Say Hello to the new ‘Consumerized IT’ Workplace Date:   Tuesday , April 05, 2011 The rapid proliferation of smart devices such as smart phones, PDAs and laptops is more than just a marketing and technological success story. These compact multi-functional devices have been responsible for changing the economic and social fabric globally by being an integral part of our daily environment. At the core of this phenomenon is the fact that these powerful devices can serve as a single point gateway to accessing information, making transactions, seeking products, downloading entertainment – anywhere and anytime. However the ubiquity of smart devices is also posing as a major challenge confronting organisations today. Having grown up in the age of iphones and iPads, today’s ‘Generation Y’ comprising of technologically savvy, mobile, job hopping professionals is increasingly insisting on using their own devices at their workplaces to ensure uninterrupted access to company information and faster turnaround and productivity to meet the imperatives of today’s competitive workplaces. But imagine a scenario when an employee uses three to four smart devices to juggle between various applications such as social networking sites, consumer applications for banking or travelling and business applications such as CRM, databases etc; using all these devices interchangeably for business and personal activities. This certainly implies opening a Pandora’s box of issues associated with unauthorised access and subsequent data thefts! This phenomenon that is redefining the functioning of workplaces is referred as ‘Consumerization of IT’ and is touted to be one of the most radical and irreversible transformations in Enterprise IT. Consumerization: To adopt or not to adopt According to a McAfee survey conducted in 2010 with global IT decision-makers, administrators, consultants, and security analysts, the key drivers of Consumerization of IT are increased employee productivity (58 percent) and greater flexibility and turnaround time (52 percent). However the security risks pertaining to this trend have made many organizations firmly oppose it by restricting the introduction of personal devices into the workplace and attempting to lock down data. This however could be deemed as an escapist approach. Very few companies realise that productivity benefits aside, the willingness to embrace ‘Consumerization of IT’ presents an opportunity for companies to save their capital expenses by leveraging their employees’ pre-existing investments in such powerful devices. The way to make this trend work in your favour is by understanding the needs of an organisation and building a suitable strategy that incorporates this new future of work. So how can organisations leverage the productivity and cost benefits of this trend without being affected by its security challenges? McAfee recommends the following strategies for organisations to lift their veil of uncertainty around this trend and leverage it as a productivity catalyst: * Deploy host and network anti-malware to reduce infections and protect company systems. Use a firewall and network intrusion prevention system (IPS) to control traffic to and from key assets. * Ensure VPNs for secure connections to corporate networks. * Enforce remote encryption and wiping of information and applications for company owned smart phones and other mobile devices to protect data in case the device is lost or stolen. It is however important to note that this approach is difficult to use with users’ personal mobile phones and computers. Organisations need to use network access control (NAC) to ensure that employee-owned devices have installed proper security tools and are compliant with IT standards prior to accessing the network. NAC can control guest devices and other unmanaged endpoints and ensure access to resources or infect your network. * By deploying virtual desktops, employees can access company applications and data on personal devices, but the application infrastructure and data remain on corporate servers behind the firewall. * Implement encryption for information at rest and in motion. If a remote device falls into the wrong hands or a transmission is intercepted, encrypted information is unusable. Keep in mind that while this strategy is practical for company-owned laptops and employee-owned smart phones, it’s difficult to enforce data encryption on employee-owned PCs and Macs. * Consider a relatively new development called “PC on a stick,” in which thumb drives (USB drives) or memory cards store a customized interface or launch pad, user-selected applications, and data. Users can carry this computer-on-a-stick to any public or shared machine, plug it in, and begin working with familiar tools and personalized settings. When the drive or card is removed, there is no trace of the user’s work left on the PC. * Deploy integrated endpoint security with a centralized management console to ease the effort required by security administrators and enable them to easily manage all endpoints in the system. * An integrated, centralized strategy is always more efficient and effective from a cost and performance standpoint than deploying a series of point solutions. Like most technologies, Consumerization of IT is a mixed blessing with some incredible advantages bundled with unforeseen risks. But with Information Technology having undergone a paradigm shift in the last decade, CIOs will need to objectively consider such path-breaking approaches to technologies to trigger greater productivity and innovation in organisations. The author is Director Sales, McAfee India