Tag Archive for Consumerization

| February 12, 2015
Comments Off on 25% of Employees Access Past Employers Work Docs

25% of Employees Access Past Employers Work Docs

25% of Employees Access Past Employers Work Doc'sMore than 25% of file-sharing service users report still having access to work documents from their previous employer, according to a “Rogue Cloud in Business” survey of 2,000 U.S. adults by Harris Interactive for Egnyte, an enterprise file-sharing platform provider.

uncontrolled file-sharingAccording to FierceITSecurity, the survey highlights the security risks uncontrolled file-sharing practices pose to the work place from these practices are obvious. An Egnyte presser claims The survey results illustrate a major exposure for today’s businesses when it comes to the transfer and storage of data through unapproved and insecure cloud-only file-sharing services.

The new survey uncovers deep issues around the rogue usage of consumer-based cloud services and illustrates the need for IT to deploy a secure enterprise-grade solution that meets the file-sharing needs of employees while protecting sensitive business data from the risks associated with insecure file sharing through the cloud

The survey found that:

  • easy to take sensitive business documents51% agree that collaborating on file-sharing services (such as Dropbox and YouSendIt) is secure for work documents;
  • 46% agree that it would be easy to take sensitive business documents to another employer;
  • 41% agree that they could easily transfer business-sensitive data outside the company using a file-sharing service;
  • 38% have used file-sharing services have transferred sensitive files on an unapproved file-sharing service to someone else at least once; 10% have done it 6 or more times;
  • 31% agree that they would share large documents that are too big for email through a file-sharing service without checking with their IT departments;
  • 27% of file-share service users report still having access to documents from that previous employer.

mobile users are willing to bypass IT policiesAnother report from Workshare paints a grimmer picture for those of us tasked with protecting a firm’s intellectual property. The report titled “Workforce Mobilization” shows the true extent to which mobile users are willing to bypass IT policies and use unsanctioned applications to share large files and collaborate on documents outside of the office.

  • 72% of workers are using free file-sharing services without authorization from their IT departments.
  • 62% of knowledge workers use their personal devices for work.
  • 69% of these workers also use free file sharing services to collaborate and access shared documents.
  • At companies with fewer than 500 employees only 24% of employees using authorized file sharing solutions.

Robert Hamilton, director of information risk management at Symantec (SYMC) in Mountain View, CA also told FierceCIO a continued threat to the company’s data comes from employees who feel like they live in a “finder’s keepers” environment.

Not encouraging

The results of the survey report, entitled “What’s Yours Is Mine,” were not encouraging to IT security professionals and IT management. According to the Symantec survey of employees:

  • "finder's keepers" environment68% of their company doesn’t take proper steps to protect sensitive work information;
  • 56% do not believe it is a crime to use a competitor’s trade secrets;
  • 40% download work files to personal devices;
  • 40% plan to use old company information in a new job role.

Symantec’s Hamilton told FierceCIO:

Employees are taking increasing amounts of data outside the company, and most people do not believe using corporate data for themselves is wrong … The attitude is that ownership lies with the person that created it, not with the company that employs them.

rb-

All three of these firms sell products they claim that can stop a firm’s intellectual property from leaking out through public file-sharing services. But before you engage any firm, some basic steps should be taken.

  1. Develop a technology acceptable use policy.
  2. Include public file-sharing services in the AUP.
  3. Incorporate the AUP in the staff handbook, and make sure staff sign it before they are given network access.
  4. Train staff on the risks associated with using public file sharing services for sharing corporate documents. Risks include HIPAA violations, PII release, Malware, PCI-DSS violations, and Government “Snooping.” Only then –
  5. Engage a service provider to implement an enterprise-approved alternative to the free file-sharing services.
What's Your is Mine

Symantec Infographic

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| December 12, 2013
Comments Off on Is Your Data Safe From Gen Y?

Is Your Data Safe From Gen Y?

Is Your Data Safe From Gen Y?Fortinet (FTNT) released a new study that says that most Gen Y staff members are thwarting their employers’ Bring Your Own Device programs. Fortinet surveyed 3,200 employees between the ages of 21 and 32 on their attitudes and practices around BYOD and found that 51 percent of respondents said they would ignore formal BYOD policies at their organization.  “It’s worrying to see policy contravention so high …” Fortinet VP of Marketing John Maddison said in the study report.

Gen Y staff

Gen YThe same Fortinet survey revealed that 55 percent said they have been the victims of cyberattacks on their desktops or laptops. The respondents noted that those attacks had affected their productivity and potentially cost them corporate or personal data.

