I have been running Dropbox (News - Alert) file-sharing on my work computer for years so I can make sure the work I do on my personal computer is available on my professional computer when I need it. I have separate Facebook accounts for home and work. I use Skype (News - Alert) all the time for work calls, and the software exists on every work device I use.
For me, it is just about getting my job done quickly so I meet the business objectives laid out by my boss. But for my company’s IT department, my enterprising ways are more than that: They’re a security threat.
I’m not alone in bringing my own software and Web services into my work life; a bit more than a quarter of consumers provision their own enterprise social networking applications, according to a recent Ovum (News - Alert) global survey. About 22 percent use their own file-synchronization and file-sharing applications, while 30.7 percent provide their own instant messaging and VoIP applications.
Like me, for most people the intention is not to damage our company—quite the opposite. But all this unauthorized software introduces a real threat to corporate security.
IT departments should be particularly wary of file-synchronization, file-sharing and collaboration applications that employees provide themselves, according to Richard Absalom, analyst with Ovum's consumerization practice. It is far too easy for these programs to airlift sensitive corporate data out of the company without anyone’s notice.
What IT departments need to do is monitor their employee’s application patterns and provide secure, corporate-sponsored versions of the software. It isn’t that the employees want to install their own apps, it is because they must. So discovering the problem and tackling it proactively can greatly cut down on the bring-your-own-application trend.
"Learn what your company is doing with the cloud first, then decide [whether] what you've learned is good for the company or bad for the company," advised James Staten, vice president and principal analyst for Forrester (News - Alert) Research.
Opening up the lines of communication also can help. Most employees are happy to share their needs with IT if they think it will lead to solutions to their problems.
It also helps if employees understand the risks they take on when they install or use software that has not been provided by their IT department.
Start with explaining the criteria that makes an application enterprise-ready. It is important to examine those criteria from multiple points of view: functional, integration, vendor viability and, of course, security and compliance.
Edited by Rory J. Thompson