India has the youngest population in the global economy. As this
young population has started entering the workforce, it has started
impacting the existing practices of established companies. The
younger generation, well acquainted with consumer devices such as
iPad want to use their own devices to access corporate networks.
The usage of consumer devices in the enterprise is spreading like
wildfire, as it allows employees to get access to company
information without getting the IT function involved.
While this creates a huge impact on productivity, it also exposes
the organization to newer security risks. For example, company data
stored on mobile devices create a risk of losing the data as mobile
devices can be lost or stolen, unlike their desktop
counterparts.
“The smart device technology opportunity is now outpacing an
organization’s ability to secure and manage new devices and
the information they access,” opines Shantanu Ghosh, Vice
President, India Product Operations, Symantec. The huge growth in
the number of devices represent significant risks for enterprises.
According to Symantec’s Enterprise Security Survey –
Millennial Mobile Workforce and Data Loss, the number of
smartphones connecting to the network was increasing in 73 percent
of the respondent Indian enterprises. Given the diversity of mobile
devices and platforms, few organizations are well prepared with a
security strategy for this emerging world.
The thin line between work and home is rapidly vanishing, and
today, a rising number of companies are giving their employees the
option of working from home. This makes it extremely difficult for
the organization to control how employees consume or use
information.
“Previously, a company’s information network ended at
its firewall, and its valuable data remained relatively secure
within that network. But today, data is no longer contained within
the walls of your business and the network ends with the user and
ultimately with the user’s device. In this environment,
security is far more complex than in the past and security must go
with, and where the data travels,” explains Michael Sentonas,
VP, Chief Technology Officer, Asia Pacific, McAfee, on why it is
challenging for enterprises to confine data within the four walls
of a company today.
The trend is now of user-driven IT, and it has started to impact
how enterprises purchase IT devices. “End users are
influencing IT and security decisions in the workplace more than
ever before forcing organizations to introduce consumer devices and
Webbased services at the workplace. This is especially true when it
comes to people who have grown up with technology and are addicted
to their device. They not only insist on being allowed to use these
devices within the enterprise but also want access to social
networking and blogging sites,” states Kartik Shahani,Country
Manager, RSA India & SAARC.
A research report commissioned by Shahani’s firm, RSA,
underscores the growing importance of the consumerization of IT in
Indian enterprises. The report found out that a massive 76 percent
of security and IT leaders believed that user influence on device
and application purchase decisions within the enterprise was on the
rise. What is frightening however, was the finding that nearly 60
percent of respondents said that unauthorized connections to the
corporate network still occurred, despite policies aimed at
preventing or limiting the connection of personal devices to
corporate networks.
The antisocial element of social networking
As a country with the youngest population, the Generation Next in
India wants to use social networking websites such as LinkedIn and
Facebook through corporate networks. The growing power of the youth
can be seen from the fact that India now ranks as the seventh
largest market worldwide for social networking, with websites such
as Facebook and LinkedIn reaching millions of users.
These social networking websites are invaluable resources
specifically for personnel in the marketing, sales or the research
teams. It is common to see employees use these social networking
websites interchangeably for business and personal activities. For
most employees, social networking tools have become indispensable
tools for building professional relationships and doing business.
For example, a research report commissioned by RSA mentions that
more than 80 percent of companies in India now allow some form of
access to social networking sites. Of those companies, 62 percent
are already using it as a vehicle for external communication with
customers and partners.
That said, social networking websites are also dangerous as they
are attractive targets for hackers. This is corroborated by the
findings of the Internet Security Threat report (Volume 16) by
Symantec, which states that last year, attackers posted millions of
these shortened links on social networking sites to trick victims
into both phishing and malware attacks. “Social media
presents many opportunities for attackers to find personal
information that can be used in social engineering to target
specific individuals. It is an active attack vector for spam and
malware. Whether it’s a mass attack or targeted, when users
are surrounded by friends, it’s simple to get them to click
on seemingly legitimate links,” states Ghosh of Symantec.
This trend has dangerous implications for enterprises.
Block and deny will not work anymore
Till date, organizations have taken a simple approach — most
CIOs have simply blocked access to social networking websites and
restricted the usage of personal devices. A case in point is Jindal
Intellicom, which represents the Jindal Group’s strategic
focus in Business Process Outsourcing. Being a company in the BPO
sector and having access to sensitive information about its
clients, Jindal Intellicom’s security needs are defined by
the nature of the clients it serves.
“We have controlled access on the usage of smart phones.
Employees are not allowed to use smart phones in the production
area. Blackberry phones provided by the company have restricted
access and can only be used for email exchange,” states Vijay
Raghavan, CIO, Jindal Intellicom. The BPO firm has also quarantined
confidential information with layers of access control and
continuous monitoring.