FierceCIO provides another example of staff’s cavalier attitude towards data security from Symantec. According to the Mountain View, CA-based Symantec (SYMC) when it comes to corporate data, employees who feel like they live in a “finder’s keepers” environment, Robert Hamilton, Symantec director of information risk management said. The firm surveyed workers in the U.S. about taking corporate data outside of the workplace if they would use company information in another job and their views on whether that constituted stealing. FierceCIO reports the results of the survey, were not encouraging to IT security professionals and IT management.

Finder’s keepers

  • Data theft40% of employees download work files to personal devices,
  • 40% of employees plan to use old company information in a new job role,
  • 56% of employees do not believe it is a crime to use a competitor’s trade secrets,
  • 68% of employees say their company doesn’t take proper steps to protect sensitive information.

Mr. Hamilton summarized, “The attitude is that ownership lies with the person that created it, not with the company that employs them.” He says companies need to do a better job of safeguarding data from employees, especially with the growing popularity of BYOD. Symantec noted,

Only 38 percent of employees say their managers view data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies

File sharingA survey by mobile file-sharing app provider Workshare provides more evidence of how employees flaunt IT policies by using free file-sharing services to store and share corporate documents from their mobile devices. FierceMobileIT reports that the firm’s survey revealed that 81% of employees access work documents from their mobile devices. A disturbing 72% of workers are using free file-sharing services without authorization from their IT departments.

Fiberlink recently conducted a survey of its customers about what apps they are blacklisting and whitelisting. DropBox appeared at the top of the blacklisted apps lists for both Android and iOS devices. Commenting on the results, Fiberlink CEO Christopher Clark told FierceMobileIT: “I think there are other ways besides DropBox or Box to do apps and content management.”

personal USB devicesWork documents on personal devices

Another survey, conducted by Ipsos MORI for Huddle found that 91% of U.S. office workers store work documents on personal devices, such as USB drives, and 38% store documents on consumer file-sharing services.

FierceMobileIT reports that Dropbox is the most used consumer file-sharing service for work document storage and sharing.

Patrice Perche, Fortinet’s senior Fred Donovan VP for international sales and support, said in the report:

This year’s research reveals the issues faced by organizations when attempting to enforce policies around BYOD, cloud application usage, and soon the adoption of new connected technologies. The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed.

FierceMobileIT’s Fred Donovan warns that enterprises need to educate their employees to combat the security risks of using consumer file-sharing services. He also says that employers need to offer enterprise-sanctioned file-sharing alternatives. Otherwise, employees will continue to bypass IT policies and put corporate data at risk. Symantec’s Hamilton told FierceCIO that firms need to undergo a cultural shift if they are going to win the battle of protecting their assets from their own staff.

rb-
Sharon Nelson at Ride the Lighting sums up my thoughts on the BYOD thing.

I have never understood the arrogance of this attitude or the failure to appreciate that employers have a duty to impose rules to protect client/customer/proprietary data./proprietary data.

It is common for each succeeding generation to despair of the generation that follows it, but I confess to a certain amount of despair for a generation that is so tied to their mobile devices that they cannot balance their desire to use their devices with the duty owed to the employer to keep work data secure. In a world where young folks cannot seem to keep from checking their phones at weddings and funerals, I guess it is no wonder that they see nothing wrong with willfully disobeying rules imposed at work.

What do you think? Is your data safe from Gen Y staff?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| October 31, 2013
Comments Off on IT Departments Gone in 5 Years

IT Departments Gone in 5 Years

IT Departments Gone in 5 YearsIT departments will be done in the enterprise within the next five years according to a group of CEOs and VPs. They predict that consumerization of IT and self-service trends will lead to a restructuring of today’s IT shop, leaving behind a hybrid model consisting of tech consultants and integrators. Brandon Porco, chief technologist & solutions architect at Northrop Grumman recently told a group at the CITE Conference and Expo.

The business itself will be the IT department. [Technologists] will simply be the enabler

IT Departments are targetsComputerworld reports that Kathleen Schaub, VP of research firm IDCs CMO Advisory Practice, echoed Mr. Porco. She said many corporate IT organizations now report to the head of the business unit it is assigned to. “The premise is that wherever IT sits in an organization will dictate what they care about,” she said. “If they’re in finance, they’ll care about cost-cutting. If they’re in operations, they’ll care about process management. If [the company] decides it wants to focus on the customer, they’ll put it in marketing.

