Sometimes I think that IT shops would run perfectly if it wasn't for all the users.
Lately, the rise of blogs, social networking sites, PDAs and instant messaging has led to IT being squeezed by users from above and below - both in terms of corporate hierarchy and age. High-level business executives demand the freedom that portable technologies allow, while at the other end of the spectrum even entry-level Gen Y workers insist on constant connectivity these days. See what I mean? Users.
The business sees mobile technologies as a way to provide flexibility, a tool that allows them to be available even when out of the office. IT on the other hand sees new weaknesses. What if it gets left on the train! What are people doing with these things when we're not around? Face it, users are destroying our perimeters.
The users who want the social and mobile advancements of a Web 2.0 world are eroding the security of our enterprises, but that's not all. At the same time, security is seen as a money pit by the business, largely due to a lack of measurable benefits.
As pointed out in the State of the CIO survey in this month's CIO magazine, the three biggest barriers to CIO job effectiveness are: shortage of time, inadequate budgets, lack of business sponsorship and accountability for IT projects. It's not too much of a leap to figure that one of the reasons it is so tough to get business sponsorship for security projects is that the business sees security as a cost that must be borne, a chore that has to be factored in and not an enabler.
Too often the attitude is: let's do the bare minimum we can to keep the regulators off our backs. And security professionals and IT execs reinforce this view by failing to speak in the language of the business. We still talk about IT as a commodity, using terms like "Pen testing" and "vulnerability management" when we should be focusing on users instead.
The media is often accused of over-hyping security, so we've tried to keep things practical in this issue. Security is a dramatic area of IT, but we prefer to offer constructive advice which IT managers can use to develop sound usage policies that will benefit their organizations in the here and now. In "The Trouble with Gen Y" we even advocate going easy on Gen Y instead of giving them the spankings most of them so richly deserve.
After all, what's important here is finding a balance. Today's users aren't really trying to destroy our perimeters, they simply want mobility and connectivity so they can achieve a proper balance between work and life. But in this new age of mobility and social networking the street must run both ways. Companies and their IT departments have to be sure that mobile workers aren't taking advantage of them or, worse, putting the entire organization at serious risk. With flexibility comes responsibility.