Feeds

Want to bring your own PC?

No need to get personal

  • alert
  • submit to reddit

SANS - Survey on application security programs

Workshop There’s a problem brewing in the workplace - employees want to bring to work aspects of technology that they use in their personal life, be it their mobile phones, laptops or even just specific applications.

If businesses haven’t come up against this consumerisation already, the chances are that they will, sooner rather than later - and that in all probability it is happening already behind their backs.

Recent research around desktop equipment shows just how this is starting to pan out. While there is nothing that IT would prefer more than a locked down world that is easier to manage, personally owned technology is either being brought in to the business by employees already, or there is an expectation that it will be in the future, for large and small companies alike (see chart below).


To be fair, the consumerisation of IT is a problem that has been around for a while. But every time something newer and shinier comes along – the iPad or the Galaxy Tab, for example – the debate is resurrected yet again, and usually more vigorously than the last time. So how should businesses approach this thorny area?

From a user’s perspective, making use of advanced technology in the form of smartphones, PCs, slate devices, and so on, is an integral part of everyday life. Of more importance is that the relationship between users, their devices and services can be incredibly close. It is perhaps unsurprising, that they want to use this kit in the workplace, as it is often more valued in design terms and performance compared to standard office issue equipment, users are familiar with it, and arguably, because of this, it allows them to be much more efficient. And if they are willing to spend their own money in the process, the capex budget might be cut some slack, providing any company kit already purchased for them is properly redeployed in the business.

But that’s only one side of the story. From a business perspective, allowing carte blanche on what equipment is brought into the business is a bit like leaving the front door to the office wide open, and not even bothering with the burglar alarm when no-one is there. Without adequate preparation and precautions being put in place, it just isn’t a very clever thing to do, and for a number of very good reasons.

Support and repair of such devices can become a major area of concern – in particular defining what can and cannot be supported, and where the boundaries of responsibility lie when things go wrong. Liability is another thread – who is liable when a corporate application causes problems with the user’s own software, or more worryingly, when user acquired software is used illegally in a work situation?

Then there is the issue of security, with users connecting into company resources with who-knows-what security in place. The likelihood of malware getting in rises considerably when inadequately protected systems are employed. Giving users free rein implies that they are all sufficiently competent to manage IT risks and security. However, our research shows this is far from the case.

Attempting to stop the influx of any devices and access to ‘community’ applications will, in all probability, fail miserably. So, like it or not, compromise is needed. But how should businesses go about deciding what’s in and what’s out?

The list of equipment, applications and services will depend on the needs of the business, but also has to take into account what makes users tick from a technology standpoint. What this boils down to is understanding rather than assuming what users need and want, and looking at if and how these needs and wants should be incorporated into the business.

So, if a handful of users want to use an iPhone for work purposes, what are the risks, benefits, cost of support and so on. If the argument doesn’t stack up in favour, are there close alternatives that might be offered. Or if there are more than a few users in the iPhone camp, does it make sense to add it to the company list and support it accordingly. Similarly, with social media and collaborative applications such as Facebook – what is the relative importance to the company, and what business-focussed alternatives can be offered?

This is a move away from how things have been done traditionally, but it isn’t about giving users the freedom to dictate what IT should be in place. Rather, it is about making sure that they aren’t ‘putting their own IT in place’ without company sanction.

Many businesses are already being more proactive in their acknowledgement of users’ needs and wants, either through routes such as user committees and management/IT lobbying, or more indirectly, through general feedback and satisfaction monitoring, as our recent research into desktop computing mentioned earlier (see chart below).


Elements of this will probably be a pretty big irritant to IT, particularly those who believe that if you let users have control over things they will break them – always have and always will. Possibly, but then that’s not so different from what happens now? And if it is their own ‘thing’ then maybe they will be a bit more careful.

Combat fraud and increase customer satisfaction

More from The Register

next story
Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
LightwaveRF and Arduino: Bright ideas for dim DIYers
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Apple patent LOCKS drivers out of their OWN PHONES
I'm sorry Dave, I'm afraid I can't let you text that
Microsoft signs Motorola to Android patent pact – no, not THAT Motorola
The part that Google never got will play ball with Redmond
Slip your finger in this ring and unlock your backdoor, phone, etc
Take a look at this new NFC jewellery – why, what were you thinking of?
Happy 25th birthday, Game Boy!
Monochrome handset ushered in modern mobile gaming era
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.