Opinion: The risks of consumer technologies at work

Employees are becoming more confident in asking their managers to provide them with consumer technologies at work – or bringing in their own. Greg Singh of RSA weighs up the risks the technology brings

Employees are becoming more confident in asking their managers to provide them with consumer technologies at work – or bringing in their own. Greg Singh of RSA weighs up the risks the technology brings

Consumerism is definitely asserting itself in the business IT market. Two recent surveys demonstrate that business staff are becoming more confident in asking their managers to provide them with consumer technologies at work – or bringing in their own.

And both surveys reveal bosses are going along with the concept called, in IT jargon, ‘choice computing’.

In June, IDG Research reported on a survey commissioned by my employer which sought out the opinions of 400 security and IT decision makers. Our business also conducted some security research on behalf of the global Business Innovation Council.

The results of both surveys confirm the rise in consumerism within business organisations.

However, there is an issue – while enterprises are adopting consumer technology, many are neglecting the risks of doing so.

Users choose

Key findings from the IDG survey show users are playing an increasingly important role in selecting the technology their employers provide. Three quarters of the security and IT leaders who completed the survey believe user influence on both device and application purchase decisions is on the rise.

Conversely, the majority of decisions about older technologies – such as desktops and laptops – are generally still made buy the IT experts. In fact, the survey reports that one in five security and IT leaders even let users actually entirely decide on the technology. A further 60 per cent say users have “some” input.

Netbooks and tablets are high on the list of technology users provide input into while slightly more than a quarter of those surveyed report their companies currently allow staff to use their own PCs or mobile devices for work purposes.

However, problems do arise when it comes to security. Though most companies have policies that prevent or limit the connection of personal devices to the corporate network, six out of 10 of those surveyed say unauthorized connections still occur.

Worse, nearly a quarter of the largest organisations surveyed have experienced a serious breach or incident via a personal device.

Of course, there is another gateway to a company’s vital information that is even more commonly used – social networking sites.

In fact, more than 80 per cent of companies now allow some form of access to these sites and 62 per cent are already using them as a vehicle for external communications. Because of the personal content they contain, these types of sites are like manna from heaven for cyber criminals.

Positive light

Most respondents view access to consumer technologies in a positive light with more than 60 per cent believing productivity is improved by devices such as netbooks, tablets, smart phones and social media.

The big issue is security – only one in 10 of those surveyed feel ‘very confident’ they have the right level of security to accommodate increased access to consumer devices and applications.

In fact, only 22 per cent thoroughly calculate the risks associated with the technologies before staff begin using them for business. Up to 40 per cent don’t even gauge the risks!

RSA’s Security report for the Business Innovation Council was designed to investigate why traditional IT control models are quickly crumbling. It confirms employees are taking the reins when it comes to dictating which devices and technologies will be used.

The survey interviewed accomplished security leaders from around the world who also agree that in future, many business IT assets – both hardware and software – will be user-owned.

However, while the shift is inevitable, it doesn’t have to be a threat to the business. Instead it can be an opportunity to bolsters the company’s value. But to reap the rewards, organisations need to manage the risks.