End users are influencing IT and security decisions in the workplace more than ever before, according to two reports released by RSA, the security division of EMC Corp. According to the study released by RSA and the Security for Business Innovation Council (SBIC), nearly 76% of the 400 security executives polled see a rise in users' influence on device and application purchasing decisions.
The two reports, on the consumerization of IT, provide recommendations to enterprises on how to deal with consumer devices and Web-based services are introduced to the workplace. Avivah Litan, vice president and distinguished analyst of Gartner Inc., said the consumerization of IT is certainly on the rise. "Especially with the digital natives, people that grew up with technology, are now going into the workplace and insist on using their own devices, but also want access to Facebook and Twitter."
But the trend holds new risks for enterprises. With employees campaigning for use of their personal devices and social networking sites during the workday, information security teams are finding themselves with a choice to make, most of them leaning toward the same one: give the users what they want.
"The use of consumer devices open up security issues because, basically, uncontrolled endpoints can inject viruses and threats on corporation networks," Litan said. "Enterprises can't just let any device in."
The IT departments used to control 100% of the company's infrastructure, but now with user-driven IT, it's beginning to change. The line is now blurred between the use of IT devices at home and in the workplace.
The survey, conducted by IDG Research Services, found that more users are running their own computers at the office. In addition, 80% of companies surveyed allow social networking. According to the study, the RSA Fraud Action Research Lab found that using a personal computer at work causes a threat to security and puts the company at a greater risk for Trojan infections and data leakage.
This doesn't stop employees from wanting access to these devices on the job though. Over 60% of security executives say that users have a say on the type of smartphones they use, and 20% said they let users decide altogether. These devices make it easier to get things done, but they can also provide distractions. If employees can use personal cell phones and computers, then how can a company make sure they're actually working?
Brian Fitzgerald, vice president of marketing for RSA said it's all a matter of trust. "Hire good people," he said. "Trust they'll use the products appropriately and effectively."
Enterprises surveyed for the report said they didn't know how to deal with the rising use of social networking and other web-based technologies from a security perspective. Just 11% were very confident that they have the right level of security in place to accommodate increased access to consumer devices and applications. So what's the best advice for dealing with this new user-driven IT era? Fitzgerald said to enlist the energy that employees have for the use of consumer devices, and don't try to fight it.
"Companies should understand what users are trying to do and take those ideas and IT and turn it into something positive for the company," Fitzgerald said.