John Mancini, CEO of the Association for Information and Image Management (AIIM), agreed with Mr. Porco, saying that in the consumer technology era, it’s the business side that has all the tools, so it will be able to trump IT’s desire to control who uses what and how.

functional business spending will outpace IT's spending.While the business can dictate the service or technology it wants, IT can influence the decision. Nathan McBride, VP of IT & chief cloud architect at AMAG Pharmaceuticals told Computerworld, “We’re not trying to be ahead of the technology curve and we don’t’ want to be behind, but we’re trying to maintain pace to know what they’re going to ask for next before they ask for it.

Help Net Security points out a recent IDC study that found 61% of enterprise technology projects are now funded by the business and not the IT department. IDC says IT spending driven by the functional business areas will outpace IT’s own spending. Today’s business executives who are more tech-savvy, have easier access to technology through the Cloud, and are under pressure to quickly implement new technology initiatives are driving this change.  The Help Net Security article states that today’s line of business employees are looking more and more like an extension of the IT department as, on average, 8% are technical staff.

Center of the universeAnother concern raised is whether IT is losing control as consumer technology becomes part and parcel of everyone’s work in the enterprise, and the data center is left behind. AMAG’s McBride told the audience, that in five years, companies will have to make sure they’re matching their enabling technology to the demographic of that time. He said 75 Fortune 100 companies now use Google (GOOG) Apps along with most Ivy League schools, meaning that the next generation of workers won’t be users of Microsoft (MSFT) Exchange or Office.

While the CIO position will likely stay in an enterprise, his or her role will morph into a technology forecaster and strategist, and not a technology implementer, according to Northrop Grumman’s Porco.

 rb-

This sounds like a solid case for training technical staff in project principles and increasing the number of IT project managers. There have to be clear two-way communications between the business owner and the implementers.

Requirments ?Proper and detailed scope definition is one of the most critical steps for the success of any project. The business team, implementation team, and operations team must get together before the work starts to check the proposed solution and work through all the questions, concerns, and gotchas before the project even starts. This way problems can be discovered. Once the requirements are defined and the scope is complete and everyone agrees, then the project can be signed off and a formal kick-off meeting can be held.

In IT projects, it is important to look beyond the defined project to ensure success. Does the plan consider impacts on end-users?

  • Does the project need new policies or procedures? If something falls through the cracks, they blame your project.
  • Does the PC fleet meet requirements? Do they need more RAM? If they have to upgrade, they blame your project.
  • Does it work with your current server OS? If they have to upgrade, they blame your project.
  • What about the software? Are you locked into IE only? Do you need a specific level of .NET? Does it work on iOS and Android? If they don’t have the right software, they blame your project.
  • How much bandwidth does the new project require? Will it try to send a graphical interface to a remote office on a slow link? If it loads slow they blame your project.
  • Training? If the end-users can work the program, they blame your project.
Related articles
  • IT morphs as tech and users change (networkworld.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| September 5, 2013
Comments Off on Six Steps to Avoid BYOD Pitfalls

Six Steps to Avoid BYOD Pitfalls

Six Steps to Avoid BYOD PitfallsIn a recent article on the Forbes CIO Central blog, Dan Woods interviewed Brian Madocks, CEO of PC Helps, a services firm that provides supplemental help desk services for more than 1.6 million end-users. He has been on the front lines as many of its clients have opened up BYOD.

I want an iPadIn the article, Forbes offers advice on how IT departments can respond to users who show up at work and declare: “I want an iPad.”  The author warns that ignoring the corporate use of personal devices (smartphones, iPad’s and other tablets) leave both end-users and the IT department quite unhappy.

Mr. Madocks says the biggest myth is that allowing personal devices to be used for work-related purposes reduces the support burden. At first, this seems strange. If people use devices they know well, shouldn’t they need less help? Also, if an employee is using an iPhone or iPad, won’t their support questions be handled by AppleCare, Apple’s support arm? Mr. Madocks says no. Consumerization reduces some types of support but generates others. Here’s what happens.

ConsumerizationThe number of calls about how to use the device may go down. People know how to use their phones, get on the Internet, and use Facebook. But the number of calls about how to get their corporate email, calendar, and contacts working on phones or tablets may go up. With Apple (AAPL) iPhones and iPads and the fragmented Google (GOOG) Android versions out there it’s even more complicated. The PC Helps CEO reports that users can be frustrated when they go to Apple’s Genius Bar, AppleCare, or to Google for Andriod support and find out that they won’t get any help there because the staff doesn’t know how to support your corporate environment or the applications used within it.

With a multitude of personal devices in your workforce, the support burden may increase and your help desk may not be able to keep up with the unique features and aspects of all the devices. Mr. Madocks concludes that no matter how you allow access to the corporate resources the support burden NEVER disappears.

