User-Driven IT Taking Hold In The Enterprise

RSA, the Security Division of EMC Corporation released two new research initiatives that reveal a surge in the use of consumer technologies within the enterprise and examine the rising impact today’s engaged, technology-savvy end users are having on IT strategies worldwide.

The first research initiative – a survey conducted by IDG Research Services – reveals the rapid use and adoption of consumer technologies like the iPhone and iPad within the enterprise and the pivotal role users are playing in driving this trend. The second research initiative, from RSA’s Security for Business Innovation Council, examines this phenomenon more deeply –exploring why traditional models where IT controls the use of all enterprise technology are quickly crumbling. This report offers concrete recommendations for how security leaders can get out in front of user-driven IT and manage risks to create new business value.

“The trend toward leveraging non-corporate-controlled assets and using social media for accessing and distributing information is inevitable,” said David Kent, Vice President, Global Risk and Business Resources, Genzyme. “It would be a mistake for any company to put its head in the sand or to dig its heels; because the tide will be working against you. It would be much better to recognise it and then create the parameters to make it work for you.”

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

IDG Study Shows Enterprises Embracing Consumer Technologies, Neglecting Risks

Commissioned by RSA, a June 2010 IDG Research Services survey of nearly 400 security and IT decision makers reveals a sharp rise in the enterprise adoption of consumer technologies and uncovers the growing role end- users are playing in accelerating this trend. The research also underscores how unprepared many organisations are to manage the risks associated with this new reality. Key findings include:

• - 76 percent of security and IT leaders believe user influence on device and application purchase decisions within the enterprise is on the rise.

• - While the majority of decisions about older technologies such as desktops and laptops are still made by IT, this dynamic shifts when it comes to newer consumer technologies:

  1. More than 60 percent of respondents report that users have some input regarding the types of smartphones purchased, with 20 percent reporting that they let users decide.

  2. 52 percent of organisations allow some users to provide input on or make decisions about netbooks while 50 percent involve users in some tablet decisions.

  3. Even when it comes to desktops and laptops, users have input into purchasing decisions at 35 percent and 47 percent of companies, respectively.

  4. Just over one-quarter of the respondents report their companies currently allow users to use their own computers or mobile devices as their work machine.

  STORY CONTINUES BELOW THIS AD

• - Though most companies have policies aimed at preventing or limiting the connection of personal devices to the corporate network, nearly 60 percent of respondents said that unauthorised connections to the corporate network still occur and 23 percent of the largest organisations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.

• - More than 80 percent of companies now allow some form of access to social networking sites. Of those companies, 62 percent are already using it as a vehicle for external communication with customers and partners.

• - The trend to enable users more access to consumer technologies is viewed in a positive light by most respondents. As many as 63 percent believe that using devices such as netbooks, tablets, smartphones; and social media – would increase productivity.

• - However, many companies are not fully prepared to confront this trend from a security standpoint. Just 11 percent feel very confident that they have the right level of security in place to accommodate increased access to consumer devices and applications.

• - Only 22 percent of companies thoroughly calculate the risks associated with consumer technologies and applications before users begin using them for business purposes; 38 percent assess the risks in some cases, but have gaps in their strategies. Up to 40 percent of those surveyed don’t calculate the risks at all.

New Council Report Shows User-Driven IT Reshaping Information Security

RSA also released the results of its sixth Security for Business Innovation Council report, “The Rise of User-driven IT: Re-calibrating Information Security for Choice Computing.” In this report, accomplished security leaders from around the world explore how the rapid adoption of consumer technologies such as smartphones, tablet PCs and social media is transforming IT. The report highlights a significant shift in how technology is being adopted for enterprise use – in that it’s no longer just the IT department dictating which devices and technologies will be used; employees are taking the reins. The report further highlights that users will not only continue to influence IT and make technology decisions, but that many enterprise computing assets will actually be user-owned. While the shift to user-driven IT is inevitable, it doesn’t have to be a threat to the enterprise – instead it can be an opportunity to bolster the company’s own value.

“Like it or not, personal and professional computing have collided and the fall out is being felt in enterprises worldwide,” said Kartik Shahani, Regional Leader, India & SAARC, RSA, The Security Division of EMC. “User-driven IT has the potential to deliver huge benefits to users and their organisations. The companies that figure out how to unleash user know-how and consumer technologies while managing the risks will win this high stakes game. This is the moment for information security teams to step up and be the most valuable players.”

Based on the collective insights of the Security for Business Innovation Council, which includes some of the world’s top security officers, the report provides a roadmap to prepare information security teams to securely give their users more flexibility in computing. Specific guidance includes:

• Shift Minds to the Times: As users increasingly make decisions about how technology is used in the enterprise, security teams must shift their attitudes from control to oversight and business enablement. The Council introduces a new way for security professionals to think about their roles and what’s actually important to protect.
• Reframe Users as Assets: The average person has become a sophisticated technology user. Instead of treating user education as one-way communication, security needs to re-invent it as a two-way conversation. The Council outlines how security teams can begin leveraging user populations as powerful tech-savvy armies that can be activated for business advantage.
• Support Calculated Risk-Taking: User-driven IT introduces a whole new set of risks that are
  compounded by escalating compliance and legal obligations and an evolving threat landscape. To help keep the risks to an acceptable level, security professionals must know and understand the risks and be acutely attuned to their organisations’ risk appetites.Council members share guidance on how to approach issues of ownership and representation,e-discovery, the growth of mobile malware and phishing dangers on social networking sites.
• Get in Front of Technology Trends: To gauge the risks and rewards of user-driven IT, the security team will have to get up to speed on consumer devices and applications as well as the technologies that enable enterprise deployments. Council members share advice for keeping pace with future-critical technologies including virtualisation, thin computing, cloud computing and advanced authentication and security technologies.
• Own the Future: In the rapidly changing world of consumer technology, the ability to anticipate changes before they happen will be more important than ever. The Council provides advice on how to set up cross-functional teams, establish flexible budgets with built-in contingency funds and use pilot projects to limit exposure and gain enterprise experience.
• Collaborate with Vendors: Council members explore the key role vendors can play in enabling user-driven IT and provide guidance on how to best partner with them to understand what’s on the horizon and shape future enterprise offerings.