Keeping an eye on users' personal tech

13.03.2006
For years, it was pretty easy for IT professionals to safely ignore what went on in the consumer market. After all, in the not-too-distant past, a business tool like your telephone had nothing to do with your camera, and your PC wasn't even in the same room as your music player. Your PC, in fact, probably stayed in the office, and despite the moniker, there was very little personal stuff on your personal computer.

That's all changed. What's more, it seems that consumer personal technology is continuing to explode, even as business IT has plateaued. When personal technology outpaces business technology, there is inevitably a commingling of business and personal data, as business users put their whizzy personal toys to business uses.

This means that IT has to keep abreast of consumer-grade technologies. I'm not suggesting that you go out and buy iPods for everyone, but it is important to understand the implications of living in a world where personal technology is burgeoning.

One implication of the diffusion of technology both at home and at work is that the line between personal and professional life is increasingly blurred. People who buy tiny storage devices, iPods and PDAs are often also corporate users who don't see any reason not to put those consumer technologies to business uses, or at least to link them to corporate assets and networks. When that happens, what should IT departments do? They can't simply ignore or ban the consumer devices; they need to understand the technologies and then set policies accordingly.

For years, IT departments have generally recognized the need for policies regarding acceptable personal use of PCs, e-mail, instant messaging and other resources. Today, they need to create policies that address the issues that arise when business users bring their personal technologies into the corporate setting. When formulating such policies, the key is to focus on two types of risk that result from business data residing on personal devices:

Data security. The primary risk arises when sensitive data resides on devices that are small and easily hacked, lost or stolen. Devices that automatically synchronize to a remote third-party server add another potential area of insecurity for corporate data. And personal devices that connect over insecure wireless networks create yet another potential risk.