The consumerisation of IT - what did you install?

As mentioned in my first blog post on the consumerisation of IT, the idea of letting your employees choose their IT hardware and software is not a bad idea as long as you understand the potential downfalls and mitigate against them up front. The...

Share

As mentioned in my first blog post on the consumerisation of IT, the idea of letting your employees choose their IT hardware and software is not a bad idea as long as you understand the potential downfalls and mitigate against them up front.

The first post was about the data. This one looks at the applications.

How many people now have an iPhone, or a iPad or any other type of smart phone or internet tablet, and haven’t yet installed a new application? None. The joy of these devices are the apps, a lot of which are free, while others are just a few pounds. Many are games, but many others are productivity tools, offering to synchronise contacts and backup data in case the phone is lost.

But what if it’s the company’s data? What if one of the files contained customer details and it’s now on a publicly accessible cloud storage system? What would be the impact on the company?

While the phone vendors have the means to vet the applications that are available for download, it won’t be as rigorous as a company’s internal policies. A number of applications have recently been revoked for not actually being what they purported to be. These weren’t malware, but they might have been.

The underground economy likes credit card details and online banking details, online shopping accounts, in fact any sort of data, and that includes corporate usernames and passwords. Today’s smartphone is a window into the data centre, where it may have access to thousands or even millions of customer records which may include the ever valuable credit card details.

While policies are needed for dealing with corporate data held on consumer IT, there also needs to be policies and guidelines surrounding issues like what applications may or may not be installed and education as to why there needs to be caution.

Author: Guy Bunker, Jericho Forum Spokesperson and Partner, ExecIA LLP