There is an increasing pace of change in how we work and the role that technology plays in every aspect of business. Innovative cloud and “as-a-service” technologies have made it easy for anyone within an organisation to acquire their preferred applications, commonly without intervention from IT. Whilst this can mean that technology which meets user need can be accessed, this change has also affected the ability of the IT department to control security and operational risks. Whilst the natural reaction of those in IT will be to lock down their estate, a responsive IT department will recognise that workers should be able, wherever possible, to access applications they wish to use, in a safe and secure way.
Workers have definite preferences when it comes to the technology they use every day, and this can put them at odds with IT and, perhaps more worryingly, the best interests of their organisation. According to a recent survey of global workers, 41 per cent of employees will avoid consulting IT when wishing to access to professional software and applications that they feel are essential to doing their job. In addition to this, of those responding to the survey, most have accessed work assets on their personal devices.
The use of cloud and SaaS means that IT decisions are being decentralised. This has, in the past, been described as “shadow IT,” as this expansion of technology has become the new normal. Whilst this is a good thing, with any systemic transfer of power, an organisation’s IT infrastructure can quickly descend into chaos if employees, IT teams and decision-makers don’t collaborate.
Preparing the workforce of the future
Survey data suggests that different generations consider and use technology in different ways. So-called millennials have grown up with technology and seamlessly incorporate technology into their personal and professional lives more than previous generations. These “digital natives” are moving into leadership positions (and more importantly, buying decision roles).
This generation expects workplace technologies to mirror the technologies they use in their educational and personal experiences, and have a greater tendency to resent barriers to access. 81 per cent of millennials admit they have used or accessed unapproved technology or assets on their work device without ITs permission. Millennials are therefore almost twice as likely to adopt unauthorised technology compared to other generations.
Millennials are also exponentially more resistant to asking for permission to access software in the workplace. Compared to older workers, they are more than four times as likely to feel it is beneath them and over three times more likely to believe it is an outdated concept.
The demographic impact
To effectively manage today’s workforce, business leaders need a comprehensive understanding of the different groups of workers and how to best utilise their knowledge and experience.
Managers or more senior staff have been found to be almost twice as likely to use unauthorised professional or personal software or applications. In the survey, over 90 per cent of executives admitted that they knew such behaviour is problematic for their business, but more than half (57 per cent) avoid IT when accessing professional software and apps. Entry-level employees appear to be the most well behaved, with 38 per cent reporting they never access software or applications on their work device without IT’s consent.
As staff admit that they know their behaviour can cause issues, it is clear that this knowledge is not enough on its own to effect change. When faced with such risky technology behaviour, visibility and understanding of the scope of the problem is a critical step towards identifying a feasible and efficient solution.
How to effect change
To help manage employee behaviour and encourage proper device usage, best practice would be to rely on a combination of approaches including:
1. Security awareness education: ongoing training and communication to your organisation’s workforce are required to communicate risks such as browser hijacking, ransomware and malicious software downloads. This helps to educate staff on what is appropriate and what crosses the line. It’s important to make this training tangible and avoid hours of compliance style videos.
2. Visibility of the organisation’s IT estate: it is important that businesses understand what employees actually use day-to-day and week-to-week in order to spot both unauthorised usage and software installed on end-user devices. If there is an unapproved tool which is being widely used across an organisation, it may be worth the IT team considering investing in the tool or investigating and providing an authorised alternative.
3. Implement active controls: through the use of unauthorised or unapproved technology, employees can create security issues for an organisation. It is therefore critical that security remains strong. Review your active controls at the network perimeter or with anti-virus vendors to try and prevent malicious downloads or employees visiting known piracy sites.
In summary: our relationship with work and technology has changed and worker expectations are increasing. As the guardians of both the security and reliability of their organisation’s technology ecosystem, it is up to IT to find a balance between empowering a new, more demanding workforce whilst also serving and safeguarding the business’s needs.
Alastair Pooley, Chief Information Officer, Snow Software