Ian Foddering, CTO and technical director at Cisco UKI, draws upon the Cisco BYOD experience and says we need to blend business and personal, provide the security but not destroy the experience. How can you achieve all that?
Modern workers, particularly young ‘Millennials’ want the freedom to browse the web not only when and how they want to, but also with the devices they choose. Millennials is a term used to describe the next generation of workers also referred to as generation Y. Although Millennials desire to access the web freely they don’t want these freedoms impinged upon by their employers, a situation that can spell tension for security professionals.
Ian Foddering, CTO and technical director at Cisco UKI, says Millennials are now entering the workplace and bringing with them new working practices and attitudes toinformation and the associated security thereof.
“They believe in the demise of privacy—that it’s simply defunct in practice, and it’s in this paradigm that organisations must operate—a concept that will be alarming to the older generation in the workplace.
According to the 2012 Cisco Connected World Technology Report study, two-thirds of respondents believe employers should not track employees’ online activities oncompany-issued devices. In short, they do not think employers have any business monitoring such behaviour. This article explores the means by which organisations can look to provide information security education to their employees and how networking trends are evolving and paving the way for big data and analytics opportunities.
Connected Workers and Data Privacy
The increasing risk factor for enterprises in the any-to-any equation is young, mobile workers. This group believes they should be able to do business wherever they happen to be and on whatever devices they have at hand. The latest Connected World study showed that Millennials have strong feelings about employers tracking the online activity of workers—even those who report they work at organisations where such tracking does not occur.
Millennials working practices and attitudes to information have security implications. Organisations can, however, look to provide information security education to their employees to alert them to the risks and provide guidance on how best to share information and leverage online tools within the realms of data security.
Cisco BYOD Practice
Endpoint proliferation is a phenomenon Cisco knows well, we formalised our bring-your-own-device (BYOD) practice two years ago and witnessed a 79 percent growth rate in the number of mobile devices in use in the organisation. In 2012, Cisco added about 11,000 smartphones and tablet computers companywide—or about 1,000 new Internet-enabled devices per month. At the end of 2012, there were nearly 60,000 smartphones and tablets in use in the organisation—including just under 14,000 iPads.
Employees make the choice to trade having access to corporate data on their personal device with agreement on security controls. For example, users who want to check their email and calendar on their device are required to take Cisco’s security profile that enforces remote wipe, encryption and passphrase.
Our next step for BYOD at Cisco is to further improve security by increasing visibility and control over all user activity and devices, on both the physical network and virtual infrastructure, while improving the user experience. Caring about the user experience is a core consumerisation of IT, we’re trying to apply this concept to our organisation. We’re now seeing an ‘IT-ization’ of users. We’re beyond the point of them asking, ‘Can I use this device at work?’ Now they’re saying, ‘I understand you need to keep the enterprise secure, but don’t interfere with my user experience.’
Paving the way for big data
As mobility, cloud, virtualisation, endpoint proliferation, and other networking trends evolve or emerge, they will pave the way for even more big data and analytics opportunities for businesses. But there are security concerns about big data. From conversations with customers and partners many believe big data complicates security requirements and protection of data and networks because there is so much data and too many ways of accessing it. In short, big data increases the vectors and angles that enterprise security teams must consider.
To help ensure security, the entire IT team should participate in strategising and leading big data efforts within their companies. Big data doesn’t complicate security—it makes it possible, at Cisco we collect and store 2.6 trillion records every day—that forms the platform from which we can start incident detection and control.
As for solutions designed to help enterprises both better manage and unlock the value of their big data, there are some barriers to adoption. Lack of budget, lack of time to study big data, lack of appropriate solutions, lack of IT staff, and lack of IT expertise are all sticking points. Lack of expertise and personnel can be an inhibitor to their enterprise’s ability to use big data effectively, indicating a need for more professionals entering the job market to be trained in this area.
To summarise, workers attitudes and cyber crime has moved on. Organisations need to provide information security education to their employees and adapt to meet the demands of evolving networking trends. Investing time and training in paving the way for big data and analytics opportunities will prove invaluable in enhancing security.”