Not much more than a decade ago, a great many of us—of a certain age—realized that we were explorers aboard an intimidating vessel, bound for the unfamiliar shores of Technologia. When we arrived at the coast of this unexplored land and beached upon its golden sands, the hope and opportunity was palpable. Alas, it was not to be the paradise for which we had hoped. Many of us could not penetrate the hinterlands of this unexplored world and we would have surely given up if it were not for the partnerships formed with the indigenous tribes—the ‘digital natives’.
The digital natives range from 18-30 in age (commonly referred to as Generation Y or Millenials) and have grown up riding the wave of new technology. Surfing the web, mastering new gadgets and absorbing every new breakthrough like sponges, these technophiles are the target group for the consumerization of IT.
The result of this consumerization means that organizations are faced with an influx of employee-owned IT that operates outside the workplace security perimeter; pair this with the use of work devices for personal use, such as shopping online and the use of social networking sites, and the security issues become apparent.
Being able to multi-task with social media, texting, email, Twitter and more, the digital native simultaneously works across a wide variety of technologies, increasing the chance of compromising security. The secret to effectively harnessing the savoir-faire of these employees is the greatest challenge to business today. While their ability to adapt to new technology makes for a versatile workforce, the ease with which they use these various platforms and devices also becomes a problem. The line between work and play, and thus the security perimeter, becomes blurred, as it is a line that employees shift according to their activity at any given time.
A recent survey conducted by global IT association ISACA, on online shopping at work and workplace Internet security, yielded some worrying statistics with obvious implications. The survey found that adults between the ages of 18-34 are:
- More than twice as likely to shop online using a work-supplied computer, tablet or smart phone (39%) than older adults (16%)
- More unsure (36%) of their company’s policies towards online shopping at work, compared to the general population (25%)
- More inclined to use their personal computers for business (56%) than older adults (47%)
- Slightly less likely to use secure browsing technology (62% vs. 64%)
Despite being technologically proficient in terms of using the various devices, it would appear that security is of a periphery concern at best to the digital native. Many of those surveyed assumed that their IT department handled security at work, which might explain the sometimes reckless behavior of certain employees, including opening e-mails of unknown origins and clicking on suspect links; using work e-mail for online shopping; or registering to sites that require a login—all of which could lead to compromised security. This behavior opens the door to social engineering, phishing attacks, malware and information breaches that can cost companies millions and inflict severe damage to their reputation.
To prevent the natives from becoming a threat to Technologia, an agreement between the natives and organization chiefs must be reached. The key to this understanding is to adopt an “embrace and educate” approach. Of course a company could take the autocratic position of banning any personal activity and personal devices in the workplace; however, this approach would be detrimental to productivity and nearly impossible to implement. By educating their employees about the risks posed by a laissez faire attitude toward IT security, both at the personal and organizational level, companies can harness the versatility and knowledge of the digital native—a significant asset to the organization— whilst simultaneously improving their security.
During the holiday season, when employees are using the Internet for personal use at a higher rate than ever, be sure to remind them that security is everyone’s responsibility—not solely the domain of the IT department. A realistic and organization-wide approach to IT security and governance is the best possible way to protect company assets. Technology changes quickly, and enterprise leaders must stay abreast of its advances. Harness the knowledge of the digital natives, and learn from their skills; soon, you will be so familiar with the new land that you’ll be mistaken as a native of Technologia as well.
Robert E. Stroud CGEIT, Vice President CA Service Management Service Management & Governance Evangelist
Robert Stroud serves as a vice president and the Service Management and Governance Evangelist at CA, Technologies. Robert also serves as an International vice president of ISACA and was the former chair of the COBIT Steering Committee and is part of the Framework committee. Robert also serves on the itSMF International Board as Treasurer and Director Audit, Standards and Compliance and leads the itSMF ISO liaisons to multiple working groups.
As CA’s global evangelist for service management and governance and responsible for strategy development. Stroud is dedicated to the development and communication of industry best practices and acts as a strong advocate for the customer – working closely with users, industry organizations, government agencies, and IT luminaries to identify and communicate IT best practices. He is a mentor to many organizations, advising them on their implementations to ensure they drive maximum business value throughout the process. Stroud also helps ensure that CA’s solutions adhere to industry best practices.
An industry veteran, Stroud has significant practical industry experience and is a recognized industry thought leader, speaker and leader. He is considered a global authority on governance leading the ITGI COBIT Steering Committee and setting the product strategy and direction. He has contributed to multiple publications including Guidance for Basel II, COSO ERM and COBIT versions 4.0 and 4.1. As an IT service management expert, he also has contributed to several titles on ITIL and was a member of the ITIL refresh process in the roles of mentor, reviewer and on the Advisory Group and is involved reviewing the current ITIL update.
Stroud spent more than 15 years in the finance industry successfully managing multiple initiatives in both the IT and retail banking sectors related to IT service management and process governance.
Stroud joined CA from the Australian computer security company, Cybec, where he held several management positions and was responsible for the company's successful global expansion including successful entry into the North American market.