IT’s Possible Panic Attack

In a recent customer meeting, I looked around and took inventory of the different devices used by the attendees and coworkers. There were 12 of us in the room, and ten of us had placed our devices on the conference room table. I counted three tablets and seven phones from three different manufacturers and operating systems. A few brought laptops—I counted two different operating systems between three machines—but it wasn’t that long ago when every one in the room had the exact same device. While I might think it’s great that everybody gets to use the device of his or her choice, I can only imagine the pain of managing this from an IT perspective. When employees with Tablet PCs want access to company data or want their various devices to sync with each other or “talk” to other employees’ devices or desktop, they call IT.

In most organizations, the IT department is charged with providing connectivity—and the security of that connectivity—for a growing list of different device types. At last count, AT&T networks had certified over 900 different devices as being worthy of connecting to its networks. If they’re having a panic attack in the IT department, I can understand why.

And it looks like connectivity is only part of the issue. The “September 2010 MessageLabs Intelligence Report,” published by Symantec, calls attention to a few more things that should make IT managers lose sleep:

  • For starters, over a third of all workers exhibit “potentially harmful web browsing habits” when working remotely
  • They’re also as much as 500 percent more likely to visit inappropriate sites than office workers
  • Remote workers also trigger six times more undetected malware attacks than office workers
  • More than a third of workers that work both remotely and in an office are more likely to trigger policy blocks when they’re working in the field than when they are at their desks
  • “In other words,” the report reads, “employees are more likely to be compliant when at their office desk. Perhaps these users feel that they are no longer under surveillance and as such willfully ignore their employers’ acceptable usage policies.”

I’m sure it would be easier for IT departments if we went back to the one-device for everybody rule. But given the ever-increasing mobility of the workforce and the number of devices that keep coming on line, I don’t see that happening. So how do IT departments provide security and connectivity with all kinds of non-traditional computing devices to worry about?

All of the devices sitting on the conference room table that day are examples of “post-PC” devices, and they’re all equipped with built-in security measures—such as the ability to lock or be “wiped” remotely. But to keep IT managers from losing sleep, security measures must go farther than that. I suggest the implementation of rigorous security policies and the ongoing education and training of employees in terms of web-surfing policies and security risks. If the data in the Symantec report is any indication, a regularly scheduled security and usage refresher course now and again wouldn’t be a bad idea.

Do any of you do this already?
If so, what’s worked for you?
Any best practices?
The Networking Exchange Blog Team About NEB Team