The consumerisation of IT

25 September 2012
Woman working on a laptop on a bed

‘Working from home’ has a new meaning, with recent research revealing that 35 per cent of people admit that they or their partner work in bed, reports Ralph Adam.

This is just one example of how distinctions between home and work have become blurred. We are encouraged to work from home or at clients' sites to free-up expensive city centre office space and have more flexible work patterns. Staff expect their office equipment to be available at home, yet be able to bring their own items into work and use their familiar social networks and online services.

When surveyed, a majority of managers claimed their favourite staff were those who could work anywhere, at any time and with their own equipment, suggesting that productivity and anywhere-access are more important than improved morale or giving younger staff increased responsibility. In effect, workers are subsidising their employers!

New terms have entered the business vocabulary to describe this approach: Bring Your Own Device (BYOD) or, more technically, the 'consumerisation' of IT. The role of technology within organisations is changing, and rule-making is being transferred from IT departments to HR.

An unstoppable shift?

This change in focus raises important information management issues: for example, who owns mobile services when employees bring in their own devices? Who is responsible for insurance and other liabilities? Are businesses expected to supply SIM cards and devise service plans?

There are risks involved in moving to BYOD: reputations can be damaged by the dissemination of confidential information or the inclusion of sensitive metadata in emails or via mobile phones, while confidential company information can be exported either intentionally or by accident. On the other hand, personal information may become visible on the company's website. USBs, in particular, pose security problems: they can be stolen, lost, spread viruses or carry malware: we frequently hear of organisations being humiliated due to a lost USB stick containing sensitive data.

When staff use their own devices at work, how do you check on the (potentially damaging) files, emails, attachments and other information being imported? If employers require staff to open all their files and reveal passwords (as some do) what happens to confidential information? Likewise, does the employee lose personal material about themselves or their families if everything on their device is wiped on leaving the company?

What is the right usage of any given application on a mobile device? It might depend on the individual's role or department, work needs, location at the moment of access and actual device in use at the time. This is a complex mix of business and social requirements that need clear policies and suitable tools.

Mobile security must be seen to be taken seriously, with both the informational and technical aspects of security fully understood. All too often risk assessments are minimal and user-training insufficient. Even if employees own their devices, acceptable usage still applies. Staff should know where they stand. It is essential to have security that is usable, intuitive and makes you do the right thing. Even if you are working from your bed.

Related forum discussions
forum comment To start a discussion topic about this article, please log in or register.