Consumer IT in the workplace is causing a data security nightmare

The implications of the latest Gartner predictions are clear: a string of user-empowering consumer IT technologies are steadily loosening the modern organisation’s grip on its workforce practices and on its most sensitive data.

By 2012, 73% of the enterprise workforce will be mobile, and some 20% of companies will no longer own any IT assets, by 2013 80% of businesses will support a workforce using tablets and by 2014 almost all businesses will supply corporate data through smart-phone apps, as data migrates beyond office walls to the remote realms of virtual reality and cloud-services.

Gartner’s latest predictions conjure up images of a data security nightmare, providing a porthole into a future digital workspace of informational chaos, with endlessly multiplying mobile endpoints, sensitive data handled on home laptops and mobile devices, a growing stream of unencrypted, unprotected user data on employee endpoints, i-workers” closing lucrative deals in Starbucks, remote boards thrashing out mergers in virtual meetings and corporate data flowing, unfettered, across public networks.

We know where these changes are coming from. The markets have shown for some time that the fixed PC endpoint is falling out of favour with the modern consumer, which means that, this year alone, 42 million tablets and 330 million new mobile devices will have been sold worldwide while the PC market continues to stagnate.

But as corporate IT is increasingly infiltrated by consumer trends, with mobile data storage replacing fixed endpoints, the implications for data security are potentially disastrous.

One recent report from the Ponemon Institute found that the average data breach incident cost UK organisations £1.9 million. And with the EU and Australia moving to enforce mandatory data-breach notification laws, the Financial Services Authority now flexing its punitive muscle and the ICO newly-armed with the power to impose crippling £500,000 fines on negligent organisations, data security is becoming a legal imperative.

But in a services economy where reputation is the biggest business asset, and a 24/7 media culture where mainstream news is increasingly converging with user-generated media content, it is the instantaneous effect of data breaches on reputation, and corresponding share price, that most concerns businesses.

The reputational cost of data breaches for global giants in today’s media environment was powerfully illustrated when Toshiba was recently hit by a massive data breach. The NHS recently compromised the medical records of £8.6 million patients after the loss of an unencrypted laptop, while just one missing BP laptop containing details of those affected by the recent oil-spill could cost the oil giant $2.78 million.

Meanwhile, for an estimated 80% of SME’s, who can least afford such losses, data breaches could lead to bankruptcy.

Spending on security solutions has massively increased, but many organisations are only adopting patchwork solutions. Of 160,000 laptops lost in Europe in 2010, 34% were encrypted, but only 26% were regularly backed up and many had no capacity for remote deletion. We also know that just 3% of lost devices are ever traced and many organisations no longer control which employees access sensitive data.

This demonstrates the urgent need in the channel for single disaster-recovery and policy-control solutions that can combine the functions of data backup, encryption, port-locking, remote data-policy control, remote deletion and device trace, through one central agent.

Consumerisation of IT

Because consumer IT is geared towards data consumption rather than data creation and user empowerment rather than data privacy, without the right security solutions it has the potential to open the floodgates to catastrophic corporate data-loss.

The personalisation of IT is now democratising corporate data, (in the same way user-generated digital media democratised news creation) with companies fast losing control of which tiers of employee access their data, or how sensitive information is communicated.

The explosion in consumer IT, is spawning a new generation of digitally-empowered, hyper-connected workers who expect the flexibility to work both remotely or on-site to facilitate work/life balance, to freely share corporate data over public networks anywhere in the world at any time, select their own IT technology, and introduce everything from app-stores to social media into the workspace.

The business community stands at a fork in the road. A recent ITC report gives a glimpse of one possible future, outlining the lack of corporate device encryption and the explosive growth in unauthorised use of personal devices to access corporate data, with businesses openly admitting they are floundering in the face of the new trend, due to a lack of governance policies, no integrated solutions to control what happens to important data inside and outside office walls, and an absence of sufficient will among management teams to solve the problem.

In this environment, it is no wonder many businesses are falling foul of regulators, when they are failing to even ensure compliance with their own data policies.

Yet rapid advances in encryption and cloud-based solutions mean that the technology to locally encrypt on the device, remotely store encrypted data and control access to existing data, or remotely delete and instantly restore lost data is already in existence for end points. Yet many businesses are not currently integrating all these solutions.

As data breach becomes a hot-button issue in the media, portable devices increase data vulnerability, the number of endpoints continue to multiply and Governments tighten the law, the market in end point data security is set to explode.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Phil Evans is VP at Datacastle. He has over 20 years of combined sales and business development experience in both North America and Europe. Phil was responsible for setting up the EMEA sales operations for EVault prior to Seagate's acquisition and the creation of i365 and held numerous positions at i365 including Director of Business Development (EMEA) and as VP of Sales for Northern Europe. Phil also served as a Director at a UK storage management company and established the European operations of Professional Services in EMEA for Legato Systems.