Striking a Balance

Firms are responding to the march of consumerisation by implementing security and usage policies designed to allow employees more freedom in moving between devices. Yet significant tensions remain because the level of security demanded by IT teams can often lock-down devices (particularly laptops) to the extent they are rendered barely usable. If firms are overly restrictive, employees can react badly, refusing to work flexibly or by finding workarounds. A common scenario is where a user emails a file to a webmail account and saves the attachment back to their local drive if their corporate laptop has been locked to prevent them from saving files locally. In this scenario, potentially sensitive data is leaving the confines of corporate IT and becomes both a security risk and a potential breach in regulatory compliance.

By its very definition, an element of risk has to be introduced if users are to be given flexible access to information. Consumerisation therefore becomes a question of how organizations configure and manage the interface between the user and the device, as well as how much control it retains over the devices being used and the data being accessed. The solution lies in finding an appropriate way of managing the device to ensure that all data is encrypted, that the device has an anti-virus solution and that there is an acceptable usage policy applied that also makes provisions for a certain amount of personal usage.

The delivery model varies from one end of the spectrum to the other depending on type of organization and job function. For example, utilities currently equip engineers with laptops that are completely locked down and ‘cloned’ to create a standardized, highly-rugged build that can be mass produced and distributed in an efficient and secure manner. Conversely, a full consumerisation model allows knowledge-based workers to consume and create information on the move from any end-point device.