Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Riding the Consumerization Wave

Published 10/07/2012

Riding the Consumerization Wave

Rather than resist it, organizations should embrace Consumerization to unlock its business potential. This requires a strategic approach, flexible policies and appropriate security and management tools.

The Consumerization of IT is the single most influential technology trend of this decade. Companies are already well aware of it, as they wrestle with the growing influx and influence of smartphones, tablets, Facebook, Twitter and on and on. This “Bring Your Own Device” (BYOD) movement is very reminiscent of the early days of PCs in the late 1970’s-early 1980’s, when workers bought and brought their own Apple II or IBM PC to work to handle spreadsheets (using Visicalc or Lotus 1-2-3 respectively) so they could get data processed immediately rather than wait in line for the IS department to process punchcards, tapes, or whatever else the I/O was. Ultimately, IS heads had to stop resisting and start accepting the PC wave, and you know the rest of that story.

While this new BYOD growth does bring risks, too many companies make the mistake of trying to resist the influx of consumer IT. So what are the solutions and best practices for a company to turn Consumerization into a competitive advantage?

One: Have a plan. Take a strategic approach to Consumerization and develop a cross-organizational plan. IT cannot do this in a vacuum and will have to engage executives, line of business owners (marketing, sales, HR, product development) as well as customers, partners, and internal early adopters. While planning to adopt new consumer technology, IT managers should survey their most innovative users to discover what devices and applications they like and what they find most useful in their work activities. In this way IT will pull from users’ experience rather than pushing IT views to their base.

Two: Say yes – but not to everything for everyone. Develop a set of policies that clearly define what devices and applications are considered corporate-standard (fully supported by IT) vs. tolerated (jointly supported with the user) vs. deprecated (full user liability). In addition, IT should profile the global workforce based on relevant attributes such as role, line of business and location. And then map technologies to user profiles and define SLAs for each intersection.

Three: Put the right infrastructure in place. Deploy appropriate IT tools specifically designed to secure and manage consumer technology in the enterprise. Be aware that while some solutions have already materialized along the lines of specific product segments – i.e. Mobile Device Management, no single vendor can provide one single solution covering all functional requirements across all platforms. As vendors enter the Consumerization space with solutions initially developed for adjacent product segments, most solutions tend to offer overlapping core functionality and tend to lack the cross-platform support critical to protect and manage the full spectrum of consumer technologies. Therefore, IT will have to integrate multiple offerings across different product categories: security solutions for Internet content security, mobile anti-malware and mobile data protection, Mobile Device Management tools for system provisioning and application management, and Telecom Expense Management providers for procurement, support and cost control of voice and data services.

Companies that are questioning whether or not to allow workers to bring personal devices into the workplace should just stop asking: It's clear that you can get a competitive edge when you put the right precautions in place. The BYOD phenomenon gives companies that allow it a competitive advantage as it enhances innovation and creativity in the workplace while reducing overall costs for the entire organization. The key to not being overwhelmed by this trend is that all these devices need to be secured by implementing the proper BYOD policies and procedures.

The lack of a strategic approach to Consumerization creates security risks, financial exposure and a management nightmare for IT. Rather than resist it, organizations should embrace Consumerization to unlock its business potential. This requires a strategic approach, flexible policies and appropriate security and management tools.

Consumerization and BYOD are disruptive and inevitable. But many IT leaders are slow to realize it. Like dinosaurs of a previous IT era, they are headed for extinction.