The support experts from the PC Helps brain-trust, developed a playbook for organizations considering a Bring Your Own Device model:

Don’t just say no to “bring your own technology”: The cat is out of the bag. End users are more productive when they have a vote on the tools they use and their support. PC Helps suggests IT show some leadership and help figure out how to get BYOD (PDF) right so that the company is protected and the users are happy. Recognize that consumerization means giving up some control; learn to live with that.

Listen to the end-users: Create an internal customer advisory group to allow end-users to explain what they want and what they don’t. The article says one of the primary drivers of consumerization is the wish to have work and personal content and capabilities on a single device. Craft a draft set of policies and guidelines based on this input.

Help deskResearch and test your approach: Consider a pilot program before full rollout that includes a mix of key users. Discover the range and types of preferred devices as well as the corporate systems, networks, and applications users will need access to. The blog recommends that you incorporate your findings into the broader rollout plan.

Document and communicate a clear set of policies and guidelines for end-users: Everyone should know what the company policies are for personal devices and where to find them. Explicit review of policies and testing for understanding should be performed from time to time, or as new devices arrive and raise new issues. The policies should set forth:

  • Which devices will be supported.
  • How to request new/more devices,
  • Which apps are authorized,
  • Which apps are forbidden,
  • How to get approval for new apps,
  • What company data is allowed on personal devices,
  • How to get support for devices and applications.

The policies should also answer the following questions:

  • When a device is no longer used for work or an employee leaves, what are their responsibilities to securely deletion corporate data?
  • Where and how will devices be backed up?
  • Who is responsible for backup?
  • Are lock and password-protection required, and how is it managed?
  • Who will provide support?
  • What kind of support questions should be directed to device manufacturers?

ComplexityPlan for a more complex support burden: Allowing personal devices means a world with more devices, which in turn multiplies the knowledge needed from the help desk. There will be more questions on setup, remote access, and use of corporate applications, as well as problems unique to the different devices. There will be more complex support scenarios, such as, how to use Microsoft Office applications on non-PC devices. Be sure you have a support plan and trained people in place.

Don’t rely on device manufacturers for support of your end-users: Manufacturers can handle break/fix and warranty support on products, but they won’t know your corporate policies, processes, nor the core office applications your users work with every day. Apple iPad owners have access to AppleCare and Genius bars, but this is all geared to consumers. AppleCare won’t help with many synchronization issues related to accessing corporate email on the iPad, nor provide urgent support for deadline-related business situations.

a risk to IT’s reputationEnd-users may get the run-around, going to the manufacturer and then to their wireless service provider, to your internal help desk, and to peer support for help, wasting time and productivity on something that could be solved in a single call. Devices for corporate use should have corporate support or they will present a risk to IT’s reputation in the organization.

Prepare your help desk for the task: The help desk in a BYOD IT environment is a different type of organization, one that must be able to respond to the unexpected. Mixed device environments require specialization and expertise, as well as ongoing training and skill-building. Your existing help desk staff may need to be retrained, expanded, or supplemented.

In the end, Mr. Madocks reports that the firms PC Helps assists in consumerization don’t regret their decision. “While consumerization creates complexity for support … The company’s workforce is happier and more productive, and the reputation of IT as a supporter of the business is greatly enhanced.” The end result is generally happier users and happier IT, but there are complications.

rb-

It is my experience that most people who push consumer devices into the enterprise, don’t have a plan. They want their iPads, for valid or not so valid reasons. Some staff seemed surprised when they could not print to the enterprise printer on the enterprise network with the iPad they just brought in.

I place a great deal of the blame at the feet of Apple. I have had Apple engineers look me straight in the face and tell me that iPads are consumer devices and not designed for the enterprise and that Apple does not intend to fix it.

They do not use standard protocols and BYOD proponents don’t even know what Bonjour is, let alone the limitations of Bonjour.

http://blogs.forbes.com/ciocentral/2011/02/07/i-want-my-ipad-avoiding-it-consumerization-pitfalls/
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| August 8, 2013
Comments Off on Is Your iPhone Turning You Into a Wimp?

Is Your iPhone Turning You Into a Wimp?

Is Your iPhone Turning You Into a Wimp?New research from Harvard implies that consumerization and BYOD can have an impact on how staff behaves. Carmen Nobel at HBS Working Knowledge wrote about research from post-doctoral research fellow Maarten Bos and Associate Professor Amy Cuddy of Harvard Business School. They claim Your iPhone is Turning You Into a Wimp.

