The growing use of personal devices, from computers to cell phones, to log into company networks is increasing IT security risks, according to a new study by the IT research firm Gartner.
The new study warns that as the boundary between personal and corporate computing becomes blurred, organizations should treat all network access as potentially hostile, and apply appropriate security technologies and policies.
“The traditional response from the IT department was to say ‘no,’ but that's no longer an option,” says Robin Simpson, Gartner's research director. “You can't hold back the changes being driven by your user population by force, or they will simply conspire against you. But you can't just relax control. You need to find a way to delineate between the business and personal computing worlds so they can work side-by-side and the boundary can be secured.”
In “Your Systems, Someone Else's Device,” Simpson highlighted five key reasons most employees don't want to use corporate owned PCs:
Knowledge workers often prefer their own PCs to the corporate standard;
User requirements are not one-size-fits-all;
Outsourcing and use of temporary workers continues to grow;
Mobile workers need personal data and connectivity while on the move — and nobody wants to carry two computers;
Full- and part-time teleworking is increasing.
“New rules are needed to allow enterprise IT assets and functions to coexist with employees' personal digital assets,” says Simpson, noting that by next year Gartner predicts 10% of companies will require employees to purchase their own notebook computers.
In a survey of medium-size business in six countries conducted last year, Gartner found that 42% had policies allowing personally owned PCs to connect to the corporate network, with the figure highest in the U.S. (51%) and U.K. (49%).
“By taking security precautions and investing in foundational security technologies now, enterprises can prepare themselves for increasing use of consumer devices, services and networks with their organization and manage these risks,” says Simpson. “The key is to assume all access to your … network is potentially hostile … the only real solution is to increase core system and information security while relaxing user constraints and shifting responsibility to them.”