[BIO] As Vice President of Mobile Security at Trend Micro, Cesare Garlati serves as the evangelist for the enterprise mobility product line. Cesare is responsible for raising awareness of Trend Micro’s vision for security solutions in an increasingly consumerized IT world, as well as ensuring that customer insights are incorporated into Trend solutions. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro and WaveMarket. Prior to this, he was senior manager of product development at Oracle, where he led the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite. Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, Le Figaro, El Pais, Il Sole 24 Ore, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered presentations and highlighted speeches at many events, including the Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications and the RSA Conference. Cesare holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun. Cesare is the chair of the Consumerization Advisory Board at Trend Micro and co-chair of the CSA Mobile Working Group - Cloud Security Alliance. [AWARDS] *** Nominated “Top 10 Consumerization Thought Leaders” 2011 http://blog.matrix42.com/content/top-10-consumerization-thought-leaders-part-two Cesare Garlati – Cesare’s daily duties as Senior Director of Consumerization at Trend Micro might have been enough to get him on this list, but his blog leaves no doubt. At BringYourOwnIT.com, Cesare writes about consumerization and everything else that’s causing disruption in IT. In a SC Magazine article earlier this year, Cesare suggested organizations approach consumerization in a tactical way: “(Embracing CoIT) is the optimal approach. Create a plan that spans the whole organization; say yes for some but not for everyone by determining a group of users and figure out what technology is allowed; and figure out what tools are needed and put the right infrastructure in place.” BLOG: http://BringYourOwnIT.com TWITTER: http://twitter.com/CesareGarlati

SPEAKING ENGAGEMENTS:

  • RSA Conference Europe 2012

October 9-11, 2012 – London, UK "Smartphone Security Winners & Losers"

  • Mobile 2.0 Conference

September 11, 2012 – San Francisco, CA “Mobile Enterprise/Consumerizaton of IT”

  • RSA Conference China 2012

August 28-29, 2012 - Chengdu, CN "Smartphone Security Winners & Losers"

  • DIRECTION EXPO 2012

August 7-8, 2012 - Tokyo, JP "Mobile Security"

  • European Association for e-Identity and Security

July 5, 2012 – Slough, UK “Securing Mobile Devices”

  • IET - Mobile Security Summit June 20, 2012 - London, UK "Security for Mobile Devices”
  • Ingram Micro Cloud Summit

June 4, 2012 – Phoenix, AZ

"How secure is your smartphone?"

  • BCS - The Chartered Institute for IT May 16, 2012 - London, UK

"Consumer Mobile Technology in the Enterprise: A leap of faith?"

  • Mobile Convention Amsterdam

May 8, 2012 – Amsterdam, NL

"Consumer Mobile Technology in the Enterprise"

  • Tablet Strategy Conference April 27, 2012 – New York, NY "Secrets of a good corporate app"
  • ISSA/AIPSI - Associazione Italiana Professionisti Sicurezza Informatica

April 5, 2012 - Milano, Italy

"Roundtable: Consumerization, Millenials and Mobile"

  • Information Assurance Advisory Council

March 13, 2012 - London, UK

"Education and training in security awareness"

  • Mobile World Congress 2012

February 27 - March 1, 2012 - Barcelona, Spain

Mobile Security Forum “Consumer Mobile Technology in the Enterprise: A Leap of Faith?”

  • IDC Enterprise mobileNext Forum, November 30 – December 1 2011, San Francisco, USA Mobility Management & Security - A Customer Panel
  • CTIA Enterprise Mobility Boot Camp, October 10 - 13, 2011, San Diego, USA "Consumerization Report 2011"
  • Gartner Security & Risk Management Summit 2011, September 19–20, London UK “Embrace Consumerization. Unlock Opportunity”
  • Channel Link 2011, September 14-16, Los Angeles USA “Embrace Consumerization. Unlock Opportunity”
  • IDC CIO Summit 2011, July 28-29, Singapore

“The Consumerization of IT: Embrace Consumerization, Unlock Opportunity”

  • Mobile Computing Summit 2011, June 28-30, San Francisco USA “Mobile Landscape Security Risks and Opportunities”
  • Gartner Security & Risk Management Summit 2011, June 20–23, Washington DC USA “Virtualization, Consumerization, Security Three Worlds Collide?”

