By Simon Arnell, Security Analytics Service Director
In many conversations we’re having with clients the topic of consumerization is discussed, to illustrate how quickly this area has evolved, let’s look back a few years. It wasn’t that long ago that the concept of the consumerization of IT was a theoretical topic, first being discussed by the Leading Edge Forum in 2004. Even then, the authors of that paper recognized the potential business benefits rather than the risks. The paper concluded:
“The ‘consumerization’ of information technology is a powerful trend that promises many significant long-term business consequences, including radically lower costs, greatly improved functionality and successive generations of users who are ever more technology-savvy.”
The consumerization of IT has come a long way since that first discussion, emerging as one of the most significant trends to affect IT in the past 10 years. It’s no longer a question of if enterprises will choose consumerization, it’s a question of how CIOs will manage and secure IT consumerization and Bring Your Own Device (BYOD) as part of their overall business strategy.
Some early lessons-learned about the consumerization of IT include:
- The impact of consumerization is unpredictable and varies across types of enterprise and sector.
- BYOD doesn’t always guarantee cost savings in terms of hardware purchases; employees may be reluctant to replace a broken device if they have to pay for it again.
- Public sector organizations may resist consumerization for fear of accusations of misuse of public funds and high sensitivity to security issues.
- No one can be sure that data on a ‘controlled’ consumer device is ever 100% safe.
- Consumerization is about more than hardware devices as personal cloud computing and social media dominate consumer behavior.
- As far as the enterprise is concerned, we are all consumers now.
A recent paper from HP titled “A Secure Approach to Consumerization” discusses taking a risk-based approach to IT consumerization, including 6 points to consider when assessing the ACTUAL risk of employees using consumer devices:
- Underlying email and data services -- can they be securely managed in a device-agnostic infrastructure?
- Can Web and cloud services support a device-agnostic approach?
- Can ownership of consumer devices serve as a corporate asset?
- Are users prepared to accept responsibility for ownership of personal device?
- Will users accept the installation of agents on the device that protects corporate data and email?
- How do you manage ‘rogue’ devices?
Another HP whitepaper titled “Protecting Data and enabling the mobile enterprise” provides a summary of current mobility drivers, trends, risks and concerns for large enterprises including a 5-step CIO guide to a creating mobile security plan.
What steps are you taking to realize the benefits of consumerization while maintaining a secure enterprise environment? I’d love to hear your approach, as well as what’s working for your enterprise and what’s not?
To learn more about the HP’s risk-based approach to the consumerization of IT, check out these resources:
- Protecting Data and enabling the mobile enterprise whitepaper
- Enterprise Mobile Security Webinar
- A secure approach to consumerization
- HP Enterprise Security
- Navy Marine Corps Intranet Case Study