hard organisations try to keep a grasp on how employees use their mobile devices, innovation in the consumer market is moving too fast for them to keep up.
Taming the mobile maverics
Mobile maverics are a particular concern for IT managers, as accessing corporate systems from unsecured devices can be a risk to networks and security. In a Fortinet poll of IT managers released on 27 June, 74 percent of UK-based respondents said they were worried about the growth of user-led devices in their business, and 84 percent said their companies’ security strategies needed to be more comprehensive, to cover the broad spread of devices being used by employees.
Banning these devices from the workplace is not an option. The trend known as the ‘consumerisation of IT’, by which new devices emerge first in the consumer market and then spread into the enterprise, has advanced too far to be ignored. Particularly with Apple’s iPad spawning a whole new generation of tablet devices, giving employees freedom to complete complex tasks remotely, organisations that reject these new solutions will fall behind the competition.
Instead, IT departments need to find a way to enable workers to stretch the limits of corporate security, before bringing them back inside the enterprise and finding solutions that adhere to company security policies.
“I am yet to talk to a CIO whose users are happy with the services the CIO provides,” said Sukhi Gill, chief technologist for EMEA and fellow of enterprise services at HP, speaking at a Vodafone Global Enterprise panel discussion on devices in the workplace. “So what’s happened is that those employees that need IT have stopped coming to the IT department and actually just go and do what they need to do.
“I think you have to allow it to happen but then try to rein it in. So it’s not chaos but it’s structured chaos,” he said. “I do think there’s going to be this blurring of collaboration happening on the edge, outside the firewall, until you need content, and then you need to bring that back inside the enterprise and only allow people to access it through username, password, controlled user group and so on. But if you stop this and say the only way forward is in the enterprise, I think shadow IT will take over.”
Embracing new technologies
The biggest mistake any IT manager can make is to be afraid of new technology. Devices and applications open up a myriad of opportunities for any business, and those that shy away will lose out, and actually end up being less secure, because employees will find ways to use this technology in spite of the organisation’s policies.
Keeping a broad mind, finding out what employees want and need from their devices, and then enveloping these technologies within the corporate security policy will enable organisations to stay ahead, and prevent their workforces from straying.