VIDEOS/PODCASTS - http://www.youtube.com/user/BringYourOwnIT

  • RSA Conference 2012 - Podcast
  • Mobile Convention Amsterdam 2012
  • Mobile World Congress 2012 - Mobile Security Forum
  • Consumerization and BYOD - What are the Security Risks?
  • BYOD and Mobile Security: Remote working during the Olympics
  • Video interview at CITE 2012 - Consumerization of IT in the enterprise
  • Video interview at Mobile Word Congress 2012 - Barcelona
  • Financial Times Podcast - The downsides of bringing your own device to work
  • Consumerization 101: How to bypass the iPad password in 5 seconds
  • Embracing Consumerization in the Enterprise
  • The Consumerization of IT – Trailer. Full video available upon request

QUOTES: “Mobile security fact: Android is the #1 mobile platform in the world. It is also the most vulnerable to attack - and in fact the most exploited.” “Contrary to common perception, Apple mobile devices are not immune to security flaws. And in fact less secure than Android if users “jail break” their devices - a jailbroken iPhone is not a secure phone.” “[Mobile] Consumer technology is sexy, convenient and easy to use. When it comes to security and data protection however, consumer technology still has a long way to go.” "[There is a] total lack of education out there, especially in the consumer sector. The consumers need to be told that there is a real and serious threat in terms of security on your mobile phone and it's an economical threat." “No matter what type of smartphone you own, you are in danger. Every single platform is exposed to this, no platform is immune. Some are safer than others, but none are immune.” “The [security] problem [with mobile devices] is not with the phone itself breaking or being stolen, but with the data on the phone getting into the wrong hands - including bank details and passwords. By exposing your personal information, you are exposing yourself, your financial situation and your family situation.” “[BYOD Bring Your Own Device] Besides preserving data security and managing a myriad of personal devices, companies must also consider a new set of legal and ethical issues that may arise when employees are using their own devices for work.” “[BYOD Bring Your Own Device] Many employees don’t understand the implications of using their personal devices for work. Many companies don’t understand that they are in fact liable for the consequences.” “Consumerization and Cloud are in fact two faces of the same coin: the epochal change of the role of corporate IT - from technology provider to technology broker. “Consumerization, BYOD and Cloud are disruptive and inevitable. But many IT leaders are slow to realize it. Like dinosaurs of a previous IT era, they are headed for extinction.”

“The lack of a strategic approach to Consumerization creates security risks, financial exposure and a management nightmare for IT.”

“Rather than resist it, organizations should embrace Consumerization to unlock its business potential. This requires a strategic approach, flexible policies and appropriate security and management tools.”

“My advice for organizations facing an increasingly consumerized IT world is to realize that Consumerization is happening and they can’t stop it - and in fact they shouldn’t. I strongly recommend our customers to embrace Consumerization to unlock its business potential.

“Embrace [Consumerization] is the optimal approach. Create a plan that spans the whole organization; say yes for some but not for everyone by determining a group of users and figure out what technology is allowed; and figure out what tools are needed and put the right infrastructure in place.”

"Companies that are questioning whether or not to allow workers to bring personal devices into the workplace should just stop asking: It's clear that you can get a competitive edge when you put the right precautions in place. The BYOD phenomenon gives companies that allow it a competitive advantage as it enhances innovation and creativity in the workplace while reducing overall costs for the entire organization. The key to not being overwhelmed by this trend is that all these devices need to be secured by implementing the proper BYOD policies and procedures."

PRESS TALKING POINTS / CONTROVERSIAL STATEMENTS:

The dark side of BYOD: privacy, personal data loss and other bad things. Many employees don’t understand the implications of using their personal devices for work. Many companies don’t understand that they are in fact liable for the consequences. The things you always wanted to know about BYOD but were too afraid to ask.

How secure is your smartphone? Mobile Security facts: Android is the #1 mobile platform in the world. It is also the most vulnerable to attack and in fact the most exploited. Contrary to common perception, Apple mobile devices are not immune to security flaws. And in fact less secure than Android if users “jail break” their devices - to escape Apple’s suffocating control.

Consumerization is happening to corporate IT, rather than being driven by corporate IT. The business and the employees are dictating the IT agenda. Consumerization is therefore inevitable, but many IT leaders are slow to embrace it. Like dinosaurs of a previous IT era, they are headed for extinction.

Share this content on your favorite social network today!