Believe it or not, there are actually ways that the consumerization of IT can make data more secure. How? Call it the “pride-of-ownership” effect. If you give your end users cool devices or let them to use their corporate devices for personal reasons, they’ll take better care of them.
Eric Lai deserves credit for bringing this to our attention with his comment on last week’s article about Motorola Solutions’ attempt to thwart BYOD. The hook of his blog post on ZDNet was that playing games like Angry Birds will get people to feel more attached to their corporate iPads. More importantly, though, he pointed out that end users will treat cool tablets a lot better than corporate ruggedized devices. (Ruggedized devices was a new term for me, but I knew instantly what he was talking about. Think of a utility employee or a FedEx guy with their big, bulky specialized tablet device that likely runs Windows 7 Mobile.)
I see this same effect in my office. The same people that forcefully jam their big, ugly corporate Windows laptops into the bottom of their backpacks tender lavish care on their iPads.
Even if the corporate device isn’t a sexy iPad, allowing personal use will go a long a long way in getting users to protect it. At the Intel Developer Forum in September, Intel’s CISO, Malcolm Harkins, spoke at a session about consumerization in the enterprise. He noted that incidents of lost and stolen laptops at Intel decreased dramatically after they started allowing employees to use them for personal reasons. It makes perfect sense: if there are pictures of your kid’s birthday party on your laptop, you’re going to keep tighter control of it then if it was an anonymous corporate device.
So there’s a good argument for letting your employees use their corporate computer for personal reasons—when they protect their personal attachment to it, the corporate data will be protected along with it.
Of course some people argue the exact opposite: when you let your employees go wild, suddenly their laptops and devices will be open to a whole new set of threats. User installed applications could be a problem, depending on your policies. And if an employee has pictures of their kids on their laptop, it just means that they’ll take it outside of the office more, giving them a better chance of loosing it.
Will the pride-of-ownership that comes with cool devices or personal usage make the corporate data that’s also on a device more safe? Or is it just asking for more trouble from crazy user land?