The growing use of personal devices, from computers to cell phones, to log into company networks is increasing IT security risks, according to a new study by Gartner, a computer research firm.
Gartner warns that as the boundary between personal and corporate computing becomes blurred, organizations should treat all network access as potentially hostile, and apply appropriate security technologies and policies.
“The traditional response from the IT department was to say ‘no,’ but that’s no longer an option,” said Robin Simpson, Gartner’s research director. “You can’t hold back the changes being driven by your user population by force, or they will simply conspire against you. But you can’t just relax control. You need to find a way to delineate between the business and personal computing worlds so they can work side-by-side and the boundary can be secured.”
In “Your Systems, Someone Else’s Device,” Simpson highlighted five key reasons that most employees don’t want to use corporate owned PCs:
- Executives and key knowledge workers often prefer their own PCs to the corporate standard;
- User requirements are not one-size-fits-all; Outsourcing and use of contract and temporary workers continues to grow;
- Mobile workers need personal data and connectivity while on the move – and nobody wants to carry two computers;
- Full- and part-time teleworking is increasing.
“New rules are needed to allow enterprise IT assets and functions to coexist with employees’ personal digital assets,” said Simpson, noting that by next year Gartner predicts 10% of companies will require employees to purchase their own notebook computers.
“Just as company-owned cars ceased to be an integral element of the employee’s package, so company-owned computing devices, especially notebook computers and mobile phones, need no longer form part of the overall benefits package,” he said. “Our research confirms that more companies around the world are increasingly considering employee-owned devices to be formal business tools.”
In a survey of medium-size business in six countries conducted last year, Gartner found that 42% had policies allowing personally owned PCs to connect to the corporate network, but that this figure was highest in the U.S. (51%) and U.K. (49%).
According to Gartner, businesses should prepare for employee-owned notebooks with a thorough review of security, compliance and application delivery architecture.
“By taking security precautions and investing in foundational security technologies now, enterprises can prepare themselves for increasing use of consumer devices, services and networks with their organization and manage these risks,” said Simpson. “The key is to assume all access to your corporate network is potentially hostile … so the only real solution is to increase core system and information security while relaxing user constraints and shifting responsibility to them.”