A good follow-up article if you're interested in security concerns regarding this trend was recently posted by Marcus Ranum and Bruce Schneier. If you're in IT and even peripherally involved in security controls, subscribing to Bruce's newsletter or RSS feed is a must. He typically approaches security problems from a practical perspective, debunking myths and common mis-conceptions, while digging into the psychological aspects of people to understand why most of us act irrationally when it comes to risk assessment. One of his most exclaimed phrases tells readers to "refuse to be terrorized!"
You can read their recent arguments for and against consumerization and corporate IT security in the latest edition of Information Security magazine (registration required). Bruce's half of the argument is also available without registration on his website.
I tend to agree with Bruce's point of view that corporate IT security will ultimately be on the losing end of this battle. To attract and retain the best young talent, corporations are going to have to allow employees to use their tools of choice. This doesn't mean giving up on security, but shifting the approach away from strict corporate control over IT systems. Saying "no" has always been the dirty word associated with security departments. It's time we start saying "yes" and developing flexible eco-systems to accommodate the variety of consumer electronics.
What is your company doing to support consumer devices? Are your employees finding ways around current security policies?
-Andrew
No comments:
Post a Comment