Generation X Needs Security Support

So-called millennials don’t like rigid security, but IT professionals will have to get tough with the rising tide of consumer IT used in the workplace, says Larry Walsh

Apparently it’s true: Overly rigid security requirements and strict policy enforcement do turn off younger people in the workplace.

In a newly minted report by Cisco Systems and IDC, three out of four surveyed security managers say strict IT security policies and restrictions on the use of social networking sites have a “moderate to significant” impact on their company’s ability to hire and retain skilled workers under 30 years old (currently referred to as “millennials”).

The risks of social networks

Conversely, one-half of the 500 security pros surveyed said social networks are among their top three biggest security risks, a fear that has been often cited in the slow progress of social networks in organisations. Further, about the same ratio said that they would allow employee-owned, consumer-class devices (eg the Apple iPad) on their network despite one in three revealing that they’ve had a security breach resulting from a compromise of a user’s personal device.

Let’s face it – consumerisation of the enterprise (or any business for that matter) is a real trend. Business owners and security managers are faced with the challenge of protecting sensitive data while giving their users the ability to work with applications and devices they want. Gartner has said that 20 percent of businesses will not own any IT equipment by 2012; it’s a fanciful notion, but plausible if you include a steady increase in BYOC (bring your own computer).

Consumerisation doesn’t necessarily mean deferring security to end users. It’s been shown time and again that the average end user does not take appropriate steps to safeguard his or her data or devices. A 2009 Symantec survey found that as many as one-third of small business PCs lack either up-to-date antivirus files or antivirus applications. Imagine what the number is for ordinary end users with unmanaged machines. The risk exposure is amplified by the increasing use of smartphones (iPhones, Android, etc.) as users’ primary Internet access point. Consequently, smartphones and other mobile devices are increasing targets for hackers.

User devices need support

The Cisco/IDC survey found that only seven percent of surveyed businesses are supporting user devices. Frankly, that’s too low. Security remains the incumbency of the business. Extending security to end-user devices – corporate or personally owned – is an investment in the protection of all data.

Security vendors and solution providers would be wise to consider these trends and develop offerings to extend security to user devices. Providing antivirus, endpoint security apps and technical support to end users for their personal equipment would be a minor expense compared with the cost of recovering from a side-door security breach.