The landscape for IT departments in 2011 is changing dramatically. A significant change - and challenge - will be what has become known as the 'consumerisation' of IT. That is, how to manage and secure a smartphone-enabled, social media savvy workforce without resorting to 'big brother' tactics?
The lines between work and home are continuing to blur. Increasingly, employees are not only bringing their own mobile devices into the office, they are using them for work and storing company data on them.
Should an employee be allowed to synch their company email account with a personal smartphone? Who is responsible if an employee-owned device that contains corporate data is stolen? This consumerisation trend is causing a definite security headache for businesses.
There are some clear challenges here for IT, not to mention HR and the rest of the organisation. We see countless stories in the media that highlight just how serious it is when important data is lost on a laptop, and this risk is only increased as employees become more mobile. Alongside the risk of some serious reputation damage, the ICO now has the power to fine organisations for irresponsible loss of data, so there is a financial risk as well.
Know what you've got
How can IT begin to combat these issues? The first step is to establish what devices are being used to access the network, and their physical location. It might seem obvious, but research carried out by Vanson Bourne on behalf of Absolute Software at the end of 2010 discovered that 65% of IT managers still don't know where all their IT estate is at any one time - so it's fair to say there's a problem here. Without this information, tracking devices, assessing risks and reacting to any security breaches becomes almost impossible.
However, effective asset management is becoming more difficult than ever, mostly due to the numerous operating systems on portable devices used in organisations. Today's asset management tools need to be able to track multiple device types on multiple operating systems across the entire organisation...all from a single console. Yet most vendors don't even come close to delivering this type of solution.
Year of the Android?
Apple devices are still growing in popularity in the workplace. One estimate is that Apple's enterprise market share will increase by 57% during the course of 2011.
However, Apple's iOS operating system will remain a tier two player when it comes to business use. The brand may be popular with employees, but a combination of cost, and proprietary software, and systems means its potential to become truly mainstream in business is limited.
It's Google's Android platform that has the potential to be a real game changer in business. According to Gartner, worldwide use of Android has already overtaken that of iOS. The same analyst house has also predicted that Android will become the number two mobile operating system globally in 2011.
In January 2011, another analyst house, Neilson, reported that although Android hasn't overtaken iOS in the US, it is the most popular operating system for those Americans buying new smartphones.
The stats go on. What everyone is agreed on is that the race is tight. The days of Symbian and RIM ruling the roost in business are behind us, and Android is likely to take significant market share away from the competition in the coming months.
A perfect storm
So it's clear that the days of an IT estate standardised on a few laptop and BlackBerry models for the entire employee base are over. Running on these multiple mobile operating systems there are multiple software applications, which all need to be correctly licensed and safely installed. Again, the lines between work and home blur - if your company laptop happens to be a MacBook, why not download your music on to it and use it to watch films?
As we enter a new decade, IT departments are faced with a proverbial 'perfect storm' when it comes to data security. Departments are dealing with reduced operating budgets meaning they have to do more with less. Conversely, there is a growing movement from government to regulate the security of data, such as the ICO fines mentioned earlier.
The growing number of laws around data security will force the hand of corporations to establish processes to ensure data integrity. Those who don't could be subject to significant financial and reputational repercussions if a data breach were to occur. According to the Ponemon Institute, the average cost of a data breach to an organisation in the UK is £1.7 million, while in Germany it is €2.41 million.
Along with reduced operating budgets and changing government legislation, the general public has become acutely aware of (and concerned about) the security of their personal data as the instances of lapses in data security continue to increase.
And finally, there is the growing mobility of the workforce - from people travelling with their data to employees 'telecommuting' from home. While mobility creates business opportunities, it also means more corporate devices - and data - outside of the traditional workplace. The result is the creation of a new 'information perimeter' where devices on different operating systems become increasingly difficult to manage.
What can IT do?
A common complaint from IT teams is that nobody notices when you're doing a great job, but when something goes wrong, you're first in line to feel the heat.
This is why forward planning is more important than ever, and I'd offer the following advice to departments caught in this 'perfect storm' and facing a deluge of new devices in the workplace:
- Think ahead. Come up with a worst-case scenario and work backwards - ensure you have the systems in place if employee devices are stolen or if laptops 'drift' off the network
- Be certain of what devices you have and where you have them - keep track of everything on the network
- Install an asset management system that can keep track of multiple operating systems, such as Windows, Macs, smartphones, etc. - via a single console.
- Work with HR and Legal to implement a clear policy on the use of consumer devices at work. Decide what's acceptable and legislate against what isn't.
- Finally, communicate. IT's job is no longer stuck in the back office. Talk to employees, make sure everyone is aware of and the reasons for having security policies in place and tell people what to do if the worst happens and a laptop or mobile device goes missing.
What has been described as the 'new normal' in IT also creates a perfect storm for the IT manager. Dealing with consumerisation along with regulatory bodies, reduced operating budgets and an increasingly mobile workforce poses serious challenges for IT.
Over the next year and beyond, the proliferation of Apple devices in business will increase, and Android will become a dominant operating system. All of this means IT security chiefs must be more prepared than ever. Looking on the positive side, riding out the perfect storm will be a test, but will encourage people and processes to find new levels of resource and create more water tight organisations, which can only ever benefit employees, customers, and managers.
It is still to be determined who will win the battle of the business operating system in the long run, but IT need to make sure they're ready for the fight.