The developing trend of people using their own computers, phones, social networks or smart devices and applications for work offers benefits, but also brings risks. That’s the message from the European Network and Information Security Agency (ENISA) in its latest report, Consumerisation of IT: Top Risks and Opportunities.
Mobility and networked knowledge are two key factors shaping the future of professional life. These factors, combined with the consumerisation of all kinds of IT components, make it imperative to consider the role of private IT in corporate IT strategies. The ENISA report acknowledges that the BYOD option can bring a wide range of potential benefits. Among the opportunities presented by this consumerisation of IT are said to be:
- employer and staff flexibility on hours and work locations
- savings through lower infrastructure costs
- increased productivity and staff satisfaction through developing their own skills
- lower infrastructure costs from moving to flexible IT solutions, such as cloud computing
But with the potential benefits come risks, which must be foreseen, with proper policies and mitigation strategies. Among the top risks are identified in the report are:
- confidential information being lost, stolen or made public, whether through poor IT security on personal devices, or through the theft of mobile devices or computers
- potential issues over data ownership, unauthorised sharing, and legal governance over devices, programs and content
- increased opportunities for cyber-criminals to target corporate data
Overall, ENISA identifies three main areas of risk, relating to: cost, legal and regulatory issues, and data confidentiality/integrity/availability. Potential benefits fall into the areas of finance, human resources, operational opportunities and data management.
Commenting on the report, ENISA’s Executive Director, Professor Udo Helmbrecht, said: ‘In today’s workplace, mobility and consumerisation of IT is often a great opportunity for staff and employers to reap the benefits offered by modern IT: increased flexibly and potential reduction of costs. Some of the security risks involved are relatively classic, such as failing to ensure that devices and applications are secure, and sharing information inappropriately. Others, such as legal questions, are more complex, but if properly addressed, will allow for more effective working regimes and tools.’
The full report is available here.