Billions of Wi-Fi-enabled smartphones and tablets are pouring onto enterprise networks, with employees accessing numerous business and personal apps.
The new and rising mobile generation, coined GenMobile, is a flexible, transparent and collaborative presence in today’s organisations.
For the ongoing creativity and growth of a business, this is good news. But for the security of company data and IT systems, there may be cause for concern.
That’s the word from Aruba Networks, who took a close look at GenMobile employees across all industries and their attitudes towards security when using mobile devices in the workplace.
The report, Running the Risk, found many businesses are ill prepared for the high-risk, security-indifferent mind-set of the GenMobile workforce. This in turn has created an alarming disparity in security practices around the corporate world.
The Running the Risk report explores how organisations can better understand and manage the collaborative and innovative behaviour of GenMobile workers, while minimising security risks.
While the last 50 years have seen the opportunities for businesses to grow increase exponentially through technology, at the same time the dangers of cyber security have grown at what is arguably an equal rate, explains Steve Coad, managing director Australia/New Zealand at Aruba Networks.
“As GenMobile becomes a more central part of every workforce, businesses need to understand how to manage workplace productivity and morale, without endangering company security,” he says.
“The reality is that most established firms operate with a generally risk-averse approach inside their chosen market, maybe offset by the needs of a new business unit or sales development division,” he explains. “In contrast, in the GenMobile universe, risk-averse is considered ‘the way things used to be done’. Today, risk-tolerance (or at least a risk- neutral stance) will usually prevail.”
While the acceptable threshold for risk varies greatly depending on industry, GenMobile employees demonstrate a much higher willingness to exhibit behaviour that is prone to risk than is usually deemed acceptable by their employers, Coad explains.
On the positive side, Coad says this risk means GenMobile workers lean toward a culture of transparency and openness.
“Whether this is fuelled by the exuberance of well-connected users or a general impatience for growth and development, there is a high-level responsibility to capture and manage this energy using a different security approach - all without stifling the original business objective,” he explains.
Coad says it may be “time to run the risk associated with mobility, but at the same time, companies and their IT departments need to be smarter about managing this behaviour of sharing without sacrificing the security of corporate data and information.”
The Running the Risk report found that over half (51%) of people surveyed think using mobile apps can drive more productivity and another 48% believe it gives their company a competitive edge, suggesting that the GenMobile approach brings business benefits, and potentially bigger profit margins.
“But while many of these workers are keen to take advantage of the benefits of mobility, not all are prepared to use the latest tools to protect themselves or the company,” warns Coad.
In order to reduce risk levels, Aruba Networks suggests businesses adopt the following five-step checklist to ensure their IT organisation is prepared for the risks that GenMobile workers are bringing into the enterprise.
- A basic security policy is an absolute prerequisite for every firm to lay down a description of its core protection controls and its employees’ usage of those technologies, Coad says. “Even for a small firm of just two employees, formalising an approach to information security is crucial. Such a policy should cover roles, devices, locations and other contextual attributes.”
- Organisations should implement enforcement rules that extend from applications to devices to the network. Such an approach should integrate services across MDM, firewalls, IPS and policy engines to deliver common policy enforcement for all sensitive information.
- IT must measure and monitor user behaviour to ensure that security policies are mapped to business objectives. This will ensure that policies achieve the result of securing corporate information and systems without impacting usability and employee productivity.
- “Even the most well thought out security frameworks will fail without the requisite employee training,” Coad explains. “This should not only include a needs-assessment by employee type, but should also educate employees on why such actions are important and how they can assist in improving corporate security. “
- Finally, Coad says businesses should ensure that IT has a mechanism for employee feedback and a service level agreement in place for how to respond to employee input and requests. “Often times IT is able to improve the effectiveness of automated workflows and security policies simply by listening to employee feedback. ”
“GenMobile is the future of business,” Coad says. “Old business models that fail to adapt to GenMobile will slowly crumble and may ultimately not survive.
“The arrival of the always-on, mobile-office and GenMobile employee is as tangible and impactful a sea change on industry as the arrival of the internet itself,” he says.
So how does IT maintain visibility and control how mobile devices are given access?
Business should start by understanding risk levels relative to those in the same country and industry by taking the Aruba Networks Running the Risk: Mobility Risk Index.
The Aruba Networks Running the Risk online assessment tool enables organisations to measure their own risk barometer and benchmark themselves against other organisations in their country and industry.
Aruba provides guidance and steps to ensure that IT organisations are successfully prepared for the impact of GenMobile employees, while embracing their collaborative and innovative attitudes, and protecting the security of corporate data and assets.
Additionally, Aruba Networks' ClearPass Access Management System takes a fresh approach to supporting the rise of GenMobile and solving mobility challenges through changing employee behaviours.
“How the business world now adapts to the behaviour of the GenMobile workforce may be the make or break for long-term boom or bust,” says Coad.
“Embracing GenMobile’s penchant for openness, innovation, collaboration and some degree of risk is good, but only when an organisation can understand and plan for the security risks these behaviours bring with them.”