New RSA Research Finds User-Driven IT Taking Hold in the Enterprise
BEDFORD, Mass., July 22 /PRNewswire/ — Today RSA, the Security Division of EMC (NYSE: EMC), released two new research initiatives that reveal a surge in the use of consumer technologies within the enterprise and examine the rising impact today’s engaged, technology-savvy end users are having on IT strategies worldwide.
The first research initiative – a survey conducted by IDG Research Services – reveals the rapid use and adoption of consumer technologies like the iPhoneÃ‚® and iPad(TM) mobile digital devices within the enterprise and the pivotal role users are playing in driving this trend. The second research initiative, from RSA’s Security for Business Innovation Council, examines this phenomenon more deeply -exploring why traditional models where IT controls the use of all enterprise technology are quickly crumbling. This report offers concrete recommendations for how security leaders can get out in front of user-driven IT and manage risks to create new business value.
“The trend toward leveraging non-corporate-controlled assets and using social media for accessing and distributing information is inevitable,” said Security for Business Innovation Council member David Kent, Vice President, Global Risk and Business Resources, Genzyme. “It would be a mistake for any company to put its head in the sand or to dig in its heels; because the tide will be working against you. It would be much better to recognize it and then create the parameters to make it work for you.”
IDG Study Shows Enterprises Embracing Consumer Technologies, Neglecting Risks
Commissioned by RSA, a June 2010 IDG Research Services survey of nearly 400 security and IT decision makers reveals a sharp rise in the enterprise adoption of consumer technologies and uncovers the growing role end users are playing in accelerating this trend. The research also underscores how unprepared many organizations are to manage the risks associated with this new reality.
Key findings include the following:
- 76 percent of security and IT leaders believe user influence on device and application purchase decisions within the enterprise is on the rise.
- While the majority of decisions about older technologies such as desktops and laptops are still made by IT, this dynamic shifts when it comes to newer consumer technologies:
- More than 60 percent of respondents report that users have some input regarding the types of smartphones purchased, with 20 percent reporting that they let users decide.
- 52 percent of organizations allow users to provide input on or make decisions about netbooks while 50 percent involve users in tablet decisions.
- Even when it comes to desktops and laptops, users have input into purchasing decisions at 35 percent and 47 percent of companies, respectively.
- Just over one-quarter of the respondents report their companies currently allow employees to use their own personal computers or mobile devices for work purposes.
- Though most companies have policies aimed at preventing or limiting the connection of personal devices to the corporate network, nearly 60 percent of respondents said that unauthorized connections to the corporate network still occur and 23 percent of the largest organizations surveyed have experienced a serious breach or incident because of a personal device on the corporate network.
- More than 80 percent of companies now allow some form of access to social networking sites. Of those companies, 62 percent are already using it as a vehicle for external communication with customers and partners.
- The trend to enable users more access to consumer technologies is viewed in a positive light by most respondents. As many as 63 percent believe that using devices such as netbooks, tablets, smart phones and social media would increase productivity.
- Many companies are not fully prepared to confront this trend from a security standpoint. Just 11 percent feel very confident that they have the right level of security in place to accommodate increased access to consumer devices and applications.
- Only 22 percent of companies surveyed thoroughly calculate the risks associated with consumer technologies and applications before users begin using them for business purposes, 38 percent assess the risks in some cases, but have gaps in their strategies and up to 40 percent of those surveyed don’t calculate the risks at all.
Study findings are summarized in the IDG Research Services white paper, “Users Get Their Say” and presentation of research highlights, “Enterprise Security Challenges in Confronting the Growing Consumer Technology Trend.” Organizations can also test their readiness to enable choice computing and compare results to those of the executives surveyed by taking the Choice Computing Readiness Index.
New Council Report Shows User-Driven IT Reshaping Information Security
Also today, RSA released the results of its sixth Security for Business Innovation Council report, “The Rise of User-driven IT: Re-calibrating Information Security for Choice Computing.” In this report, accomplished security leaders from around the world explore how the rapid adoption of consumer technologies such as smartphones, tablet PCs and social media is transforming IT. The report highlights a significant shift in how technology is being adopted for enterprise use – in that it’s no longer just the IT department dictating which devices and technologies will be used; employees are taking the reins. The report further highlights that users will not only continue to influence IT and make technology decisions, but that many enterprise computing assets will actually be user-owned. While the shift to user-driven IT is inevitable, it doesn’t have to be a threat to the enterprise – instead it can be an opportunity to bolster the company’s own value.
