High-tech consumer products and services of all kinds are making their way into the workplace. They include everything from smartphones, voice over IP systems and flash memory sticks to virtual online worlds.
And as people grow more accustomed to having their own personal technology at their beck and call, the line between what they use for work and what they use for recreation is blurring. In a recent US survey of corporate users by Yankee Group Research, 86 per cent of the 500 respondents said they had used at least one consumer technology in the workplace, for purposes related to both innovation and productivity.
Unfortunately, this trend poses problems for IT organisations. For one thing, the use of these technologies increases the risk of security breaches. Moreover, users expect IT to support these devices and services, especially once they interact with applications in the corporate environment. But in many companies, it would be against corporate culture to ban the devices or to block employees from accessing consumer services. At the same time, companies can't depend wholly on policy to maintain the level of security they need.
"I consider it my responsibility to implement things that make security seamless, easy and completely in the background," information security administrator at DeKalb Medical Centre, Sharon Finney, said.
Others, such as vice-president of security at telecommunications services provider Global Crossing, Michael Miller, wait until the devices or services affect productivity or otherwise cause a business problem, such as the security department battling worms or dealing with bandwidth issues.
But no matter what companies decide to do, the response always involves balancing employee productivity, abiding by the corporate culture, not eating up too much of IT's own resources and ensuring a level of security that's right for the company.
"Consumerisation will be a nightmare for IT departments, creating maintenance and support problems that will swiftly overwhelm IT resources, unless they embrace new approaches to managing the rogue employees," an analyst at Yankee Group, Josh Holbrook, said. He equated banning consumer technologies in the workplace with "an endless game of whack-a-mole".
At the same time, ignoring the adoption of such technologies would lead to a potentially hazardous mix of secured and unsecured applications within a corporate enterprise, he said.
Below we look at eight popular consumer technologies and services that have crept into the workplace.
1. Instant messaging In the Yankee study, 40 per cent of respondents said they used consumer IM technology at work. Instant messaging presents numerous security challenges. Among other things, malware can enter a corporate network through external IM clients and IM users can send sensitive company data across insecure networks.
One way to combat threats is to phase out consumer IM services and use an internal IM server. In late 2005, Global Crossing did just that when it deployed Microsoft's Live Communications Server (LCS).
Then in August last year it blocked employees from directly using external IM services from providers such as AOL, MSN and Yahoo. Now, all internal IM exchanges are encrypted, and external IM exchanges protected as they're funnelled through the LCS server and Microsoft's public IM cloud.
"Through the public IM cloud, we're able to make certain choices as to how restrictive or open we are. We can block file transfers, limit the information leaving our network or restrict URLs coming in [which was a common method for propagating worms]", Miller said. DeKalb's security policy, for instance, bans IM use altogether. As backup to the restrictive policy, Finney blocks most sites where IM clients can be downloaded, although she can't block MSN, AOL or Yahoo because many physicians use those sites for email accounts. Her team also uses a network inventory tool that can detect IM clients on employee PCs.
DeKalb is looking into the idea of implementing the IM add-on of IBM's Lotus Notes or even an internal freeware IM service like Jabber for business users who want to communicate across campus.
2. Web mail Of the respondents to the Yankee Group survey, 50 per cent said they use consumer email applications for business purposes. The problem with consumer email services such as those from Google, Microsoft, AOL and Yahoo, is that the users themselves don't realise how insecure their email exchanges are because messages are transported over the Web and stored on the ISP's server as well as the email provider's server. Without that awareness, many use no discretion about sending sensitive information such as passwords, confidential business data or trade secrets.