That's all changed. What's more, it seems that consumer personal technology is continuing to explode, even as business IT has plateaued. When personal technology outpaces business technology, there is inevitably a commingling of business and personal data, as business users put their whizzy personal toys to business uses.
This means that IT has to keep abreast of consumer-grade technologies. I'm not suggesting that you go out and buy iPods for everyone, but it is important to understand the implications of living in a world where personal technology is burgeoning.
One implication of the diffusion of technology both at home and at work is that the line between personal and professional life is increasingly blurred. People who buy tiny storage devices, iPods and PDAs are often also corporate users who don't see any reason not to put those consumer technologies to business uses, or at least to link them to corporate assets and networks. When that happens, what should IT departments do? They can't simply ignore or ban the consumer devices; they need to understand the technologies and then set policies accordingly.
For years, IT departments have generally recognized the need for policies regarding acceptable personal use of PCs, e-mail, instant messaging and other resources. Today, they need to create policies that address the issues that arise when business users bring their personal technologies into the corporate setting. When formulating such policies, the key is to focus on two types of risk that result from business data residing on personal devices:
Data security. The primary risk arises when sensitive data resides on devices that are small and easily hacked, lost or stolen. Devices that automatically synchronize to a remote third-party server add another potential area of insecurity for corporate data. And personal devices that connect over insecure wireless networks create yet another potential risk.
Infection potential. While the main risk today lies in data leaving the corporate network, a secondary risk lies in personal devices introducing threats to the network. PC-centric security vendors emphasize this risk. Although the threat of virus and Trojan-horse transmission is largely confined to insecure PCs or laptops today, handsets and PDAs themselves will likely also become targets of threats to IT networks in the future. IT needs to recognize this and make sure consumer-purchased technology is secured and free of viruses and Trojans.
IT should begin now to confront the issue of consumer technologies in the workplace and the desire of employees to access work-related data beyond the corporate network. The policies and technologies that enterprises deploy can take a variety of forms. For most scenarios, setting proper policies and keeping track of the latest consumer trends and devices (as opposed to prohibiting devices) will prove to be the most effective way to balance user desires with IT needs.
Michael Gartenberg is vice president and research director for the Personal Technology & Access and Custom Research groups at JupiterResearch in New York. Contact him at mgartenberg2@optonline.net. His weblog and RSS feed are at http://weblogs.jupiterresearch.com/analysts/gartenberg.