“Like it or not, personal and professional computing have collided and the fall out is being felt in enterprises worldwide,” said Tom Heiser, Chief Operating Officer, RSA, The Security Division of EMC. “User-driven IT has the potential to deliver huge benefits to users and their organizations. The companies that figure out how to unleash user know-how and consumer technologies while managing the risks will win this high stakes game. This is the moment for information security teams to step up and be the most valuable players.”
Based on the collective insights of the Security for Business Innovation Council, which includes some of the world’s top security officers, the report provides a roadmap to prepare information security teams to securely give their users more flexibility in computing. Specific guidance includes:
1.) Shift Minds to the Times: As users increasingly make decisions about how technology is used in the enterprise, security teams must shift their attitudes from command and control to oversight and business enablement. The Council introduces a new way for security professionals to think about their roles and what’s actually important to protect.
2.) Reframe Users as Assets: The average person has become a sophisticated technology user. Instead of treating user education as one-way communication, security needs to re-invent it as a two-way conversation. The Council outlines how security teams can begin leveraging user populations as powerful tech-savvy armies that can be activated for business advantage.
3.) Support Calculated Risk-Taking: User-driven IT introduces a whole new set of risks that are compounded by escalating compliance and legal obligations and an evolving threat landscape. To help keep the risks to an acceptable level, security professionals must know and understand the risks and be acutely attuned to their organizations’ risk appetites. Council members share guidance on how to approach issues of ownership and representation, e-discovery, the growth of mobile malware and phishing dangers on social networking sites.
4.) Get in Front of Technology Trends: To gauge the risks and rewards of user-driven IT, the security team will have to get up to speed on consumer devices and applications as well as the technologies that enable enterprise deployments. Council members share advice for keeping pace with future-critical technologies including virtualization, thin computing, cloud computing and advanced authentication and security technologies.
5.) Own the Future: In the rapidly changing world of consumer technology, the ability to anticipate changes before they happen will be more important than ever. The Council provides advice on how to set up cross-functional teams, establish flexible budgets with built-in contingency funds and use pilot projects to limit exposure and gain enterprise experience.
6.) Collaborate with Vendors: Council members explore the key role vendors can play in enabling user-driven IT and provide guidance on how to best partner with them to understand what’s on the horizon and shape future enterprise offerings.
About the Security for Business Innovation Council
The Security for Business Innovation Council is a group of highly-successful Global 1000 security executives who are committed to sharing their own insights and experiences to help move information security forward at organizations worldwide.
Council members include: Anish Bhimani, Chief Information Risk Officer, JP Morgan Chase; Bill Boni, Chief Information Security Officer, Vice President, T-Mobile USA; Roland Cloutier, Vice President, Chief Security Officer, Automatic Data Processing, Inc.; Dave Cullinane, Chief Information Security Officer and Vice President, eBay; Professor Paul Dorey, Founder and Director, CSO Confidential and Former Chief Information Security Officer, BP; Renee Guttmann, Vice President, Information Security & Privacy Officer, Time Warner Inc.; David Kent, Vice President, Global Risk and Business Resources, Genzyme; Dave Martin, Chief Security Officer, EMC; Dr. Claudia Natanson, Chief Information Security Officer, Diageo; Vishal Salvi, Chief Information Security Officer and Senior Vice President, HDFC Bank Limited; Craig Shumard, Chief Information Security Officer, Cigna Corporation; and Denise Wood, Chief Information Security Officer and Corporate Vice President, FedEx Corporation.
The report released today is the sixth in the series, and RSA expects to publish more original Council reports over the coming months. Those interested in learning more about the Security for Business Innovation Council reports can visit the RSA Thought Leadership website at http://www.RSA.com/securityforinnovation/ to view and download all of the studies.
About IDG Research Services
IDG Research Services specializes in marketing and media-related research for technology marketers. A division of International Data Group (IDG), the world’s leading technology media, research, and event company, IDG Research Services’ global products and services bring the resources and experience of a large, global company to its clients in the form of a small, customer-focused business. For more information please visit http://www.idgresearch.com.
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.
EMC Corporation (NYSE: EMC) is the world’s leading developer and provider of information infrastructure technology and solutions that enable organizations of all sizes to transform the way they compete and create value from their information. Information about EMC’s products and services can be found at www.EMC.com.
RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. iPhone is a registered trademark of Apple, Inc. iPod is a trademark of Apple, Inc. All other company and product names may be trademarks of their respective owners.
SOURCE EMC Corporation