One of the most significant threats to enterprise security is the consumerisation of IT and, as more consumer technologies enter the enterprise, security managers must prepare for, and manage, the increased security risks, according to Gartner.
It urged organisations to put tighter security in measures in place as employees expect to use more of their personal IT equipment and services in the enterprise and enterprises are simultaneously adopting more consumer technologies in business operations.
“Although consumer technologies create new risks for the enterprise, eliminating their use is increasingly difficult, and impractical,” said Rich Mogull, Gartner research vice president. “By taking security precautions and investing in foundational security technologies now, enterprises can prepare themselves for increasing use of consumer devices, services and networks in the enterprise, and manage these risks.”
Mogull said the entrance of consumer technologies in the enterprise challenges traditional security models, but, although they may lack maturity and come at a high price, the tools exist to manage the risks of consumerisation. Many of these, such as network access control (NAC), are being adopted by enterprises to manage other threats and can be configured for consumerisation threats. And while in some cases it may be too early or costly to invest in these less mature tools, he advised that enterprises could start with policies and procedures, and use these to help guide future technology deployments.
Gartner has identified four issues that IT managers must prepare for to secure their companies as consumer technologies penetrate the workplace. They include: preparing for consumer email and communications services like instant messaging (IM), voice over internet protocol (VoIP); blogs, social networks and other web 2.0 services; unmanaged mobile devices; and managing networks and remote connectivity.
“Most organisations will find themselves unable to completely block these services, for cultural, if not technical reasons, but security options are available to limit the risks that consumer communications services create,” said Mogull.
Gartner issued its research note as part of a special report on the consumerisation of IT, which includes 20 research notes examining how consumerisation is a catalyst for the growing conflict between the “traditional” enterprise IT function and the ability of individual employees to increasingly influence their use of IT. The Gartner Special Report “Consumerisation Gains Momentum: The IT Civil War” can be accessed on Gartner’s website.