Your iPhone Turning You Into a WimpThe research says that in an experiment, people who had been using smartphone-sized iPod Touch devices were 47% less likely than desktop users to get up to try to find out why a researcher hadn’t come back after leaving the room to fetch paperwork so that participants could be paid. And of those who did take action, the iPod Touch users took 44% longer than desktop users to get up and look for the researcher. The research suggests that your hunched posture as you use a smartphone-sized device for just a few minutes makes you less likely to engage in power-related behaviors than people who have been using desktop computers.

Back painThe researchers claim that body posture inherent in operating everyday gadgets affects not only your back but your demeanor. A new study entitled iPosture: The Size of Electronic Consumer Devices Affects Our Behavior. It turns out that working on a larger machine causes users to act more assertively than working on a small one (like an iPad).

The study proves the positive effects of adopting expansive body postures – hands on hips, feet on the desk, and the like. According to the article, deliberately positioning the body in a “power pose” for just a few minutes actually affects body chemistry. They increase testosterone levels and decrease cortisol levels. This leads to higher confidence, and more willingness to take risks. According to a 2010 report by Andy Yap, Cuddy, and Dana Carney good posture leads to a greater sense of well-being,

Contractive body posturesContractive body postures like folded arms have the opposite effect.  Contractive body postures decrease testosterone and increasing cortisol. Bos and Cuddy wondered whether there might be behavioral ramifications from using electronic devices. The author says that many of us constrict our necks and hunch our shoulders when we use our phones. And statistics show that we use our phones a lot.

Americans spend an average of 58 minutes per day on their smartphones, according to a recent report from Experian Marketing Services. Talking accounts for only 26 percent of that time. The other 73% is devoted to texting, e-mail, social networking, and web-surfing – in other words, activities spent hunched over a little screen.

assertiveness and risk-taking behavior.Bos and Cuddy hypothesized that interacting with larger devices would lead to more expansive body postures. That in turn would lead to behaviors associated with power—including assertiveness and risk-taking behavior.

To test their hypothesis, Bos and Cuddy paid 75 participants $10 each and randomly assigned them to perform a series of tasks on one of four devices, each successively larger than the next: an iPod Touch, an iPad, a MacBook Pro laptop, or an iMac desktop computer. Each participant sat alone in a room during the experiment, monitored by a research assistant.

ClockWhen the participants were done with the tasks, the researcher pointed to a clock in the room and said, “I will get some forms ready for you to sign so I can pay you and you can leave. If I am not here in five minutes, please come get me at the front desk.” Rather than returning in five minutes, though, the researcher waited a maximum of ten minutes, recording whether and/or when the participant had come out to the front desk.

The article reports that device size substantially affected whether the participant left the room after waiting the requisite five minutes. Of the participants using a desktop computer, 94 percent took the initiative to fetch the experimenter. For those using the iPod Touch, only 50 percent left the room.

And among those who did leave the room, the device size seemed to affect the amount of time they waited to do so. The bigger the device was, the shorter the wait time. On average, desktop users waited 341 seconds before fetching the experimenter, for instance, while iPod Touch users waited an average of 493 seconds.

expansive body posturesThe steady increase of waiting time is locked in step with the size of the device,” Harvard’s Bos says. “I have never before in my life seen such a beautiful effect.” The results indicate that expansive body postures lead to power-related behaviors. This happens even in cases where the posture is incidentally induced by the size of the gadget or computer. Mr. Bos concludes that a break from your  mobile phone is needed to be powerful,  “...  you need at least a few minutes of interacting with a device, or, more importantly, of being in a specific posture related to that device, before you find effects.

In the meantime, the article suggests it may be a good idea to avoid the smartphone immediately before your next big meeting. Texting up until the boss starts speaking may make you look busy, but it may make you act meek. “We won’t tell anyone not to interact with those devices just before doing something that requires any kind of assertiveness,” Bos says. “Mostly because people won’t listen: They will do it anyway...”

rb-

Professor Cuddy’s power poses theory says that certain body stances, such as standing with your legs apart and your hands on your hips, or opening up your chest area, bathe your cortex in testosterone, a hormone associated with assertiveness and the willingness to take risks. Meanwhile, they also reduce cortisol, the stress hormone. On the other hand, low power poses—crossing your arms over your chest, say, or bunching your shoulders—increase neural levels of cortisol and reduce testosterone, resulting in more stress and less confidence.

Does this have implications for BYOD? The evidence seems to indicate that staff seeking advancement will gravitate toward tablets. Offering a larger device to a normally shy worker will make them more assertive.

Look around the office do your observations match the researcher’s implications?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
« Older Entries